CN114223177A - Access control method, device, server and computer readable medium - Google Patents

Access control method, device, server and computer readable medium Download PDF

Info

Publication number
CN114223177A
CN114223177A CN201980099241.7A CN201980099241A CN114223177A CN 114223177 A CN114223177 A CN 114223177A CN 201980099241 A CN201980099241 A CN 201980099241A CN 114223177 A CN114223177 A CN 114223177A
Authority
CN
China
Prior art keywords
access
calling terminal
server
calling
forbidding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201980099241.7A
Other languages
Chinese (zh)
Inventor
郭子亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Huantai Technology Co Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Shenzhen Huantai Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd, Shenzhen Huantai Technology Co Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Publication of CN114223177A publication Critical patent/CN114223177A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application discloses an access control method, an access control device, a server and a computer readable medium, and relates to the field of data access. The method comprises the following steps: acquiring an access request which is sent by a calling terminal and requests to access a server; if the server allows the called end to access, responding to the access request and executing the access operation of the calling end; acquiring the access times of an access request sent by a calling terminal within a preset time length, and taking the access times as the access times of the calling terminal; and setting a forbidden time period for the calling terminal according to the access times of the calling terminal, and forbidding the called terminal to access by the server in the forbidden time period, wherein the higher the access times of the calling terminal is, the longer the length of the forbidden time period is. Therefore, the server can set an access forbidding period for the calling terminal according to the access times of the calling terminal, and the access times of the calling terminal are higher, the length of the access forbidding period is larger, so that the access forbidding period is dynamically changed, the phenomenon that the current limiting mode is too single or fixed is avoided, and the flexibility of current limiting is improved.

Description

Access control method, device, server and computer readable medium Technical Field
The present application relates to the field of data access, and more particularly, to an access control method, apparatus, server, and computer readable medium.
Background
With the rapid development of the internet industry, most of the services of the external interface layer in the server are provided with a flow limiter to limit the flow exceeding the expected flow access part, so as to protect the services from the problem of huge increase of service pressure caused by external sudden flow burrs through the flow limiter.
Although the existing current limiting method can play a role in controlling service frequency and prevent the occurrence of system breakdown caused by requests exceeding service capacity, the current limiting method is too single or fixed and is not flexible enough.
Disclosure of Invention
The present application proposes an access control method, apparatus, server and computer readable medium to improve the above-mentioned drawbacks.
In a first aspect, an embodiment of the present application provides an access control method, which is applied to a server, and the method includes: acquiring an access request which is sent by a calling terminal and requests to access the server; if the server allows the calling terminal to access, responding to the access request and executing the access operation of the calling terminal; acquiring the access times of the access request sent by the calling terminal within a preset time length, and taking the access times as the access times of the calling terminal; and setting a forbidden time period for the calling terminal according to the calling terminal access times, wherein the server is forbidden to be accessed by the calling terminal in the forbidden time period, wherein the higher the calling terminal access times are, the longer the forbidden time period is.
In a second aspect, an embodiment of the present application further provides an access control apparatus, which is applied to a server, and the apparatus includes: the device comprises an acquisition unit, a response unit, a determination unit and a processing unit. And the acquisition unit is used for acquiring an access request which is sent by the calling end and requests to access the server. And the response unit is used for responding to the access request and executing the access operation of the calling terminal if the server is allowed to be accessed by the calling terminal. And the determining unit is used for acquiring the access times of the access request sent by the calling terminal within a preset time length and taking the access times as the access times of the calling terminal. And the processing unit is used for setting an access forbidding period for the calling terminal according to the access times of the calling terminal, and the server is forbidden to be accessed by the calling terminal in the access forbidding period, wherein the higher the access times of the calling terminal is, the longer the length of the access forbidding period is.
In a third aspect, an embodiment of the present application further provides a server, including: one or more processors; a memory; one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the above-described methods.
In a fourth aspect, the present application also provides a computer-readable storage medium, where the readable storage medium stores program code executable by a processor, and a plurality of instructions in the program code, when executed by the processor, cause the processor to execute the above method.
The access control method, the access control device, the server and the computer readable medium obtain the access request sent by the calling terminal, wherein the access request is a request sent when the calling terminal requests to access the server. And the server judges that if the called terminal is allowed to access, the server responds to the access request and executes the access operation of the calling terminal. The method comprises the steps of obtaining the number of times of access of an access request sent by a calling terminal within a preset time length, using the number of times of access of the calling terminal as the number of times of access of the calling terminal, setting an access forbidding period for the calling terminal according to the number of times of access of the calling terminal, and forbidding the server to be accessed by the calling terminal within the access forbidding period, wherein the higher the number of times of access of the calling terminal is, the larger the length of the access forbidding period is. Therefore, after the server affects the access request of the calling end, a forbidden time period can be set for the calling end according to the access times of the calling end, and the higher the access times of the calling end is, the longer the length of the forbidden time period is, so that the forbidden time period is dynamically changed and is related to the access times of the calling end, the condition that the current limiting mode is too single or fixed is avoided, and the flexibility of current limiting is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 illustrates an application scenario diagram of an access control method and apparatus provided in an embodiment of the present application;
FIG. 2 is a flow chart illustrating a method of an access control method according to an embodiment of the present application;
FIG. 3 is a flow chart of a method of access control according to another embodiment of the present application;
FIG. 4 is a flow chart illustrating a method of access control according to another embodiment of the present application;
FIG. 5 is a flow chart illustrating a method of access control according to yet another embodiment of the present application;
FIG. 6 is a flow chart illustrating a method of access control according to yet another embodiment of the present application;
fig. 7 shows a block diagram of an access control device according to an embodiment of the present application;
fig. 8 shows a block diagram of an access control device according to another embodiment of the present application;
FIG. 9 illustrates a block diagram of a server provided by an embodiment of the present application;
fig. 10 shows a storage unit, provided in an embodiment of the present application, for storing or carrying program codes for implementing an access control method according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
Referring to fig. 1, fig. 1 is a diagram illustrating an application scenario of an access control method and apparatus according to an embodiment of the present application. As shown in fig. 1, the electronic device 100 and the server 200 are located in a wireless network or a wired network, and the electronic device 100 and the server 200 perform data interaction.
In some embodiments, the client is installed within the electronic device 100, and may be, for example, an application installed on the electronic device 100. When a user logs in through an account at a client, all information corresponding to the account can be stored in the storage space of the server 200. The server 200 may be a single server, or a server cluster, or a local server, or a cloud server.
The electronic device 100 can access the server 200, and the electronic device 100 can be used as a calling end to request access to the server 200. In order to avoid the problem of huge increase of service pressure caused by sudden traffic burs, and to prevent malicious access of some calling terminals, most of services of an external interface layer in the server are provided with a current limiter so as to limit traffic exceeding an expected traffic access part.
However, the inventor finds in research that the current mainstream large-scale internet system flow limiting scheme mainly uses a token bucket algorithm and a leaky bucket algorithm as supports, so as to achieve the effect of smoothing the critical service request rate and avoid system service resource exhaustion and breakdown caused by too many system requests in a short time.
The existing technical scheme has the effect of limiting the current, plays a role in controlling the service frequency and prevents the system from being crashed due to the request of exceeding the service capacity. However, for some malicious calls and requests of attack services, no further identification and interception is performed, and the malicious requests often occupy valuable service resources.
Some service schemes usually identify each caller by ip or some unique device identifiers while limiting the current, then calculate and record the number of calls of each caller in a unit time range, add the caller to a blacklist when a specified threshold is exceeded, and then directly reject the request of the caller. However, this current-limiting blacking method is too rough, some normal system users can actually send a large number of non-malicious requests in a short time for some specific scenarios, such as second killing or ticket robbing services, but the frequency of the requests cannot be compared with that of malicious attacks sent by programs in tens of thousands of seconds or even higher, and if the normal user requests are directly identified as malicious requests to directly shield the users, it is obviously very unfriendly for the invoker of the services. Therefore, the current limiting mode is not reasonable enough and is single.
Therefore, in order to improve the above defect, the embodiment of the present application provides an access control method, as shown in fig. 2, which is applied to the server 200 described above, so as to reasonably set the access restriction policy. Specifically, the method comprises the following steps: s201 to S204.
S201: and acquiring an access request which is sent by a calling end and requests to access the server.
Specifically, the caller may be a client in the electronic device, and the access request may be a request for the caller to interact with the server, specifically, the access request may be a login request, a request for sending data, or a request for downloading data.
Then, as an embodiment, the access request may be that the calling end sends an access request to the server when the triggering event is detected. The trigger event may be triggered by the user operating the calling terminal, for example, clicking a certain button of the calling terminal, where the operation corresponding to the button is to download certain data in the server or submit certain data to the server, for example, an operation of submitting an order in the shopping APP, and the trigger is initiated by the user. In addition, the trigger request may be triggered by a buried point event in the calling end, specifically, multiple buried points may be set in the calling end in advance, and a preset event of each buried point calling end is set, so that the specific preset event may be non-user-triggered, for example, a timed time, specifically, the calling end determines that the trigger is a buried point at the end of the timed time, and then sends an access request to the server.
As another embodiment, the access request sent by the calling end may be sent by a program according to a certain frequency, and specifically, may be when a user triggers or a buried point triggers a certain operation, for example, a login operation. The program sends multiple access requests to the server at a certain frequency.
S202: and if the server allows the calling terminal to access, responding to the access request and executing the access operation of the calling terminal.
Specifically, the access right of the calling terminal in the server may include permission of access and non-permission of access, specifically, the access right may be set by the server for the calling terminal, and the access right of the calling terminal may be recorded in the server, for example, the access right of the calling terminal is recorded in the server, and may be recorded in the server in a manner that the identifier of the calling terminal and the access right state correspond to each other. When the server acquires the access request sent by the calling terminal, the identifier of the calling terminal corresponding to the access request can be determined, so that whether the calling terminal is in a state of being allowed to access or not can be determined, that is, whether the server is allowed to be accessed by the calling terminal or not can be determined.
As an implementation manner, an access status parameter corresponding to the identifier of the calling end may be stored in the server, and it can be determined whether the calling end is allowed to call the server according to the access status parameter, specifically, as described in the following embodiments.
And when the server determines that the called terminal is allowed to access, responding to the access request, and executing the access operation of the calling terminal.
S203: and acquiring the access times of the access request sent by the calling terminal within a preset time length to serve as the access times of the calling terminal.
The preset time length may be a time length set according to a requirement, and specifically, the starting point of the preset time length may be a time point for responding to the access request, that is, the server starts at a time when it is determined that the server is allowed to be accessed by the calling terminal and responds to the access request, and the number of the access requests sent by the calling terminal to the server in the time length of the preset time length is counted, so as to count the number of times of access of the calling terminal. Then in this embodiment access requests that are acquired within a preset length of time are not responded to.
As another embodiment, the starting time of the preset time length may be a time when an access request requesting to access the server sent by the calling end is acquired.
In another embodiment, the server may store the access count record of the calling side, and record a time point corresponding to each access starting from a time point when the server responds to the access request sent by the calling side for the first time, and store the time point in the access record corresponding to the calling side. Then, when it is determined that the server is allowed to be accessed by the calling terminal and responds to the access request, the access times within a preset time length are obtained in the access record, where the preset time length may be a preset time length before a time when the server responds to the access request in the access time record. For example, if the preset time length is 1 second, the access times of the access requests sent by the calling terminal within the preset time length may be obtained by determining the access times of the access requests sent by the calling terminal recorded in the access times record within 1 second before the end point, with the time point of responding to the access request as the end point.
S204: and setting a forbidden time period for the calling terminal according to the calling terminal access times, wherein the server is forbidden to be accessed by the calling terminal in the forbidden time period, wherein the higher the calling terminal access times are, the longer the forbidden time period is.
Specifically, the access forbidding period is a time period set by the server for the calling terminal to forbid the calling terminal from accessing the server, and in the access forbidding period, it is recorded in the server that the access right of the calling terminal is kept in a state of forbidding access, that is, the server is forbidden to be accessed by the calling terminal.
The access forbidding period is determined according to the number of access times of the calling terminal, that is, after the server responds to the access of the calling terminal, a period of access forbidding is set for the calling terminal according to the number of access times of the calling terminal counted in a preset time length, so that when an access request sent by the calling terminal is acquired later, if the time for acquiring the access request is still in the period of access forbidding, the server does not respond to the access request when judging that the server is allowed to be accessed by the calling terminal, and the acquired judgment result is that the server is forbidden to be accessed by the calling terminal, and the access operation corresponding to the access request cannot be executed.
Specifically, the higher the number of times of access of the calling terminal, the longer the length of the access prohibition period, so that the calling terminal that sends a large number of access requests in a short time by means of a program has a longer access prohibition period, and the calling terminal that has a smaller number of times of access has a shorter access prohibition period.
Referring to fig. 3, an access control method is provided in the embodiment of the present application, and as shown in fig. 3, the method is applied to the server 200 to reasonably set an access restriction policy. Specifically, the method comprises the following steps: s301 to S306.
S301: and acquiring an access request which is sent by a calling end and requests to access the server.
S302: and if the server allows the calling terminal to access, responding to the access request and executing the access operation of the calling terminal.
S303: and acquiring the access times of the access request sent by the calling terminal within a preset time length to serve as the access times of the calling terminal.
S304: and acquiring a functional relation between the preset access times and the access forbidding time length.
The method comprises the steps of presetting a functional relation between the access times and the access forbidding time length, namely, taking the access times as the input of the functional relation through the functional relation, namely, taking the access times as the independent variable in the functional relation, and taking the access forbidding time length as the output of the functional relation, namely, taking the access forbidding time length as the dependent variable in the functional relation, wherein the access times and the access forbidding time length meet the functional relation.
S305: and determining the access forbidding time length corresponding to the access times of the calling terminal according to the function relationship.
And inputting the access times of the access request sent by the calling terminal within a preset time length, namely the access times of the calling terminal into the functional relationship so as to obtain the access forbidding time length corresponding to the access times of the calling terminal.
S306: and setting an access forbidding time period for the calling terminal according to the access forbidding time length.
The access prohibition period is set according to the access prohibition time length. Specifically, the access prohibition period time starting point and the access prohibition period time ending point are set, the time length between the access prohibition period time starting point and the access prohibition period time ending point is the access prohibition time length, and the time period from the access prohibition period time starting point to the access prohibition period time ending point is the access prohibition period. The starting point of the access prohibition period time may be a time when the length of the access prohibition time is acquired.
The access forbidding period determined by the functional relationship still meets the rule that the higher the access times of the calling terminal, the longer the length of the access forbidding period. Specifically, it may be that, in the functional relationship, the larger the number of accesses is, the faster the length of the access prohibition time increases. That is, the functional relationship is an increasing function, and the output of the functional relationship increases as the number of accesses increases. As an embodiment, the functional relationship may be a non-incremental function, and as the number of accesses increases, the larger the number of accesses, the larger the increase in the length of the disable time of the functional relationship output. In particular, the functional relationship may be a power function.
Specifically, the expression y ═ xaIs called a power function. For example, the functional relationship y ═ x2、y=x -1And y ═ x1/2Are all power functions.
When a >0, the power function has the following characteristics:
(1) the curve of the function is an increasing function over [0, + ∞);
(2) the function curve necessarily passes through two points of (0,0) and (1, 1);
(3) in the first quadrant, the derivative value gradually increases (i.e., the magnitude of the increase in the y value becomes larger and larger) when a >1, the derivative value is constant when a is 1, and the derivative value gradually decreases when 0< a < 1.
Specifically, the functional relationship between the access times and the access prohibition time length is as follows:
y=(num) punish_factor
wherein num is the number of accesses, push _ factor is a constant, and push _ factor is greater than 1, y is the length of the access forbidding time.
According to the characteristics of the above power function, when an exponential constant, that is, push _ factor >1, a derivative value of the exponential constant is monotonically increased, and then an increase amplitude of the forbidden period is increasingly severe with an increase of the access times num of the preset time length, for example, in a case table where num increases at equal intervals, in the forbidden period corresponding to each num, a difference between two adjacent forbidden periods is increasingly large, taking the preset time length of 1 second as an example, the number num of requests per unit time is increased, and an increase amplitude of the time y (that is, the forbidden period) in which the penalty is not able to access the system is increasingly severe, that is, the access times are more, the penalty is stronger, that is, the duration of the prohibited access is longer. ,
therefore, by utilizing the characteristics of the power function, a scalable penalty scheme is provided to prevent precious service resources from being wasted. The penalty is greater for malicious requests with higher request frequencies, while the penalty is less or no penalty for normal sporadic high frequency user requests.
In addition, if the server is allowed to be accessed by the calling terminal, the response to the access request may be in consideration of the processing speed of the server terminal, and specifically, referring to fig. 4, an access control method is provided in the embodiment of the present application, and as shown in fig. 4, the method is applied to the server 200, so as to reasonably set the access restriction policy. Specifically, the method comprises the following steps: s401 to S405.
S401: obtaining an access request sent by a calling terminal and requesting to access the server
S402: and if the server is allowed to be accessed by the calling terminal, acquiring the processing speed of the access request of the server.
The server request processing rate is the number of access requests processed in the server unit time. Specifically, the access request processing rate may be set by actual use, and specifically, may be set according to the number of call terminals of the currently received access request of the server and the system resource of the server.
S403: and responding to the access request according to the access request processing rate, and executing the access operation of the calling terminal.
When the server obtains the access requests of the plurality of calling terminals, the access requests are temporarily stored, and the access requests are processed one by one according to the processing speed of the access requests. Specifically, the access operation of the calling terminal is executed according to the access request processing rate and the response of the leaky bucket algorithm to the access request.
The core idea of the Leaky Bucket (leak Bucket) algorithm may be that an access request is regarded as that water flow first enters a "Leaky Bucket" container (which may be regarded as an array list and the like) with a specified capacity n (usually, the number of requests allowed to be processed by a server in a unit time, that is, the processing rate of the access request), the "Leaky Bucket" container discharges water at a certain speed every 1/n (that is, a request is released), when the inflow speed of the water flow, that is, the request speed, is too high, the water flow directly overflows (the frequency of the access request exceeds the interface release rate), a request is waited or rejected, and it can be seen that the Leaky Bucket algorithm can keep a strictly smooth rate for the requests entering a system for processing.
S404: and acquiring the access times of the access request sent by the calling terminal within a preset time length to serve as the access times of the calling terminal.
S405: and setting a forbidden time period for the calling terminal according to the calling terminal access times, wherein the server is forbidden to be accessed by the calling terminal in the forbidden time period, wherein the higher the calling terminal access times are, the longer the forbidden time period is.
According to the method and the device, when the server obtains the access request sent by the calling end, if the server is allowed to be accessed by the calling end, the server responds to the access request by using a leaky bucket algorithm according to the access processing speed of the server, then, the access forbidden time period is set for the calling end according to the access times of the access request sent by the calling end within the preset time length, and specifically, the access forbidden time period is set for the calling end according to the power function and the access times.
Therefore, after the server affects the access request of the calling end, a forbidden time period can be set for the calling end according to the access times of the calling end, and the higher the access times of the calling end is, the longer the length of the forbidden time period is, so that the forbidden time period is dynamically changed and is related to the access times of the calling end, the condition that the current limiting mode is too single or fixed is avoided, and the flexibility of current limiting is improved. In particular, and utilizing the characteristics of the power function provides a scalable penalty scheme to prevent valuable service resources from being wasted. The penalty degree is larger for malicious requests with higher request frequency, the penalty degree is smaller or no penalty is given for high-frequency user requests with normal and sporadic occurrence, in addition, the access requests are responded through a leaky bucket algorithm, and the smooth speed of the server for processing the response requests is kept.
It should be noted that the method corresponding to fig. 4 is also applicable to the foregoing embodiment, and for example, reference may be made to the foregoing embodiment for other steps such as S405 in fig. 4.
In addition, an access state may also be set for the calling end at the server, and it is determined whether the calling end has the right to access the server through the access state, specifically, referring to fig. 5, an embodiment of the present application provides an access control method, as shown in fig. 5, which is applied to the server 200, so as to reasonably set the access restriction policy. Specifically, the method comprises the following steps: s501 to S508.
S501: and acquiring an access request which is sent by a calling end and requests to access the server.
S502: and acquiring the access state of the calling terminal.
In the embodiment of the present application, data corresponding to a calling end stored in a server is stored in a distributed cache corresponding to the server, and specifically, a forbidden time period, access times, an access state of the calling end, and corresponding data each applied to the access control method provided by the present application are stored in the distributed cache.
Wherein, the distributed cache is redis. The redis is an open-source key-value storage system, and provides an efficient solution for high concurrency and high availability of internet application based on high-speed access of a memory and the distributed extensible characteristic of the memory. The method is commonly used as a cache layer of distributed application, data is shared among various server instances, quick feedback is provided for client requests, the pressure of the bottom layer of an application database is relieved, and meanwhile, a rich data structure and an API provide powerful support for various application scenes.
The calling identifier of the calling end is stored in the server, and the calling identifier corresponds to the access state. Specifically, a key value is set in the redis of the server, the key value is a service name, the call identifier "call" is spliced, and the uuid is spliced (if the corresponding key value is "serviceA _ call _ uuid" in the case of the server a), the call identifier of the call end is serviceA _ call _ uuid, and the call identifier includes first information and second information, where the first information is an identifier of the server, and the second field is an identifier of the call end. The calling end initiates a service calling request, and the request carries a unique identifier of the calling end, wherein the unique identifier may be an ip or a device number of the calling end and may be called uuid.
S503: and judging whether the access state of the calling terminal is a state allowing access.
The access state includes a state allowing to be accessed and a state prohibiting to be accessed, or only one state is the state allowing to be accessed, and as long as the access state corresponding to the calling identifier is not the state allowing to be accessed, the access state corresponding to the calling identifier is determined to be the state prohibiting to be accessed. If the state is allowed to be accessed, S504 is executed, otherwise, S501 is returned to.
S504: and responding to the access request, and executing the access operation of the calling terminal.
And if the access state of the calling terminal is the state allowing access, judging that the server is allowed to be accessed by the calling terminal, responding to the access request, and executing the access operation of the calling terminal.
S505: and acquiring the access times of the access request sent by the calling terminal within a preset time length to serve as the access times of the calling terminal.
And setting a counting identifier for the calling end, wherein the counting identifier is used for storing the access times of the calling end, and the value of the counting identifier is the access times of the calling end.
Specifically, when the server acquires the access request, the access request includes an identifier of a calling end, and a count identifier is set according to the calling identifier.
As an implementation manner, the calling side initiates a service calling request, and the request carries a unique identifier of the calling side, where the unique identifier may be an ip or a device number of the calling side, and may be referred to as uuid. The server identifies the calling end, splices the times by the name of the server, and then splices the character string of the uuid as a key value. For example, server a, the corresponding key value is "serviceA _ times _ uuid".
Then, acquiring a preset time length corresponding to the calling terminal, and counting the access times of the access request sent by the calling terminal within the preset time length to serve as the access times of the calling terminal. Specifically, the preset time lengths corresponding to different calling terminals may be different, and as an implementation manner, a corresponding relationship between the calling terminal identifier and the time length may be set in the server in advance, and the time length corresponding to the calling terminal identifier is determined in the corresponding relationship and is used as the preset time length corresponding to the calling terminal.
Specifically, the server determines whether the key value exists in the distributed cache redis of the server, and then two situations exist at this time:
if the key value does not exist in the distributed cache redis of the server, the key value is set and counted, at this time, the key value is set to be an initial value 1, and a preset time length is set for the key, where the preset time length is a unit time (as mentioned in the above embodiment, may be 1 second) that the system needs to count.
If the key value exists in the distributed cache redis of the server, acquiring a preset time length preset for the key, adding 1 to the key count, and accumulating the access times within the preset time length.
The number of times of access of the access request sent by the calling terminal within the preset time length can be obtained by reading the key value.
Specifically, the access times of the access request sent by the calling terminal within the preset time length are counted by an incr method, and the counted access times are used as the access times of the calling terminal, that is, 1 is added to the key count by the incr method for calling redis.
The Redis Incr command increments the digital value stored in the key by one. If the key does not exist, the value of the key is initialized to 0 and then the INCR operation is performed. If the value contains the type of error, or the string type of value cannot be represented as a number, then an error is returned. The Incr instruction can implement a counter function.
S506: and setting a forbidden time period for the calling terminal according to the calling terminal access times, wherein the server is forbidden to be accessed by the calling terminal in the forbidden time period, wherein the higher the calling terminal access times are, the longer the forbidden time period is.
If the server allows the calling end to access, the server tries to apply for executing the access request to the current limiting component realized based on the leaky bucket algorithm, and the current limiting component judges whether the access request can be released currently according to the access request processing rate of the server set by the system. And if the application is successful, executing the access request for the corresponding calling terminal.
S507: and setting the access state of the calling terminal as a state of forbidding access when the access is forbidden.
Specifically, when the access request is successfully executed, the access state of the calling terminal is set to a state in which access is prohibited, and an access prohibition period is set for the calling terminal, so that the access state of the calling terminal is kept to be the state in which access is prohibited during the access prohibition period.
The server sets the calling identifier of the calling end to true in redis, wherein true is a state prohibited from being accessed, and when the server reads that the calling identifier is true, the server determines that the access state of the calling end is set to the state prohibited from being accessed.
S508: and when the access forbidding period is over, setting the access state of the calling terminal as a state allowing access.
In the access prohibition period, the access request sent by the calling end is not executed, because the server is continuously in the state of prohibiting being accessed in the access prohibition period, and when the access prohibition period ends, the access state of the calling end is set to the state of allowing being accessed.
As an implementation manner, it may be an access request for requesting to access the server sent by a calling side, if the key value (serviceA _ times _ uuid) does not exist in a distributed cache redis of the server, then it is determined that the obtained access request is the access request obtained for the first time, the value of the key is set to be an initial value 1, meanwhile, a preset time length is set for the key, the number of accesses within the preset time length is counted, meanwhile, it is determined whether the access state of the calling side is a state allowing access, if not, a result is returned, the method may also be stopped, that is, counting of the number of accesses to the access request sent by the calling side within the preset time length is stopped, if yes, the access request is responded according to a leaky bucket algorithm, serviceA _ call _ uuid is set to be a true in the redis, and a corresponding access-forbidden time period is set, specifically, it may be set according to the manner of the above-mentioned power function, for a specific implementation of the value num of the key "serviceA _ times _ uuid", reference may be made to the foregoing embodiments, which are not described herein again. And, during the access prohibition period, the serviceA _ call _ uuid is kept to true.
Referring to fig. 6, an access control method is provided in the embodiment of the present application, and as shown in fig. 6, the method is applied to the server 200 to reasonably set the access restriction policy. Specifically, the method comprises the following steps: s601 to S609.
S601: and acquiring an access request which is sent by a calling end and requests to access the server.
S602: and detecting whether the calling identifier of the calling terminal can be read in the distributed cache.
As an implementation manner, when the calling identifier of the calling end exists in the server, specifically, if the calling identifier of the calling end exists in the redis of the server, which indicates that the server is called by the calling end, it may be determined that the server is not called by the calling end, that is, it is determined that the server is allowed to be accessed by the calling end, when the calling identifier of the calling end is not detected, and then S605 is executed.
If the call representation of the calling terminal is detected, it is determined whether to respond to the access request according to the state of the call representation, i.e., S603 is performed.
Taking a server as a service A as an example, calling the identifier as serviceA _ call _ uuid, and if a key value exists in the redis, wherein the key value is serviceA _ call _ uuid, executing the operation of executing the access request according to the leaky bucket algorithm.
S603: and acquiring the access state of the calling terminal.
S604: and judging whether the access state of the calling terminal is a state allowing access.
S605: and responding to the access request, and executing the access operation of the calling terminal.
S606: and acquiring the access times of the access request sent by the calling terminal within a preset time length to serve as the access times of the calling terminal.
S607: and setting a forbidden time period for the calling terminal according to the calling terminal access times, wherein the server is forbidden to be accessed by the calling terminal in the forbidden time period, wherein the higher the calling terminal access times are, the longer the forbidden time period is.
S608: and setting the access state of the calling terminal as a state of forbidding access when the access is forbidden.
S609: and when the access forbidding period is over, setting the access state of the calling end to be the state allowing to be accessed or deleting the calling identifier of the calling end in the distributed cache.
Since the calling identifier of the calling end is not stored in the server when the server is accessed by the called end, the calling identifier of the calling end can be deleted in the distributed cache when the access forbidding period is over.
In addition, the manner of responding to the access request according to the access request processing rate and executing the access operation of the calling end may be combined with the above-mentioned manner of determining whether the access state of the calling end is a state allowing access, and if the access state is a state allowing access, determining that the server is allowed to be accessed by the calling end, and then responding to the access request and executing the access operation of the calling end, which may specifically refer to the foregoing embodiments and is not described herein again.
Referring to fig. 7, a block diagram of an access control apparatus 700 according to an embodiment of the present disclosure is shown, where the apparatus may include: an acquisition unit 701, a response unit 702, a determination unit 703 and a processing unit 704.
An obtaining unit 701, configured to obtain an access request for requesting to access the server, where the access request is sent by a calling end.
A responding unit 702, configured to respond to the access request and execute an access operation of the calling end if the server is allowed to be accessed by the calling end.
The determining unit 703 is configured to obtain the number of access times of the access request sent by the calling end within a preset time length, as the number of access times of the calling end.
A processing unit 704, configured to set a forbidden time period for the calling terminal according to the number of times of access of the calling terminal, where the server is forbidden to be accessed by the calling terminal in the forbidden time period, where the higher the number of times of access of the calling terminal is, the longer the length of the forbidden time period is.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described apparatuses and modules may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
Referring to fig. 8, a block diagram of an access control apparatus 800 according to an embodiment of the present disclosure is shown, where the apparatus may include: an acquisition unit 801, a response unit 802, a determination unit 803, a processing unit 804, and a setting unit 805.
An obtaining unit 801, configured to obtain an access request that is sent by a calling end and requests to access the server.
A response unit 802, configured to respond to the access request and execute an access operation of the calling end if the server is allowed to be accessed by the calling end.
Specifically, the response unit 802 is further configured to obtain an access request processing rate of the server if the server is allowed to be accessed by the calling terminal; and responding to the access request according to the access request processing rate, and executing the access operation of the calling terminal. Further, the response unit is further configured to respond to the access request according to the access request processing rate and the leaky bucket algorithm, and execute the access operation of the calling end.
In addition, the response unit 802 is further configured to obtain an access state of the calling end; judging whether the access state of the calling terminal is a state allowing access; and if the server is in the state of allowing access, judging that the server is allowed to be accessed by the calling terminal, responding to the access request, and executing the access operation of the calling terminal.
Specifically, the response unit 802 is specifically configured to detect whether a call identifier of the call end can be read in the distributed cache; if the calling identifier cannot be read, judging that the server is allowed to be accessed by the calling terminal; if the calling identifier can be read, acquiring the access state of the calling end corresponding to the calling identifier; and judging whether the access state of the calling terminal is a state allowing access.
A determining unit 803, configured to obtain the number of access times of the access request sent by the calling end within a preset time length as the number of access times of the calling end.
Specifically, the determining unit 803 is further configured to obtain a preset time length corresponding to the calling end; and counting the access times of the access request sent by the calling terminal within the preset time length to serve as the access times of the calling terminal. Specifically, the access frequency of the access request sent by the calling terminal within the preset time length is counted by an incr method to serve as the access frequency of the calling terminal.
A processing unit 804, configured to set a forbidden time period for the calling terminal according to the number of times of access of the calling terminal, where the server is forbidden to be accessed by the calling terminal in the forbidden time period, where the higher the number of times of access of the calling terminal is, the longer the length of the forbidden time period is.
Specifically, the processing unit 804 is further configured to obtain a functional relationship between a preset number of accesses and a length of the access prohibiting time; determining the access forbidding time length corresponding to the access times of the calling terminal according to the function relationship; and setting an access forbidding time period for the calling terminal according to the access forbidding time length. In the functional relationship, the larger the access times, the faster the access forbidding time length is increased. Further, the function relationship is a power function.
The functional relationship between the access times and the access forbidding time length is as follows:
y=(num) punish_factor
wherein num is the number of accesses, push _ factor is a constant, and push _ factor is greater than 1, y is the length of the access forbidding time.
A setting unit 805, configured to set an access state of the calling end as a state in which access is prohibited when the access is prohibited; and when the access forbidding period is over, setting the access state of the calling terminal as a state allowing access.
The setting unit 805 is further configured to set an access state of the calling end as a state in which access is prohibited when the access is prohibited; and when the access forbidding period is over, setting the access state of the calling end to be the state allowing to be accessed or deleting the calling identifier of the calling end in the distributed cache.
Further, the calling identifier includes first information and second information, where the first information is an identifier of the server, and the second field is an identifier of the calling end. The distributed cache is a redis storage system. The preset time length is 1 second.
In the several embodiments provided in the present application, the coupling between the modules may be electrical, mechanical or other type of coupling.
In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
Referring to fig. 9, a block diagram of a server according to an embodiment of the present application is shown. The server 200 may be an electronic device capable of running an application, such as a smart phone, a tablet computer, an electronic book, and the like. The server 200 in the present application may include one or more of the following components: a processor 110, a memory 120, and one or more applications, wherein the one or more applications may be stored in the memory 120 and configured to be executed by the one or more processors 110, the one or more programs configured to perform a method as described in the aforementioned method embodiments.
Processor 110 may include one or more processing cores. The processor 110 connects various parts within the overall server 200 using various interfaces and lines, performs various functions of the server 200 and processes data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 120, and calling data stored in the memory 120. Alternatively, the processor 110 may be implemented in hardware using at least one of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 110 may integrate one or more of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a modem, and the like. Wherein, the CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing display content; the modem is used to handle wireless communications. It is understood that the modem may not be integrated into the processor 110, but may be implemented by a communication chip.
The Memory 120 may include a Random Access Memory (RAM) or a Read-Only Memory (Read-Only Memory), where the Memory may be the above-mentioned distributed cache, i.e., redis. The memory 120 may be used to store instructions, programs, code sets, or instruction sets. The memory 120 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing various method embodiments described below, and the like. The storage data area may also store data created by the server 200 in use (such as phone books, audio and video data, chat log data), and the like.
Referring to fig. 10, a block diagram of a computer-readable storage medium according to an embodiment of the present application is shown. The computer-readable medium 800 has stored therein a program code that can be called by a processor to execute the method described in the above-described method embodiments.
The computer-readable storage medium 800 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Alternatively, the computer-readable storage medium 800 includes a non-volatile computer-readable storage medium. The computer readable storage medium 800 has storage space for program code 810 to perform any of the method steps of the method described above. The program code can be read from or written to one or more computer program products. The program code 810 may be compressed, for example, in a suitable form.
In summary, the access control method, the access control device, the server and the computer readable medium provided by the present application obtain an access request sent by a calling end, where the access request is a request sent when the calling end requests to access the server. And the server judges that if the called terminal is allowed to access, the server responds to the access request and executes the access operation of the calling terminal. The method comprises the steps of obtaining the number of times of access of an access request sent by a calling terminal within a preset time length, using the number of times of access of the calling terminal as the number of times of access of the calling terminal, setting an access forbidding period for the calling terminal according to the number of times of access of the calling terminal, and forbidding the server to be accessed by the calling terminal within the access forbidding period, wherein the higher the number of times of access of the calling terminal is, the larger the length of the access forbidding period is. Therefore, after the server affects the access request of the calling end, a forbidden time period can be set for the calling end according to the access times of the calling end, and the higher the access times of the calling end is, the longer the length of the forbidden time period is, so that the forbidden time period is dynamically changed and is related to the access times of the calling end, the condition that the current limiting mode is too single or fixed is avoided, and the flexibility of current limiting is improved.
Therefore, the embodiment of the application has the advantages that the purpose of service current limitation is achieved, meanwhile, the malicious request is identified, and a flexible penalty scheme is provided by utilizing the characteristics of the power function, so that precious service resources are prevented from being wasted. The penalty is greater for malicious requests with higher request frequency, while the penalty is less or no penalty (which can be achieved by reasonable thresholding) for high frequency users with normal contingencies.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not necessarily depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (21)

  1. An access control method applied to a server, the method comprising:
    acquiring an access request which is sent by a calling terminal and requests to access the server;
    if the server allows the calling terminal to access, responding to the access request and executing the access operation of the calling terminal;
    acquiring the access times of the access request sent by the calling terminal within a preset time length, and taking the access times as the access times of the calling terminal;
    and setting a forbidden time period for the calling terminal according to the calling terminal access times, wherein the server is forbidden to be accessed by the calling terminal in the forbidden time period, wherein the higher the calling terminal access times are, the longer the forbidden time period is.
  2. The method of claim 1, wherein setting a disable period for the caller according to the number of times the caller accesses comprises:
    acquiring a functional relation between preset access times and access forbidding time length;
    determining the access forbidding time length corresponding to the access times of the calling terminal according to the function relationship;
    and setting an access forbidding time period for the calling terminal according to the access forbidding time length.
  3. The method of claim 2, wherein the functional relationship is such that the larger the number of accesses, the faster the length of the access prohibition time increases.
  4. The method of claim 3, wherein the function relationship is a power function.
  5. The method of claim 4, wherein the functional relationship between the number of accesses and the length of the access-prohibited time is:
    y=(num) punish_factor
    wherein num is the number of accesses, push _ factor is a constant, and push _ factor is greater than 1, y is the length of the access forbidding time.
  6. The method according to any one of claims 1 to 5, wherein the performing, in response to the access request, the access operation of the calling side if the server is allowed to be accessed by the calling side includes:
    if the server is allowed to be accessed by the calling terminal, acquiring the processing rate of the access request of the server;
    and responding to the access request according to the access request processing rate, and executing the access operation of the calling terminal.
  7. The method according to claim 6, wherein the performing the access operation of the caller in response to the access request according to the access request processing rate comprises:
    and responding to the access request according to the access request processing rate and the leaky bucket algorithm, and executing the access operation of the calling terminal.
  8. The method according to any one of claims 1 to 5, wherein the performing, in response to the access request, the access operation of the calling side if the server is allowed to be accessed by the calling side includes:
    acquiring the access state of the calling terminal;
    judging whether the access state of the calling terminal is a state allowing access;
    and if the server is in the state of allowing access, judging that the server is allowed to be accessed by the calling terminal, responding to the access request, and executing the access operation of the calling terminal.
  9. The method of claim 8, wherein after setting a disable period for the caller according to the number of times the caller accesses, further comprising:
    setting the access state of the calling end as a state of forbidding access when the access is forbidden;
    and when the access forbidding period is over, setting the access state of the calling terminal as a state allowing access.
  10. The method according to claim 8, wherein the access state and the calling identifier of the calling terminal are correspondingly stored in a distributed cache of the server; the obtaining the access state of the calling terminal and judging whether the access state of the calling terminal is a state allowing access includes:
    detecting whether a calling identifier of the calling terminal can be read in the distributed cache;
    if the calling identifier cannot be read, judging that the server is allowed to be accessed by the calling terminal;
    if the calling identifier can be read, acquiring the access state of the calling end corresponding to the calling identifier;
    and judging whether the access state of the calling terminal is a state allowing access.
  11. The method of claim 10, wherein after setting a disable period for the caller according to the number of times the caller accesses, further comprising:
    setting the access state of the calling end as a state of forbidding access when the access is forbidden;
    and when the access forbidding period is over, setting the access state of the calling end to be the state allowing to be accessed or deleting the calling identifier of the calling end in the distributed cache.
  12. The method according to claim 11, wherein the calling identifier comprises first information and second information, wherein the first information is an identifier of the server, and the second field is an identifier of the calling end.
  13. The method according to claim 1, wherein the obtaining the number of times of access of the access request sent by the calling terminal within a preset time length as the number of times of access of the calling terminal comprises:
    acquiring a preset time length corresponding to the calling end;
    and counting the access times of the access request sent by the calling terminal within the preset time length to serve as the access times of the calling terminal.
  14. The method according to claim 13, wherein the number of times of access by the calling terminal is stored in a distributed cache of the server, and the counting the number of times of access by the access request sent by the calling terminal in the preset time period as the number of times of access by the calling terminal comprises:
    and counting the access times of the access request sent by the calling terminal within the preset time length by using an incr method, wherein the access times are used as the access times of the calling terminal.
  15. The method of claim 8, 11 or 14, wherein the distributed cache is a redis storage system.
  16. The method of claim 1, wherein the predetermined time period is 1 second.
  17. An access control apparatus, applied to a server, the apparatus comprising:
    the acquisition unit is used for acquiring an access request which is sent by a calling terminal and requests to access the server;
    a response unit, configured to respond to the access request and execute an access operation of the calling terminal if the server allows the server to be accessed by the calling terminal;
    the determining unit is used for acquiring the access times of the access request sent by the calling terminal within a preset time length and taking the access times as the access times of the calling terminal;
    and the processing unit is used for setting an access forbidding period for the calling terminal according to the access times of the calling terminal, and the server is forbidden to be accessed by the calling terminal in the access forbidding period, wherein the higher the access times of the calling terminal is, the longer the length of the access forbidding period is.
  18. The apparatus of claim 17, wherein the processing unit is further configured to:
    acquiring a functional relation between preset access times and access forbidding time length;
    determining the access forbidding time length corresponding to the access times of the calling terminal according to the function relationship;
    and setting an access forbidding time period for the calling terminal according to the access forbidding time length.
  19. The apparatus of claim 18, wherein the function relationship is a power function.
  20. A server, comprising:
    one or more processors;
    a memory;
    one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the method of any of claims 1-16.
  21. A computer-readable storage medium storing program code executable by a processor, wherein a plurality of instructions in the program code, when executed by the processor, cause the processor to perform the method of any one of claims 1-16.
CN201980099241.7A 2019-10-11 2019-10-11 Access control method, device, server and computer readable medium Pending CN114223177A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/110639 WO2021068205A1 (en) 2019-10-11 2019-10-11 Access control method and apparatus, and server and computer-readable medium

Publications (1)

Publication Number Publication Date
CN114223177A true CN114223177A (en) 2022-03-22

Family

ID=75437608

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201980099241.7A Pending CN114223177A (en) 2019-10-11 2019-10-11 Access control method, device, server and computer readable medium

Country Status (2)

Country Link
CN (1) CN114223177A (en)
WO (1) WO2021068205A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113572701A (en) * 2021-07-26 2021-10-29 杭州米络星科技(集团)有限公司 Service interface flow control method, device, equipment and storage medium
CN113691457B (en) * 2021-08-10 2023-07-18 中国银联股份有限公司 Current limiting control method, device, equipment and storage medium
CN114553791A (en) * 2022-01-19 2022-05-27 浙江百应科技有限公司 External interface current limiting method and device, electronic equipment and storage medium
CN115208939B (en) * 2022-07-14 2024-03-19 Oppo广东移动通信有限公司 Access control method, device, storage medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102841915A (en) * 2011-05-19 2012-12-26 巴比禄股份有限公司 File management apparatus and file management apparatus controlling method
CN106060114A (en) * 2016-05-11 2016-10-26 北京邮电大学 Resource sharing method and device
CN108400963A (en) * 2017-10-23 2018-08-14 平安科技(深圳)有限公司 Electronic device, access request control method and computer readable storage medium
CN108683604A (en) * 2018-04-03 2018-10-19 平安科技(深圳)有限公司 concurrent access control method, terminal device and medium
CN109873794A (en) * 2017-12-04 2019-06-11 北京安云世纪科技有限公司 A kind of means of defence and server of Denial of Service attack

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1032236A1 (en) * 1999-02-24 2000-08-30 ICO Services Ltd. Improved congestion control using access classes
JP4567472B2 (en) * 2005-01-12 2010-10-20 株式会社エヌ・ティ・ティ・ドコモ Data communication restriction method and data communication restriction control device for flat-rate users
CN104618352A (en) * 2015-01-16 2015-05-13 沈文策 Script-based flow anti-brush method and system
CN107547548B (en) * 2017-09-05 2020-06-30 北京京东尚科信息技术有限公司 Data processing method and system
CN109743294A (en) * 2018-12-13 2019-05-10 平安科技(深圳)有限公司 Interface access control method, device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102841915A (en) * 2011-05-19 2012-12-26 巴比禄股份有限公司 File management apparatus and file management apparatus controlling method
CN106060114A (en) * 2016-05-11 2016-10-26 北京邮电大学 Resource sharing method and device
CN108400963A (en) * 2017-10-23 2018-08-14 平安科技(深圳)有限公司 Electronic device, access request control method and computer readable storage medium
CN109873794A (en) * 2017-12-04 2019-06-11 北京安云世纪科技有限公司 A kind of means of defence and server of Denial of Service attack
CN108683604A (en) * 2018-04-03 2018-10-19 平安科技(深圳)有限公司 concurrent access control method, terminal device and medium

Also Published As

Publication number Publication date
WO2021068205A1 (en) 2021-04-15

Similar Documents

Publication Publication Date Title
CN111030936B (en) Current-limiting control method and device for network access and computer-readable storage medium
CN114223177A (en) Access control method, device, server and computer readable medium
CN107832100B (en) APK plug-in loading method and terminal thereof
CN109542361B (en) Distributed storage system file reading method, system and related device
US11671402B2 (en) Service resource scheduling method and apparatus
CN106022101B (en) application management method and terminal
CN113517985B (en) File data processing method and device, electronic equipment and computer readable medium
CN109547427B (en) Blacklist user identification method and device, computer equipment and storage medium
US20170155712A1 (en) Method and device for updating cache data
CN114710263B (en) Key management method, key management device, key management apparatus, and storage medium
CN115039082A (en) Log writing method and device, electronic equipment and storage medium
CN109657485B (en) Authority processing method and device, terminal equipment and storage medium
CN112988062B (en) Metadata reading limiting method and device, electronic equipment and medium
CN114270309A (en) Resource acquisition method and device and electronic equipment
CN110287689B (en) Password protection method, terminal and computer readable medium
CN112115500A (en) Method, device and system for accessing file
CN109783196B (en) Virtual machine migration method and device
CN114374657B (en) Data processing method and device
CN110020290B (en) Webpage resource caching method and device, storage medium and electronic device
CN112866265B (en) CSRF attack protection method and device
CN112333276B (en) Network access method, system, storage medium and electronic device
CN115037693A (en) Distributed current limiting method and distributed current limiting device based on token bucket
CN113368494A (en) Cloud equipment distribution method and device, electronic equipment and storage medium
CN108471422B (en) Method, device, server and medium for judging remote login
CN105511932A (en) Application unloading method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination