CN113489739A - Service stability method and device for resisting DDoS attack based on CDN - Google Patents
Service stability method and device for resisting DDoS attack based on CDN Download PDFInfo
- Publication number
- CN113489739A CN113489739A CN202110805639.7A CN202110805639A CN113489739A CN 113489739 A CN113489739 A CN 113489739A CN 202110805639 A CN202110805639 A CN 202110805639A CN 113489739 A CN113489739 A CN 113489739A
- Authority
- CN
- China
- Prior art keywords
- domain name
- address
- cdn
- request
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000012544 monitoring process Methods 0.000 claims abstract description 28
- 230000015556 catabolic process Effects 0.000 claims description 7
- 238000006731 degradation reaction Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 6
- 230000000593 degrading effect Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 4
- 230000004044 response Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
- H04L61/3015—Name registration, generation or assignment
- H04L61/3025—Domain name generation or assignment
Abstract
The invention provides a service stability method and a device for resisting DDoS attack based on a CDN, which relate to the technical field of network security and comprise the following steps: firstly, sending a configuration request to a CDN interface based on the information of the failure of the current service request, then sending the configuration request to a Nginx server through the CDN interface, and requesting a configuration domain name strategy from a service monitoring alarm system; configuring a domain name policy to include a plurality of backup addresses; if the address of the current service request meets the configuration domain name strategy, switching the address of the current service request to a standby address; and re-sending the current service request based on the standby address to complete the service flow of the current service request. The method solves the technical problems that the service is unavailable and the service stability is influenced due to DDoS attack in the prior art, and achieves the effect of improving the attack resistance and the availability of the service.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a service stability method and device for resisting DDoS attack based on a CDN.
Background
Distributed Denial of Service (DDoS) attacks are Distributed and coordinated large-scale attacks, and the expressions of the DDoS attacks are mainly two, one is a traffic attack and mainly aims at network bandwidth attacks, namely, a large number of attack packets cause network bandwidth to be blocked, and legal network packets are submerged by false attack packets and cannot reach a host; the other is a resource exhaustion attack, which is mainly an attack against a server host, that is, a large number of attack packets cause the memory of the host to be exhausted or a CPU to be occupied by a kernel and an application program, so that network service cannot be provided. In any form of attack, the service stability of the service system is greatly affected.
At present, various defense technologies and related devices are available for DDoS attacks, and the DDoS attacks are resisted in a form of providing service refusal, but the DDoS attacks which cannot be successfully resisted still cause damage to a network, so that services are unavailable, service stability is affected, and great loss is caused.
Disclosure of Invention
The invention aims to provide a service stability method and a device for resisting DDoS attack based on a CDN (content delivery network) so as to relieve the technical problems of unavailable service and influence on service stability caused by DDoS attack in the prior art.
In order to achieve the above purpose, the embodiment of the present invention adopts the following technical solutions:
in a first aspect, an embodiment of the present invention provides a service stability method for resisting DDoS attack based on a CDN, where the method includes: sending a configuration request to a CDN interface based on the information of the current service request failure; sending the configuration request to an Nginx server through the CDN interface, and requesting a service monitoring alarm system to configure a domain name strategy; the configuration domain name policy comprises a plurality of standby addresses; if the address of the current service request meets the configured domain name policy, switching the address of the current service request to the standby address; and re-sending the current service request based on the standby address so as to complete the service flow of the current service request.
In some possible embodiments, the configuring the domain name policy includes: configuring a domain name degradation strategy and a domain name switching strategy; if the address of the current service request meets the configured domain name policy, the step of switching the address of the current service request to the standby address comprises: and if the address of the current service request meets the configured domain name switching strategy, switching the address of the current service request to the standby address.
In some possible embodiments, the method further comprises: and if the current service request retransmitted based on the standby address is a request failure and the address of the current service request meets the configured domain name degradation strategy, degrading the address of the current service request to the standby address and executing a service process of a service corresponding to the standby address.
In some possible embodiments, the step of sending the configuration request to an Nginx server through the CDN interface and requesting a service monitoring alarm system to configure a domain name policy includes: sending a configuration request to an Nginx server through the CDN interface; and the Nginx server requests a service monitoring alarm system to configure the domain name strategy through a configuration domain name strategy interface.
In some possible embodiments, after the step of sending the configuration request to an Nginx server through the CDN interface and requesting a service monitoring and warning system to configure a domain name policy, the method further includes: the service monitoring and alarming system sends the configured domain name strategy to the Nginx server through the configured domain name strategy interface; the Nginx server forwards the configuration domain name strategy to the CDN interface; and the CDN interface receives the configuration domain name strategy and judges whether the address of the current service request meets the configuration domain name strategy or not.
In some possible embodiments, after the step of sending the configuration request to an Nginx server through the CDN interface and requesting a service monitoring and warning system to configure a domain name policy, the method further includes: the service monitoring alarm system sends a configuration domain name policy file to the Nginx server; the Nginx server forwards the configuration domain name policy file to the CDN interface; and the CDN interface receives the configuration domain name strategy file and judges whether the address of the current service request meets the configuration domain name strategy.
In some possible embodiments, the method further comprises: and if the address of the current service request does not meet the configured domain name strategy, returning the current service request to the service flow with failed request.
In a second aspect, an embodiment of the present invention provides a service stability device for resisting DDoS attack based on a CDN, where the device includes: the sending module is used for sending a configuration request to the CDN interface based on the information of the current service request failure; the request module is used for sending the configuration request to an Nginx server through the CDN interface and requesting a service monitoring alarm system for configuring a domain name strategy; the configuration domain name policy comprises a plurality of standby addresses; a switching module, configured to switch the address of the current service request to the standby address if the address of the current service request meets the configured domain name policy; and the execution module is used for resending the current service request based on the standby address so as to complete the service flow of the current service request.
In a third aspect, an embodiment of the present invention provides an electronic device, including a memory and a processor, where the memory stores a computer program operable on the processor, and the processor implements the steps of the method according to any one of the first aspect when executing the computer program.
In a fourth aspect, embodiments of the present invention provide a computer-readable storage medium storing machine executable instructions that, when invoked and executed by a processor, cause the processor to perform the method of any of the first aspects.
The invention provides a service stability method and a device for resisting DDoS attack based on a CDN, wherein the method comprises the following steps: firstly, sending a configuration request to a CDN interface based on the information of the failure of the current service request, then sending the configuration request to a Nginx server through the CDN interface, and requesting a configuration domain name strategy from a service monitoring alarm system; configuring a domain name policy to include a plurality of backup addresses; if the address of the current service request meets the configuration domain name strategy, switching the address of the current service request to a standby address; and re-sending the current service request based on the standby address to complete the service flow of the current service request. The method combines the large flow access resistance of the CDN, performs domain name switching or degradation on the service under the condition of DDoS attack, so as to relieve the technical problems of unavailable service and influence on service stability caused by DDoS attack in the prior art, and realize the effect of improving the attack resistance and usability of the service.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic flow diagram of a service stability method for resisting DDoS attack based on a CDN according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a service stability system for resisting DDoS attack based on a CDN according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a service stability device for resisting DDoS attack based on a CDN according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A Content Delivery Network (CDN) is an intelligent virtual Network constructed on the basis of an existing Network, and users can obtain required Content nearby by means of functional modules of load balancing, Content Delivery, scheduling and the like of a central platform by means of edge servers deployed in various places, so that Network congestion is reduced, and the access response speed and hit rate of the users are increased. The CDN can redirect the request of the user to the service node closest to the user in real time according to the network flow, the connection and load condition of each node, the distance to the user, the response time and other comprehensive information, and aims to select the node relatively close to the user to send the content required by the user to the user, relieve the condition of network congestion and improve the response speed of a website.
Because a WEB service system is easily attacked by DDoS, at present, a variety of defense technologies and related devices are available for DDoS attacks, and DDoS attacks are resisted in a form of refusing to provide services, but the DDoS attacks which cannot be successfully resisted still cause damage to the network, so that services are unavailable, service stability is affected, and great loss is caused.
Based on this, the embodiment of the present invention provides a service stability method and device for resisting DDoS attack based on a CDN, so as to alleviate technical problems in the prior art that a service is unavailable and service stability is affected due to DDoS attack.
To facilitate understanding of the present embodiment, first, a detailed description is given to a service stability method for resisting DDoS attack based on a CDN disclosed in the present embodiment, referring to a flow diagram of the service stability method for resisting DDoS attack based on a CDN shown in fig. 1, where the method may be applied to a system shown in fig. 2.
Typically, a successful service request response includes: firstly, a server receives a service request sent by a client; if the request is successful, the server returns response content to the client; and then the client enters a corresponding business process based on the response content. The service request may be any HTTP service request, for example: acquire resources, delete resources, submit data, and so on.
If the system encounters DDoS attack, the request will fail, and the server will not return response content to the client, but the client directly enters a corresponding service flow based on the result of the request failure, that is, the service is unavailable due to DDoS attack, and the service stability is affected.
The case of request failure may include the following cases: request timeout (i.e., no response results returned within a specified time), returned data error, no data returned. Any of the above cases may cause the service logic to be unable to continue, so a new domain name may be searched for by the CDN.
The embodiment of the application provides a service stability method for resisting DDoS attack based on a CDN, which mainly comprises the following steps from S110 to S140:
s110: sending a configuration request to a CDN interface based on the information of the current service request failure;
s120: sending a configuration request to an Nginx server through a CDN interface, and requesting a service monitoring alarm system to configure a domain name strategy; configuring a domain name policy to include a plurality of backup addresses;
among them, nginx (engine x) is a high-performance HTTP and reverse proxy web server.
S130: if the address of the current service request meets the configuration domain name strategy, switching the address of the current service request to a standby address;
s140: and re-sending the current service request based on the standby address to complete the service flow of the current service request.
In one embodiment, the step S120 includes:
step (1): sending a configuration request to an Nginx server through a CDN interface;
step (2): and the Nginx server requests the service monitoring and alarming system to configure the domain name strategy through a configuration domain name strategy interface.
The configured domain name policy may be an interface, and the service monitoring and alarming system may be a system on the client for monitoring a request failure condition of the current domain name, and may generally be implemented by monitoring a service log.
When the domain name policy is configured as an interface, the interface can be updated through the service monitoring alarm system, so that the configured domain name policy is updated; the configured domain name policy can also be a response file configured in advance by the service monitoring and alarming system.
As a specific example, the method may further include: firstly, a service monitoring alarm system sends a configuration domain name strategy to an Nginx server through a configuration domain name strategy interface; then the Nginx server forwards the configured domain name strategy to a CDN interface; and then the CDN interface receives the configuration domain name strategy and judges whether the address of the current service request meets the configuration domain name strategy or not.
Or, as a specific example, the method may further include: firstly, a service monitoring alarm system sends a configuration domain name strategy file to an Nginx server; then the Nginx server forwards the configuration domain name policy file to a CDN interface; and then the CDN interface receives the configuration domain name strategy file and judges whether the address of the current service request meets the configuration domain name strategy.
If the address of the current service request meets the configured domain name policy, continuing to execute the step S130; and if the address of the current service request does not meet the configuration domain name strategy, returning the current service request to the service flow with failed request.
The configuring the domain name policy may include: configuring a domain name downgrading strategy and configuring a domain name switching strategy. In one embodiment, the step S130 includes:
step (1): and if the address of the current service request meets the configured domain name switching strategy, switching the address of the current service request to the standby address.
Step (2): and if the current service request retransmitted based on the standby address is a request failure and the address of the current service request meets the configured domain name degradation strategy, degrading the address of the current service request to the standby address and executing a service process of a service corresponding to the standby address.
That is to say, when the current service request fails, the domain name switching configuration may be received when requesting the CDN interface, and then a request may be re-requested from the server to switch to another standby domain name, and still a response result may be obtained. If the above-mentioned re-request still fails, or the address of the current service request does not meet the configured domain name switching policy, then the local policy can be executed, and a null or degraded response is directly returned, thereby ensuring that the service flow is not blocked.
According to the service stability method for resisting DDoS attack based on the CDN, the large-flow access resisting characteristic of the CDN is combined through active service degradation and domain name switching, and the service is actively degraded or domain name switched under the condition of DDoS attack, so that the DDoS attack is bypassed, the capability of actively resisting the DDoS attack is improved, the usability of the service under the condition of being attacked is improved, and the stability of the service is integrally improved. The method can effectively reduce the unavailable time of the service under the DDoS attack condition, improve the user experience and obviously improve the attack resistance and the availability of the service.
An embodiment of the present invention provides a service stability device for resisting DDoS attack based on a CDN, and referring to fig. 3, the device includes:
a sending module 310, configured to send a configuration request to the CDN interface based on information that the current service request fails;
the request module 320 is configured to send a configuration request to the Nginx server through the CDN interface, and request the service monitoring and warning system to configure a domain name policy; configuring a domain name policy to include a plurality of backup addresses;
a switching module 330, configured to switch the address of the current service request to a standby address if the address of the current service request meets the configured domain name policy;
and the executing module 340 is configured to resend the current service request based on the backup address, so as to complete the service flow of the current service request.
The service stability device for resisting DDoS attack based on the CDN provided in the embodiment of the present application may be specific hardware on a device or software or firmware installed on the device. The device provided by the embodiment of the present application has the same implementation principle and technical effect as the foregoing method embodiments, and for the sake of brief description, reference may be made to the corresponding contents in the foregoing method embodiments where no part of the device embodiments is mentioned. It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the foregoing systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. The service stability device for resisting DDoS attack based on the CDN provided by the embodiment of the present application has the same technical features as the service stability method for resisting DDoS attack based on the CDN provided by the above embodiment, so that the same technical problem can be solved, and the same technical effect can be achieved.
The embodiment of the application further provides an electronic device, and specifically, the electronic device comprises a processor and a storage device; the storage means has stored thereon a computer program which, when executed by the processor, performs the method of any of the above described embodiments.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application, where the electronic device 400 includes: a processor 40, a memory 41, a bus 42 and a communication interface 43, wherein the processor 40, the communication interface 43 and the memory 41 are connected through the bus 42; the processor 40 is arranged to execute executable modules, such as computer programs, stored in the memory 41.
The Memory 41 may include a high-speed Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 43 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, etc. may be used.
The bus 42 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 4, but that does not indicate only one bus or one type of bus.
The memory 41 is used for storing a program, the processor 40 executes the program after receiving an execution instruction, and the method executed by the apparatus defined by the flow process disclosed in any of the foregoing embodiments of the present invention may be applied to the processor 40, or implemented by the processor 40.
The processor 40 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 40. The Processor 40 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA), or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory 41, and the processor 40 reads the information in the memory 41 and completes the steps of the method in combination with the hardware thereof.
Corresponding to the method, the embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores machine executable instructions, and when the computer executable instructions are called and executed by a processor, the computer executable instructions cause the processor to execute the steps of the method.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments provided in the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, an electronic device, or a network device) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It should be noted that: like reference numbers and letters indicate like items in the figures, and thus once an item is defined in a figure, it need not be further defined or explained in subsequent figures, and moreover, the terms "first," "second," "third," etc. are used merely to distinguish one description from another and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A service stability method for resisting DDoS attack based on CDN is characterized by comprising the following steps:
sending a configuration request to a CDN interface based on the information of the current service request failure;
sending the configuration request to an Nginx server through the CDN interface, and requesting a service monitoring alarm system for configuring a domain name strategy; the configuration domain name policy comprises a plurality of standby addresses;
if the address of the current service request meets the configured domain name policy, switching the address of the current service request to the standby address;
and re-sending the current service request based on the standby address so as to complete the service flow of the current service request.
2. The CDN-based service stability method against DDoS attacks as recited in claim 1, wherein said configuring domain name policy comprises: configuring a domain name degradation strategy and a domain name switching strategy;
if the address of the current service request meets the configured domain name policy, the step of switching the address of the current service request to the standby address comprises:
and if the address of the current service request meets the configured domain name switching strategy, switching the address of the current service request to the standby address.
3. The CDN-based DDoS attack resistant traffic stability method of claim 2, wherein the method further comprises:
and if the current service request retransmitted based on the standby address is a request failure and the address of the current service request meets the configured domain name degradation strategy, degrading the address of the current service request to the standby address and executing a service process of a service corresponding to the standby address.
4. The CDN-based service stability method against DDoS attacks according to claim 1, wherein the step of sending the configuration request to a Nginx server through the CDN interface and requesting a service monitoring alarm system for configuring a domain name policy comprises:
sending a configuration request to a Nginx server through the CDN interface;
and the Nginx server requests a service monitoring alarm system to configure a domain name strategy through a configuration domain name strategy interface.
5. The CDN-based service stability method against DDoS attacks according to claim 4, wherein after the step of sending the configuration request to a Nginx server through the CDN interface and requesting a configuration domain name policy to a service monitoring alarm system, further comprising:
the service monitoring and alarming system sends the configured domain name strategy to the Nginx server through the configured domain name strategy interface;
the Nginx server forwards the configuration domain name policy to the CDN interface;
and the CDN interface receives the configuration domain name strategy and judges whether the address of the current service request meets the configuration domain name strategy or not.
6. The CDN-based DDoS attack resistant service stability method of claim 1, wherein after the step of sending the configuration request to an Nginx server through the CDN interface and requesting a configuration domain name policy from a service monitoring alarm system, the method further comprises:
the service monitoring alarm system sends a configuration domain name policy file to the Nginx server;
the Nginx server forwards the configuration domain name policy file to the CDN interface;
and the CDN interface receives the configuration domain name strategy file and judges whether the address of the current service request meets the configuration domain name strategy.
7. The CDN-based service stability method against DDoS attacks as recited in claim 1, further comprising:
and if the address of the current service request does not meet the configured domain name strategy, returning the current service request to the service flow with failed request.
8. A service stability device for resisting DDoS attack based on CDN is characterized by comprising:
the sending module is used for sending a configuration request to the CDN interface based on the information of the current service request failure;
the request module is used for sending the configuration request to an Nginx server through the CDN interface and requesting a service monitoring alarm system for configuring a domain name strategy; the configuration domain name policy comprises a plurality of standby addresses;
a switching module, configured to switch the address of the current service request to the standby address if the address of the current service request meets the configured domain name policy;
and the execution module is used for resending the current service request based on the standby address so as to complete the service flow of the current service request.
9. An electronic device comprising a memory and a processor, wherein the memory stores a computer program operable on the processor, and wherein the processor implements the steps of the method of any of claims 1 to 7 when executing the computer program.
10. A computer readable storage medium having stored thereon machine executable instructions which, when invoked and executed by a processor, cause the processor to execute the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110805639.7A CN113489739B (en) | 2021-07-16 | 2021-07-16 | CDN-based service stability method and device for resisting DDoS attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110805639.7A CN113489739B (en) | 2021-07-16 | 2021-07-16 | CDN-based service stability method and device for resisting DDoS attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113489739A true CN113489739A (en) | 2021-10-08 |
| CN113489739B CN113489739B (en) | 2024-03-08 |
Family
ID=77939836
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110805639.7A Active CN113489739B (en) | 2021-07-16 | 2021-07-16 | CDN-based service stability method and device for resisting DDoS attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113489739B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023924A (en) * | 2012-12-31 | 2013-04-03 | 网宿科技股份有限公司 | Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform |
| US20170155678A1 (en) * | 2015-12-01 | 2017-06-01 | Fastly, Inc. | Attack mitigation in content delivery networks using stenographic network addressing |
| CN107294922A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of network address dispatching method and device for tackling network attack |
| WO2018112759A1 (en) * | 2016-12-20 | 2018-06-28 | 华为技术有限公司 | Resource access method, apparatus and system |
| CN109951426A (en) * | 2017-12-21 | 2019-06-28 | 阿里巴巴集团控股有限公司 | Abnormal domain name determines method, abnormal flow processing method, apparatus and system |
| CN110166526A (en) * | 2019-04-15 | 2019-08-23 | 中国平安人寿保险股份有限公司 | More CDN access management methods, device, computer equipment and storage medium |
| CN112260853A (en) * | 2020-09-17 | 2021-01-22 | 北京大米科技有限公司 | Disaster recovery switching method and device, storage medium and electronic equipment |
| CN112491869A (en) * | 2020-11-25 | 2021-03-12 | 上海七牛信息技术有限公司 | Application layer DDOS attack detection and protection method and system based on IP credit |
| CN113037716A (en) * | 2021-02-07 | 2021-06-25 | 杭州又拍云科技有限公司 | Attack defense method based on content distribution network |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110505155B (en) * | 2019-08-13 | 2023-12-08 | 北京达佳互联信息技术有限公司 | Request degradation processing method and device, electronic equipment and storage medium |
| CN111988387B (en) * | 2020-08-11 | 2023-05-30 | 北京达佳互联信息技术有限公司 | Interface request processing method, device, equipment and storage medium |
-
2021
- 2021-07-16 CN CN202110805639.7A patent/CN113489739B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023924A (en) * | 2012-12-31 | 2013-04-03 | 网宿科技股份有限公司 | Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform |
| US20170155678A1 (en) * | 2015-12-01 | 2017-06-01 | Fastly, Inc. | Attack mitigation in content delivery networks using stenographic network addressing |
| CN107294922A (en) * | 2016-03-31 | 2017-10-24 | 阿里巴巴集团控股有限公司 | A kind of network address dispatching method and device for tackling network attack |
| WO2018112759A1 (en) * | 2016-12-20 | 2018-06-28 | 华为技术有限公司 | Resource access method, apparatus and system |
| CN109951426A (en) * | 2017-12-21 | 2019-06-28 | 阿里巴巴集团控股有限公司 | Abnormal domain name determines method, abnormal flow processing method, apparatus and system |
| CN110166526A (en) * | 2019-04-15 | 2019-08-23 | 中国平安人寿保险股份有限公司 | More CDN access management methods, device, computer equipment and storage medium |
| CN112260853A (en) * | 2020-09-17 | 2021-01-22 | 北京大米科技有限公司 | Disaster recovery switching method and device, storage medium and electronic equipment |
| CN112491869A (en) * | 2020-11-25 | 2021-03-12 | 上海七牛信息技术有限公司 | Application layer DDOS attack detection and protection method and system based on IP credit |
| CN113037716A (en) * | 2021-02-07 | 2021-06-25 | 杭州又拍云科技有限公司 | Attack defense method based on content distribution network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113489739B (en) | 2024-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220217176A1 (en) | Authoritative domain name system (dns) server responding to dns requests with ip addresses selected from a larger pool of ip addresses | |
| US11405417B2 (en) | Distributed denial of service (DDoS) defense techniques for applications hosted in cloud computing platforms | |
| CN105940655B (en) | System for preventing DDos attack | |
| CN106453669B (en) | Load balancing method and server | |
| US10785257B2 (en) | Data center redundancy in a network | |
| CN111866124B (en) | Method, device, server and machine-readable storage medium for accessing webpage | |
| CN107426241B (en) | Network security protection method and device | |
| CN110636068B (en) | Method and device for identifying unknown CDN node in CC attack protection | |
| US10645183B2 (en) | Redirection of client requests to multiple endpoints | |
| CN110808967B (en) | Detection method for challenging black hole attack and related device | |
| CN113489739B (en) | CDN-based service stability method and device for resisting DDoS attack | |
| CN111786940A (en) | Data processing method and device | |
| JP3560552B2 (en) | Method and apparatus for preventing a flood attack on a server | |
| McMurry et al. | Diameter overload control requirements | |
| CN112437083A (en) | Method and system for preventing cloud resources from being attacked by network and electronic equipment | |
| CN114826688A (en) | Malicious access address identification method, device, equipment, medium and program product | |
| CN110719287A (en) | Data communication method, device, proxy server and readable storage medium | |
| CN111884942A (en) | Multicast data transmission method, device, receiving host and multicast system | |
| McMurry et al. | RFC 7068: Diameter Overload Control Requirements |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |