CN112929347B - Frequency limiting method, device, equipment and medium - Google Patents
Frequency limiting method, device, equipment and medium Download PDFInfo
- Publication number
- CN112929347B CN112929347B CN202110095326.7A CN202110095326A CN112929347B CN 112929347 B CN112929347 B CN 112929347B CN 202110095326 A CN202110095326 A CN 202110095326A CN 112929347 B CN112929347 B CN 112929347B
- Authority
- CN
- China
- Prior art keywords
- address
- source
- access
- stored
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 99
- 230000000670 limiting effect Effects 0.000 title claims abstract description 63
- 230000002085 persistent effect Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 7
- 238000004321 preservation Methods 0.000 claims 2
- 230000000694 effects Effects 0.000 abstract description 3
- 230000001550 time effect Effects 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 53
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000001680 brushing effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000002349 favourable effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000007789 sealing Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a frequency limiting method, a frequency limiting device, frequency limiting equipment and a frequency limiting medium, which are used for solving the problems of low frequency limiting timeliness and poor frequency limiting effect in the prior art. In the embodiment of the invention, after the access information sent by the client is received, whether the pre-stored blacklist contains the source IP carried by the access information is judged, if not, whether the pre-stored gray list contains the source IP address is judged, and if so, the access of the client is limited to a certain extent. In the embodiment of the invention, the access information sent based on the IP address in the gray list is limited, and the time limit of storing the IP address in the gray list is longer than the time limit of storing the IP address in the black list, so that the frequency limitation is effectively carried out on the access of the client, and the frequency limitation time effect and the frequency limitation effect are improved.
Description
Technical Field
The present invention relates to the field of network security technologies and the field of data processing technologies, and in particular, to a frequency limiting method, device, equipment, and medium.
Background
With the progress of science and technology, live broadcast is gradually popularized, users share life or achieve the purpose of profit through live broadcast, however, when live broadcast, the condition of false IP address brushing access amount exists, and this condition can cause other clients to be blocked when watching live broadcast, influence the phenomenon of normal experience, and can cause network unsafe.
In order to solve the above technical problems, the method proposed in the prior art includes: the distributed frequency limiting and local frequency limiting means that a global frequency limiting function provides statistics and frequency limiting functions, each service process reports IP address statistical information of access refusal to the global frequency limiting function at regular time, after the total frequency limiting summary statistics is carried out on the times of refusal access of source IP addresses reported by each service process, the times of refusal access of certain source IP addresses are found to exceed the limit, the source IP addresses are added into a blacklist, the blacklist has a certain time limit, and the service process is informed of directly refusing access of the source IP addresses in the blacklist.
The distributed frequency limiting has a global visual field, the service processes are distributed, the total frequency limiting gathers and counts the global times of refused access and uniformly limits the frequency, the influence on the performance of the service processes is small, the flow counting calculation is carried out by the global frequency limiting, and the service processes only need to report, so the distributed frequency limiting performance is very high. However, when a single point fault problem occurs in the global frequency limitation in the distributed frequency limitation, the IP address in the blacklist will fail after a preset time limit, so that the frequency limitation function will not work, and because the service process reports the statistical information of the IP address refused to be accessed at fixed time, when a certain IP address in the blacklist fails, if the client of the IP address revisits for a plurality of times, because the service process reports at fixed time, the IP address is not added into the blacklist before the service process reports at fixed time, however, a plurality of times of accesses are realized, so that the distributed frequency limitation has low timeliness, a certain delay exists, and a large number of illegal clients may be accessed.
The local frequency limiting is that each business process independently calculates the IP address which is refused to access and directly adopts a frequency limiting algorithm to limit the frequency in the process. Since the method does not need to report regularly but is directly extreme in the business process, if the refused times of a certain client exceeds the frequency limit, the next access of the client can be limited immediately, the availability is higher, and the local frequency limit does not need to rely on a global center service for frequency limit, thus the method is decentralised. However, the local frequency limiting lacks a global field of view, each service process can only calculate the IP address which is refused to access through the service process, the refused IP addresses of other processes can not be known, global statistics can not be performed, theoretically, the more the service processes are, the worse the frequency limiting effect is, and the service processes need to perform statistical calculation on the IP addresses which are refused to access at the same time of frequency limiting, so that the influence on the frequency limiting performance is relatively poor.
Disclosure of Invention
The invention provides a frequency limiting method, a frequency limiting device, frequency limiting equipment and a frequency limiting medium, which are used for solving the problems of low frequency limiting timeliness and poor frequency limiting effect in the prior art.
In a first aspect, an embodiment of the present invention provides a frequency limiting method, where the method includes:
receiving access information sent by a client;
judging whether a pre-stored blacklist contains a source IP address carried by the access information or not;
if not, judging whether the pre-stored gray list contains the source IP address, if so, judging whether the access of the source IP address is out of limit, and if so, refusing the access of the client, wherein the storage time limit of the gray list IP address is longer than that of the black list IP address.
In a second aspect, an embodiment of the present invention provides a frequency limiting device, including:
the receiving module is used for receiving the access information sent by the client;
the judging module is used for judging whether a pre-stored blacklist contains the source IP address carried by the access information;
and the processing module is used for judging whether the source IP address is contained in a pre-stored gray list or not if the source IP address is not contained in the black list, if so, judging whether the access of the source IP address is overrun, and if so, rejecting the access of the client, wherein the storage time limit of the gray list IP address is longer than the storage time limit of the black list IP address.
In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes at least a processor and a memory, where the processor is configured to execute the steps of any one of the frequency limiting methods described above when executing a computer program stored in the memory.
In a fourth aspect, embodiments of the present invention provide a computer readable storage medium storing a computer program which, when executed by a processor, performs the steps of any of the frequency limiting methods described above.
In the embodiment of the invention, after the access information sent by the client is received, whether the pre-stored blacklist contains the source IP carried by the access information is judged, if not, whether the pre-stored gray list contains the source IP address is judged, and if so, the access of the client is limited to a certain extent. In the embodiment of the invention, the access information sent based on the IP address in the gray list is limited, and the time limit of storing the IP address in the gray list is longer than the time limit of storing the IP address in the black list, so that the frequency limitation is effectively carried out on the access of the client, and the frequency limitation time effect and the frequency limitation effect are improved.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a frequency limiting method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a detailed implementation process of the frequency limiting method in the embodiment of the present invention when performing blacklist and gray list judgment;
fig. 3 is a schematic diagram of a detailed implementation of the frequency limiting method in an electronic device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a frequency limiting device according to an embodiment of the present invention;
fig. 5 is an electronic device provided in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application are within the scope of the protection of the present application.
In order to effectively limit the frequency of access information sent by a client, the embodiment of the invention provides a frequency limiting method, a device, equipment and a medium.
Example 1:
fig. 1 provides a schematic diagram of a frequency limiting method according to an embodiment of the present invention, where the frequency limiting method includes the following steps:
s101: and receiving the access information sent by the client.
The frequency limiting method provided by the embodiment of the invention is applied to electronic equipment, and the electronic equipment can be intelligent equipment such as a PC (personal computer) or a server.
In order to limit the frequency, in the embodiment of the invention, the determination is performed based on the access information sent by the client, and the electronic equipment receives the access information sent by the client. And in the embodiment of the invention, the electronic equipment receives the access information sent by the client through the access layer.
In addition, in the embodiment of the invention, in order to improve the frequency limiting efficiency and reduce the possibility of error sealing, after the access information sent by the client is received, the electronic equipment marks the received access information according to a preset mode, for example, the access information can be marked by an integer formed by an IP address, a target room number and the like carried by the access information, and concretely, how to mark the access information by the electronic equipment can be flexibly set in combination with an application scene, and the electronic equipment marks the received access information according to a set result. For example, when the client sends the access information to enter the live broadcast room, the access information is marked by a 64-bit integer consisting of an IP address and a target room number.
S102: and judging whether a pre-stored blacklist contains the source IP address carried by the access information, if so, executing S104, and if not, executing S103.
In order to accurately process the received access information, in the embodiment of the invention, a blacklist is pre-stored, wherein the blacklist contains an IP address, and after the access information sent by the client is received, a source IP address carried by the access information is acquired, and whether the IP address in the blacklist contains the source IP address is determined.
S103: judging whether the pre-stored gray list contains the source IP address, if so, judging whether the access of the source IP address is out of limit, and if so, refusing the access of the client, wherein the storage time limit of the gray list IP address is longer than the storage time limit of the black list IP address.
If the IP address in the blacklist does not include the source IP address, in order to further determine whether the access information needs to be limited in frequency, in the embodiment of the present invention, a gray list is further stored, where the gray list includes the IP address of the client that is limited in access, and the IP address included in the gray list and the IP address included in the blacklist may have the same IP address or may have different IP addresses, and the time limit of storing the IP address in the gray list is longer than the time limit of storing the IP address in the blacklist, where the time limit of storing the IP address in the gray list may be permanent, and specifically, the time limit of storing the IP address in the gray list is not limited herein. And because the storing time limit of the IP address of the gray list is longer than that of the IP address of the black list, the gray list can be regarded as a history collection of the black list.
And if the IP address contained in the gray list comprises the source IP address carried by the access information, judging whether the access of the source IP address exceeds the limit, and if so, needing frequency limiting processing, namely rejecting the access of the client. And if the access information does not exceed the limit, releasing, namely executing subsequent operations according to the access information. In addition, when judging whether the access of the source IP address exceeds the limit, the token bucket method can be used for judging whether the access of the source IP address exceeds the limit. That is, for the source IP address carried by the access information sent by the client, it is determined whether the access information belongs to the normal partial access, if not, the access of the client is denied. That is to say, the token bucket method is used for limiting the frequency of the access information of the client, allowing the normal part access to pass, and rejecting the access of the client if the abnormal part access. Specifically, the token bucket method is the prior art, and is not limited herein.
S104: and if the blacklist contains the source IP address, rejecting the access of the client.
In order to accurately perform frequency limiting, after the access information sent by the client is received, if the source IP address carried by the access information is contained in the blacklist, the risk that the access amount of the access information sent by the client is brushed is extremely large is indicated, the client possibly is an abnormal client, and the access of the client is refused.
In the embodiment of the invention, after the access information sent by the client is received, whether the pre-stored blacklist contains the source IP carried by the access information is judged, if not, whether the pre-stored gray list contains the source IP address is judged, and if so, the access of the client is limited to a certain extent. In the embodiment of the invention, the access information sent based on the IP address in the gray list is limited, the IP address in the gray list is the IP address with the risk of brushing the access amount, and the time limit of storing the IP address in the gray list is longer than the time limit of storing the IP address in the black list, so that the frequency limitation is effectively carried out on the access of the client, and the frequency limitation time effect and the frequency limitation effect are improved.
Example 2:
in order to accurately process the access information sent by the client, on the basis of the above embodiment, in the embodiment of the present invention, the method further includes:
if the gray list does not contain the source IP address, the target room number, the target room password and the age carried in the access information are obtained, whether the access information is normal or not is judged according to the pre-stored room number, the pre-stored room password and the pre-stored age threshold, if so, the client is allowed to access, and if not, the access of the client is refused.
When the gray list does not contain the source IP address, the source IP address can be released, in order to accurately limit the frequency, the access information sent by the client can be further verified, because the access information sent by the client is in order to enter a live room, in the embodiment of the invention, the access information sent by the client carries a target room number and a target room password to be accessed, when the gray list does not contain the source IP address, the target room number and the target room password to be accessed carried in the access information are obtained, the room number consistent with the target room number is obtained according to the pre-stored room number, the room password corresponding to the room number is obtained according to the corresponding relation between the pre-stored room number and the room password, whether the room password is consistent with the target room password carried by the access information is judged, and if not, the access of the client is refused.
In order to accurately limit the frequency, the access information sent by the client side further carries the age of the registrant, after judging that the gray list does not contain the source IP address, the age of the registrant carried in the access information is obtained, the room number consistent with the target room number is obtained according to the pre-stored room number, the age threshold corresponding to the room number is obtained according to the corresponding relation between the pre-stored room number and the age threshold, whether the age carried by the access information is smaller than the obtained age threshold is judged, and if yes, the access of the client side is refused.
And if the room password is consistent with the target room password carried by the access information and the age of the registered person carried by the access information is greater than the acquired age threshold, allowing the client to access.
Fig. 2 is a schematic diagram of a detailed implementation process of the frequency limiting method in the embodiment of the present invention when performing blacklist and gray list judgment.
S201: and receiving the access information sent by the client.
S202: and judging whether the source IP address carried by the access information is in a blacklist, if so, executing S206, and if not, executing S203.
S203: whether the source IP address is in the gray list is determined, if so, S204 is executed, and if not, S205 is executed.
S204: whether the access of the source IP address exceeds the limit is judged by the token bucket method, if yes, S206 is executed, and if no, S205 is executed.
S205: forwarded downstream.
That is, the following operations are performed, and how to perform the following operations is described in the above embodiments, which is not described herein.
S206: access to the client is denied.
Example 3:
in order to accurately implement frequency limiting, based on the above embodiments, in the embodiment of the present invention, the IP address in the blacklist is obtained by:
and counting the number of times that each target source IP address is refused to be accessed within a preset time length aiming at each target source IP address refused to be accessed, adding the target source IP address into the blacklist when the number of times is larger than a preset number threshold, and recording the time that the target source IP address is added into the blacklist.
In order to accurately realize frequency limiting, in the embodiment of the invention, a blacklist is stored, wherein all IP addresses stored in the blacklist are IP addresses for detecting the risk of having a brushing access amount, specifically, when a certain IP address frequently sends access information within a preset time length and is refused for access for a plurality of times, the IP address is indicated to have the risk, if the number of times the IP address is refused within the preset time length is greater than a preset number of times threshold, the IP address is added into the blacklist, that is to say, the access frequency of the IP address in a fixed time period is counted, and if the access frequency of the IP address exceeds the limit, the IP address is added into the blacklist, wherein the access frequency refers to the number of times the IP address is refused for access within the fixed time.
In the embodiment of the invention, the number of times that the target source IP address is refused to be accessed in a preset time period is obtained after each refused access of the target source IP address is detected, judgment is made according to the number of times and a preset time threshold, whether the number of times is larger than the preset time threshold is judged, if yes, the target source IP address is frequently accessed, the target source IP address is added into a blacklist, and because the blacklist has a certain time limit, when the target source IP address is added into the blacklist, the time of adding the target source IP address into the blacklist is saved, the preset time length can be 1 minute, can be 2 minutes or 3 minutes, and specifically, the preset time length can be flexibly set according to requirements.
In the embodiment of the invention, for each IP address in the blacklist, whether the time for which the IP address is added to the blacklist exceeds the time limit of the blacklist or not is judged, if so, the IP address is removed from the blacklist, and when the IP address is carried in the access information sent by the client, the access of the client is not directly refused based on the blacklist.
In order to accurately implement frequency limiting, based on the above embodiments, in the embodiment of the present invention, the IP address in the gray list is obtained by:
for each target source IP address refused to be accessed, judging whether the target source IP address is stored in a gray list or not when the target source IP address is added to the black list; if not, adding the target source IP address to the gray list, and recording the time when the target source IP address is added to the gray list.
Because the clients accessing based on the IP address include normal clients and abnormal clients, for example, NAT technology can enable many clients to share one IP address, in order to avoid mis-sealing, in the embodiment of the present invention, the IP address in the blacklist has an expiration time, that is, the duration of storing the IP address in the blacklist is limited, and when the IP address in the blacklist expires, that is, the duration of adding the IP address to the blacklist is greater than a set duration threshold, the IP address is no longer stored in the blacklist.
However, since the IP address is added to the blacklist and has a very high risk possibility, in order to reduce the risk, a gray list is stored in the embodiment of the present invention, where the gray list stores a set of IP addresses that have been frequency-limited once and are not currently frequency-limited directly, and if one IP address has been frequency-limited once, the IP address is unexpected to have a very high probability of being an illegal IP address, and the probability of triggering frequency limitation in the future is also high, so that the gray list is stored in the embodiment of the present invention. And when the access information carrying the access information is received, directly refusing the access of the client transmitting the access information, that is, the IP addresses stored in the gray list are all IP addresses with the risk of detecting the brushing access amount, specifically, when a certain target source IP address frequently transmits the access information within a preset time length and is refused for multiple times, indicating that the target source IP address is at risk, if the target source IP address is judged to be refused for more than the preset time length, adding the target source IP address into the black list, and because the target source IP address may be stored in the black list or may not be stored in the gray list, judging whether the target source IP address is stored in the gray list or not when the target source IP address is added into the gray list, and if the target source IP address is not stored in the gray list, adding the target source IP address into the gray list, recording the time when the target source IP address is added into the gray list.
In the embodiment of the invention, because the time limit of storing the IP address in the blacklist is relatively short, the blacklist can be regarded as a history set of the blacklist, and the IP address in the blacklist basically cannot expire or is stored for a very long time.
In order to accurately implement frequency limiting, on the basis of the above embodiments, in the embodiments of the present invention, the method further includes:
and if the target source IP address is stored in the gray list, updating the recorded time when the target source IP address is added to the gray list.
If the time limit of storing the IP address in the gray list is not permanent, that is, there is a certain time limit of storing the IP address in the gray list, so, in order to conveniently determine whether the time of storing the IP address in the gray list exceeds the time limit, in the embodiment of the present invention, if the target source IP address is stored in the gray list, the time when the target source IP address is added to the black list, that is, the time when the target source IP address is added to the black list again is obtained, and the time when the target source IP address is added to the gray list, which is stored in advance, is updated according to the time.
In order to accurately implement frequency limiting, on the basis of the above embodiments, in the embodiments of the present invention, the method further includes:
and after restarting, acquiring a blacklist stored in the persistent storage.
In the embodiment of the invention, after the route forwarding process in the electronic equipment is failed and restarted, the blacklist stored in the persistent storage can be obtained, so that the IP address in the blacklist is not lost due to restarting.
Because the route forwarding process in the electronic device may be distributed, writing the blacklist into the persistent storage is favorable for sharing and persistence, other route forwarding processes are favorable for sharing the blacklist, the route forwarding process may restart at any time and fail, and the blacklist is saved in the persistent storage and is not lost due to restarting. And aiming at the IP address in the blacklist, directly rejecting the access of the client side carrying the IP address and sending the access information in a preset time period.
Fig. 3 is a schematic diagram of a detailed implementation of the frequency limiting method in an electronic device according to an embodiment of the present invention, and fig. 3 is taken as an example for introduction.
S301: and the electronic equipment receives the access information sent by the client through the access layer. And sends it to the route forwarding process of the electronic device.
When the access information of the client is accessed, the service process is accessed through the route forwarding process.
S302: the routing forwarding process in the electronic equipment judges whether a blacklist in persistent storage in the electronic equipment contains the source IP address according to the source IP address carried by the access information of the client, if yes, the access of the client is refused, if not, whether the blacklist stored in a memory of the routing forwarding process in the electronic equipment contains the source IP address is judged, if yes, whether the access of the source IP address is overrun is judged through a token bucket method, and if yes, the access of the client is refused.
In the embodiment of the invention, since the routing forwarding process also uses the gray list to limit the frequency, even if the global traffic statistics fails and is not available, the frequency limiting effect of the new illegal IP address is only affected, and the old IP address which is limited in frequency is stored in the gray list in the memory of each routing forwarding process, namely the gray list is maintained in each routing forwarding process, so that the frequency limiting of the illegal access can be still effectively realized. And because the blacklist is stored in the persistent storage, even if the route forwarding process is sent to restart accidentally, the IP address in the blacklist is not lost, so that the frequency limiting effect is not influenced.
And because the IP addresses in the gray list can be directly frequency-limited in the route forwarding process, the process of timing reporting is omitted, and most abnormal accesses can be limited, so that the real-time performance of the embodiment of the invention is very high.
S303: if not, releasing, and sending the access information to a business process in a business layer in the electronic equipment.
S304: and judging whether the access information is normal or not by the business process in the electronic equipment according to the target room number, the target room password and the age carried in the access information and according to the pre-stored room number, the room password and the age threshold, if so, allowing access, if not, rejecting the access of the client, and reporting the source IP address carried by the access information sent by the client which is rejected to access to the route forwarding process in the electronic equipment at regular time.
Each business process counts each source IP address request and response result, wherein the request and response result refers to that the client side has abnormality in sending access information, and the client side is refused to access.
S305: the route forwarding process in the electronic device aggregates the source IP addresses which are reported by each service process in the electronic device and are refused to be accessed to the global flow statistics in the electronic device.
S306: the global flow statistics in the electronic equipment is returned to the access frequency of each source IP address in a fixed time period of the route forwarding process, namely the total flow statistics is returned to the route forwarding process in the electronic equipment, the statistics result is returned to the route forwarding process, the route forwarding process judges whether the access frequency of each source IP address exceeds the limit, namely the judgment whether the access frequency exceeds the preset frequency threshold, if so, the source IP address is added into a blacklist, the source IP address is written into the persistent storage in the electronic equipment, and the route forwarding process adds the source IP address into a blacklist and stores the source IP address into the route forwarding process at the same time of adding the source IP address into the blacklist.
Because the route forwarding process in the embodiment of the invention only needs the source IP address which is reported by each service process in the electronic equipment and is refused to be accessed, the access of the client which carries the access information of the IP address in the blacklist is refused, and the access information which carries the IP address in the gray list is limited in frequency by the token bucket method, the three items have very little influence on the performance of the route forwarding process, therefore, the route forwarding process is not easy to fail in the embodiment of the invention, the phenomenon that the route forwarding process is easy to fail in the prior art is effectively overcome, and the performance is higher.
Example 4:
fig. 4 is a schematic structural diagram of a frequency limiting device according to an embodiment of the present invention, where the device includes:
a receiving module 401, configured to receive access information sent by a client;
a judging module 402, configured to judge whether a pre-stored blacklist includes a source IP address carried by the access information;
and the processing module 403 is configured to determine whether the pre-stored gray list includes the source IP address if the black list does not include the source IP address, if yes, determine whether access of the source IP address is overrun, and if yes, reject access of the client, where a time limit for storing the gray list IP address is longer than a time limit for storing the black list IP address.
In a possible implementation manner, the processing module 403 is specifically configured to deny access to the client if the blacklist includes the source IP address.
In a possible implementation manner, the processing module 403 is specifically configured to obtain, if the gray list does not include the source IP address, a target room number, a target room password, and an age carried in the access information, determine whether the access information is normal according to a pre-stored room number, a pre-stored room password, and an age threshold, if so, allow the client to access, and if not, deny the access to the client.
In a possible implementation manner, the processing module 403 is specifically configured to count, for each target source IP address that is denied access, a number of times that the target source IP address is denied access within a preset time period, and when the number of times is greater than a preset number of times threshold, add the target source IP address to the blacklist, and record a time when the target source IP address is added to the blacklist.
In a possible implementation manner, the processing module 403 is specifically configured to determine, for each target source IP address that is denied access, whether the target source IP address is stored in the gray list when the target source IP address is added to the black list; if not, adding the target source IP address to the gray list, and recording the time when the target source IP address is added to the gray list.
In a possible implementation manner, the processing module 403 is specifically configured to update the recorded time when the target source IP address is added to the gray list if the target source IP address is stored in the gray list.
In one possible embodiment, the apparatus further comprises: and the obtaining module 404 is configured to obtain the blacklist stored in the persistent storage after restarting.
Example 5:
on the basis of the above embodiments, the embodiment of the present invention further provides an electronic device, as shown in fig. 5, including: the device comprises a processor 501, a communication interface 502, a memory 503 and a communication bus 504, wherein the processor 501, the communication interface 502 and the memory 503 are in communication with each other through the communication bus 504.
The memory 503 has stored therein a computer program which, when executed by the processor 501, causes the processor 501 to perform the steps of: firstly, receiving access information sent by a client, judging whether a pre-stored blacklist contains a source IP address carried by the received access information, if not, judging whether the pre-stored blacklist contains the source IP address, if so, judging whether the access of the source IP address exceeds a limit, and if so, rejecting the access of the client. And the IP address in the gray list is preserved for a longer time period than the IP address in the black list.
The electronic equipment provided by the embodiment of the invention can be used for executing the frequency limiting method provided by any embodiment, and has the corresponding beneficial effects.
Example 6:
on the basis of the above embodiments, the embodiments of the present invention further provide a computer readable storage medium having stored therein a computer program executable by a processor, which when run on the processor, causes the processor to perform the steps of: firstly, receiving access information sent by a client, judging whether a pre-stored blacklist contains a source IP address carried by the received access information, if not, judging whether the pre-stored blacklist contains the source IP address, if so, judging whether the access of the source IP address exceeds a limit, and if so, rejecting the access of the client. And the IP address in the gray list is preserved for a longer time period than the IP address in the black list.
The embodiment of the invention also provides a computer storage readable medium, in which a computer program executable by an electronic device is stored, and when the program runs on the electronic device, the program can be used for executing the advertisement delivery distribution method provided by any embodiment, and has corresponding functions and beneficial effects.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (8)
1. A method of limiting frequency, the method comprising:
receiving access information sent by a client;
judging whether a pre-stored blacklist contains a source IP address carried by the access information or not;
if yes, rejecting the access of the client;
if not, judging whether the pre-stored gray list contains the source IP address;
the step of judging whether the pre-stored gray list contains the source IP address comprises the following specific steps: if yes, judging whether the access of the source IP address exceeds the limit or not by a token bucket method, and if not, forwarding to the downstream;
the specific steps of judging whether the access of the source IP address exceeds the limit by the token bucket method are as follows: if yes, rejecting the access of the client, and if not, forwarding to the downstream;
wherein the preservation time limit of the gray list IP address is longer than that of the black list IP address;
if the gray list does not contain the source IP address, the target room number, the target room password and the age carried in the access information are obtained, whether the access information is normal or not is judged according to the pre-stored room number, the pre-stored room password and the pre-stored age threshold, if so, the client is allowed to access, and if not, the access of the client is refused.
2. The method of claim 1, wherein the IP addresses in the blacklist are obtained by:
and counting the number of times that each target source IP address is refused to be accessed within a preset time length aiming at each target source IP address refused to be accessed, adding the target source IP address into the blacklist when the number of times is larger than a preset number threshold, and recording the time that the target source IP address is added into the blacklist.
3. The method of claim 2, wherein the IP addresses in the gray list are obtained by:
for each target source IP address refused to be accessed, judging whether the target source IP address is stored in a gray list or not when the target source IP address is added to the black list; if not, adding the target source IP address to the gray list, and recording the time when the target source IP address is added to the gray list.
4. A method according to claim 3, characterized in that the method further comprises:
and if the target source IP address is stored in the gray list, updating the recorded time when the target source IP address is added to the gray list.
5. The method according to claim 1, wherein the method further comprises:
and after restarting, acquiring a blacklist stored in the persistent storage.
6. A frequency limiting device, the device comprising:
the receiving module is used for receiving the access information sent by the client;
the judging module is used for judging whether a pre-stored blacklist contains the source IP address carried by the access information;
the processing module is used for refusing the access of the client if the blacklist contains the source IP address; if the blacklist does not contain the source IP address, judging whether a pre-stored gray list contains the source IP address or not; the step of judging whether the pre-stored gray list contains the source IP address comprises the following specific steps: if yes, judging whether the access of the source IP address exceeds the limit or not by a token bucket method, and if not, forwarding to the downstream; the specific steps of judging whether the access of the source IP address exceeds the limit by the token bucket method are as follows: if yes, rejecting the access of the client, and if not, forwarding to the downstream; wherein the preservation time limit of the gray list IP address is longer than that of the black list IP address; if the gray list does not contain the source IP address, the target room number, the target room password and the age carried in the access information are obtained, whether the access information is normal or not is judged according to the pre-stored room number, the pre-stored room password and the pre-stored age threshold, if so, the client is allowed to access, and if not, the access of the client is refused.
7. An electronic device comprising at least a processor and a memory, the processor being adapted to perform the steps of the frequency limiting method of any of claims 1-5 when executing a computer program stored in the memory.
8. A computer-readable storage medium, characterized in that it stores a computer program which, when executed by a processor, performs the steps of the frequency limiting method according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110095326.7A CN112929347B (en) | 2021-01-25 | 2021-01-25 | Frequency limiting method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110095326.7A CN112929347B (en) | 2021-01-25 | 2021-01-25 | Frequency limiting method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112929347A CN112929347A (en) | 2021-06-08 |
| CN112929347B true CN112929347B (en) | 2023-06-27 |
Family
ID=76166189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110095326.7A Active CN112929347B (en) | 2021-01-25 | 2021-01-25 | Frequency limiting method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112929347B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395277B (en) * | 2021-06-10 | 2023-04-07 | 工银科技有限公司 | Method, device, system and medium for dynamically adjusting quasi-blacklist and blacklist |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10237875B1 (en) * | 2015-09-25 | 2019-03-19 | Amazon Technologies, Inc. | Routing-aware network limiter |
| CN111030936A (en) * | 2019-11-18 | 2020-04-17 | 腾讯云计算(北京)有限责任公司 | Current-limiting control method and device for network access and computer-readable storage medium |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170126686A1 (en) * | 2015-11-03 | 2017-05-04 | WikiEye EAD | System and Method for Managed Access to Electronic Content |
| CN105939361B (en) * | 2016-06-23 | 2019-06-07 | 杭州迪普科技股份有限公司 | Defend the method and device of CC attack |
| CN109862025B (en) * | 2019-02-28 | 2021-10-01 | 北京安护环宇科技有限公司 | Access control method, device and system based on black and white lists |
| CN109831461B (en) * | 2019-03-29 | 2021-10-26 | 新华三信息安全技术有限公司 | Distributed denial of service (DDoS) attack defense method and device |
| CN110335031A (en) * | 2019-07-11 | 2019-10-15 | 中国银行股份有限公司 | A kind of problem account information investigation method and device |
| CN110611673B (en) * | 2019-09-18 | 2021-08-31 | 赛尔网络有限公司 | IP credit calculation method, device, electronic equipment and medium |
| CN110572416A (en) * | 2019-10-15 | 2019-12-13 | 赛尔网络有限公司 | blacklist generation method and device, electronic equipment and medium |
-
2021
- 2021-01-25 CN CN202110095326.7A patent/CN112929347B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10237875B1 (en) * | 2015-09-25 | 2019-03-19 | Amazon Technologies, Inc. | Routing-aware network limiter |
| CN111030936A (en) * | 2019-11-18 | 2020-04-17 | 腾讯云计算(北京)有限责任公司 | Current-limiting control method and device for network access and computer-readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112929347A (en) | 2021-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106713049B (en) | Monitoring alarm method and device | |
| CN107634959B (en) | Protection method, device and system based on automobile | |
| US9361605B2 (en) | System and method for filtering spam messages based on user reputation | |
| CN109889550B (en) | DDoS attack determination method and device | |
| CN110071941B (en) | Network attack detection method, equipment, storage medium and computer equipment | |
| CN110166435B (en) | Mimicry Web gateway system and method for dynamic scheduling by adopting load balancing | |
| US20140325651A1 (en) | Method of defending against a spoofing attack by using a blocking server | |
| CN109495467B (en) | Method and device for updating interception rule and computer readable storage medium | |
| US20060130147A1 (en) | Method and system for detecting and stopping illegitimate communication attempts on the internet | |
| CN109657463B (en) | Method and device for defending message flooding attack | |
| CN108259426B (en) | DDoS attack detection method and device | |
| CN112016030B (en) | Message pushing method, device, server and computer storage medium | |
| CN112887105B (en) | Conference security monitoring method and device, electronic equipment and storage medium | |
| CN114268957B (en) | Abnormal business data processing method, device, server and storage medium | |
| CN112019533A (en) | Method and system for relieving DDoS attack on CDN system | |
| CN112929347B (en) | Frequency limiting method, device, equipment and medium | |
| US9351272B2 (en) | Protecting location information | |
| CN101827081A (en) | Method and system for detecting request safety | |
| CN114928452A (en) | Access request verification method, device, storage medium and server | |
| CN108092777B (en) | Method and device for supervising digital certificate | |
| CN109740328B (en) | Authority identification method and device, computer equipment and storage medium | |
| CN115811428A (en) | Defense method, system, equipment and storage medium for resisting DDoS attack | |
| CN112688970B (en) | Large-traffic DDoS attack detection method and system based on programmable chip | |
| CN113556342A (en) | DNS cache server prefix change attack protection method and device | |
| CN114221807B (en) | Access request processing method, device, monitoring equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |