CN114301890B - Web access request processing method and device - Google Patents
Web access request processing method and device Download PDFInfo
- Publication number
- CN114301890B CN114301890B CN202011003875.9A CN202011003875A CN114301890B CN 114301890 B CN114301890 B CN 114301890B CN 202011003875 A CN202011003875 A CN 202011003875A CN 114301890 B CN114301890 B CN 114301890B
- Authority
- CN
- China
- Prior art keywords
- request
- static resource
- access request
- web
- web access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The application discloses a processing method and a device of a Web access request, comprising the following steps: acquiring and analyzing a Web access request sent by a user terminal, and determining a static resource request and an application function request corresponding to the Web access request; forwarding a static resource request corresponding to the Web access request to a static resource unit, and forwarding an application function request corresponding to the Web access request to a Web service unit; judging whether the static resource request is an internal access request, and determining whether to forward the static resource request to the static resource unit according to a judging result; and acquiring the static resources returned by the static resource unit and the function class data returned by the Web service unit, and returning response data corresponding to the Web access request according to the static resources and the function class data. The method can enable the processing of the static resource request to be more standard by judging whether the static resource request is an internal access request, thereby improving the security and the processing efficiency of the Web access request.
Description
Technical Field
The application relates to the field of electronic information, in particular to a method and a device for processing a Web access request.
Background
With the development of internet technology and mobile communication technology, the requirements on website security are higher and higher, and the current hackers and other illegal molecules often attack by utilizing the website security, so that the purpose of the hackers and other illegal molecules is achieved, and the cross-site request counterfeiting attack is one of the purposes. With the improvement of the technical level, many large website architectures are distributed and deployed, that is, static resources and dynamic service requests are separated, and the architecture has the risk of attacking page static resources by cross-site requests.
For example, in a specific example, a user can log in a system to view personal data, and accordingly, a plurality of commonly used function entries, such as a plurality of function entries of "electronic invoice", "caller id", "personal data change", etc., are displayed in a system interface, wherein when the user clicks the function entry of "personal data change", details of the user's name, contact phone, email box, work unit, etc., will be displayed. In the process of viewing the personal data by the user, it is assumed that an attacker constructs an induction page, and embeds a URL of "the user logs in a certain system to view the personal data" in the induction page. The URL may be http:// pub-page/userInfo/queryUserInfo html. Accordingly, when the user clicks the inducing page, the user can jump to the user's personal data page, so that the personal data of the user is stolen by an attacker. It can be seen that the existing Web access request is easy to hack, and has low security.
Disclosure of Invention
The present application has been made in view of the above problems, and it is an object of the present application to provide a method and apparatus for processing a Web access request, which overcome or at least partially solve the above problems.
According to one aspect of the present application, there is provided a method for processing a Web access request, including:
acquiring and analyzing a Web access request sent by a user terminal, and determining a static resource request and an application function request corresponding to the Web access request;
forwarding a static resource request corresponding to the Web access request to a static resource unit, and forwarding an application function request corresponding to the Web access request to a Web service unit; judging whether the static resource request is an internal access request, and determining whether to forward the static resource request to the static resource unit according to a judging result;
and acquiring the static resources returned by the static resource unit and the function class data returned by the Web service unit, and returning response data corresponding to the Web access request according to the static resources and the function class data.
According to still another aspect of the present application, there is provided a processing apparatus for Web access request, including:
the acquisition module is suitable for acquiring and analyzing the Web access request sent by the user terminal and determining a static resource request and an application function request corresponding to the Web access request;
the forwarding module is suitable for forwarding the static resource request corresponding to the Web access request to the static resource unit and forwarding the application function request corresponding to the Web access request to the Web service unit; judging whether the static resource request is an internal access request, and determining whether to forward the static resource request to the static resource unit according to a judging result;
and the response module is suitable for acquiring the static resources returned by the static resource unit and the function class data returned by the Web service unit, and returning response data corresponding to the Web access request according to the static resources and the function class data.
According to still another aspect of the present application, there is provided an electronic apparatus including: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to execute an operation corresponding to the method for processing a Web access request as described above.
According to still another aspect of the present application, there is provided a computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the method for processing a Web access request as described above.
In the method and the device for processing the Web access request, the static resource request corresponding to the Web access request can be forwarded to the static resource unit, the application function request corresponding to the Web access request can be forwarded to the Web service unit, and whether the static resource request is an internal access request or not is automatically judged, so that whether the static resource request is forwarded to the static resource unit or not is determined according to a judging result. Therefore, the method can process the Web access request through the static resource unit and the Web service unit respectively, so that the separation of the static resource and the dynamic service is realized. And whether the static resource request is an internal access request or not is judged, so that the processing of the static resource request is more standard, and the safety and the processing efficiency of the Web access request are improved.
The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present application more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the application. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 is a flowchart of a method for processing a Web access request according to a first embodiment of the present application;
fig. 2 is a flowchart of a processing method of a Web access request according to a second embodiment of the present application;
fig. 3 is a block diagram of a processing apparatus for Web access request according to a third embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present application;
FIG. 5 illustrates a particular flow diagram of a processing method for implementing Web access requests by various processing elements in a Web application system architecture;
fig. 6 shows a timing diagram of a processing method for implementing Web access requests by various processing units in the Web application architecture.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Example 1
Fig. 1 shows a flowchart of a method for processing a Web access request according to an embodiment of the present application. As shown in fig. 1, the method includes:
step S110: and acquiring and analyzing the Web access request sent by the user terminal, and determining a static resource request and an application function request corresponding to the Web access request.
Wherein the Web access request is for accessing a specified Web page. The static resources and the dynamic application functions in the embodiment adopt distributed deployment. Accordingly, it is necessary to determine a static resource request and an application function request corresponding to the Web access request, respectively. The static resource request and the application function request corresponding to the Web access request can be obtained by analyzing the same Web access request, and at the moment, one Web access request contains two parts of contents of the static resource request and the application function request. Alternatively, the static resource request and the application function request corresponding to the Web access request may be obtained by parsing a plurality of Web access requests, where one Web access request includes only the static resource request and the other Web access request includes the application function request. The application is not limited to specific implementation details.
Step S120: forwarding a static resource request corresponding to the Web access request to a static resource unit, and forwarding an application function request corresponding to the Web access request to a Web service unit; and judging whether the static resource request is an internal access request, and determining whether to forward the static resource request to the static resource unit according to a judging result.
Specifically, the static resource request and the Web access request are respectively forwarded to a static resource unit and a Web service unit, the static resource unit is used for processing the static resource, and the Web service unit is used for processing the dynamic service.
And further judging whether the static resource request is an internal access request aiming at the static resource request, so as to determine whether to forward the static resource request to the static resource unit according to a judging result. In practice, the inventors have found that most websites are set differently for internal access and external access. Therefore, the request format of the static resource request corresponding to the internal access is slightly different from the request format of the static resource request corresponding to the external access. At this time, if the same interception policy is uniformly used for the internal access request and the external access request, an internal access error may be caused. Therefore, in this embodiment, a static resource request corresponding to an internal access request is intercepted differently from an external access request, so as to improve the success rate of the internal access.
Step S130: and acquiring the static resources returned by the static resource unit and the function class data returned by the Web service unit, and returning response data corresponding to the Web access request according to the static resources and the function class data.
Specifically, after the static resources returned by the static resource unit and the functional class data returned by the Web service unit are combined, response data corresponding to the Web access request is obtained, and the response data is returned to the user terminal.
Therefore, the method can process the Web access request through the static resource unit and the Web service unit respectively, so that the separation of the static resource and the dynamic service is realized. And whether the static resource request is an internal access request or not is judged, so that the processing of the static resource request is more standard, and the safety and the processing efficiency of the Web access request are improved.
Example two
Fig. 2 shows a flowchart of a method for processing a Web access request according to a second embodiment of the present application. As shown in fig. 2, the method includes:
step S210: the reverse proxy control unit receives the Web access request from the user terminal forwarded by the distribution unit, and analyzes the Web access request to determine a static resource request and an application function request corresponding to the Web access request.
Wherein the distribution unit is used for forwarding the Web access requests from the user terminals. The number of reverse proxy control units is usually plural, each reverse proxy control unit may correspond to a different website or domain name, and accordingly, the distribution unit determines the corresponding reverse proxy control unit according to the domain name information contained in the Web access request. Alternatively, the same website or domain name may also correspond to a plurality of reverse proxy control units, and accordingly, the distributing unit determines the corresponding reverse proxy control units according to the load balancing policy. And after receiving the Web access request, the reverse proxy control unit analyzes and processes the Web access request.
Wherein the Web access request is for accessing a specified Web page. The static resources and the dynamic application functions in the embodiment adopt distributed deployment. Accordingly, it is necessary to determine a static resource request and an application function request corresponding to the Web access request, respectively. The static resource request and the application function request corresponding to the Web access request can be obtained by analyzing the same Web access request, and at the moment, one Web access request contains two parts of contents of the static resource request and the application function request. Alternatively, the static resource request and the application function request corresponding to the Web access request may be obtained by parsing a plurality of Web access requests, where one Web access request includes only the static resource request and the other Web access request includes the application function request. The application is not limited to specific implementation details.
Step S220: forwarding a static resource request corresponding to the Web access request to a static resource unit, and forwarding an application function request corresponding to the Web access request to a Web service unit; and judging whether the static resource request is an internal access request, and determining whether to forward the static resource request to the static resource unit according to a judging result.
Specifically, the static resource request and the Web access request are respectively forwarded to a static resource unit and a Web service unit, the static resource unit is used for processing the static resource, and the Web service unit is used for processing the dynamic service. And further judging whether the static resource request is an internal access request aiming at the static resource request, so as to determine whether to forward the static resource request to the static resource unit according to a judging result. In practice, the inventors have found that most websites are set differently for internal access and external access. Therefore, the request format of the static resource request corresponding to the internal access is slightly different from the request format of the static resource request corresponding to the external access. At this time, if the same interception policy is uniformly used for the internal access request and the external access request, an internal access error may be caused. Therefore, in this embodiment, a static resource request corresponding to an internal access request is intercepted differently from an external access request, so as to improve the success rate of the internal access.
In a specific implementation manner of this embodiment, the following is implemented: judging whether the static resource request contains a valid preset parameter value or not; when the static resource request does not contain a valid preset parameter value, further judging whether the static resource request is an internal access request or not; if yes, forwarding the static resource request to the static resource unit; if not, intercepting the static resource request. When the static resource request does not include a valid preset parameter value, the static resource request may be considered illegal in a conventional manner, so as to be intercepted. However, in this embodiment, in consideration of the difference between the internal access request and the external access request, it is further determined whether the static resource request is an internal access request, and interception is performed only when it does not belong to the internal access request.
When the static resource request is judged to be an internal access request, although the static resource request does not contain an effective preset parameter value, the static resource request is still forwarded in a normal mode. In order to ensure that the static resource request can be normally processed by the static resource unit, in this step, when the static resource request is forwarded to the static resource unit, a preset domain name parameter is further obtained, and a field corresponding to the preset parameter value in the static resource request is filled according to the domain name parameter. The preset domain name parameter may be determined according to domain name information included in the Web access request. For example, corresponding domain name parameters are set for each domain name in advance, so that when a request for accessing the domain name does not contain a valid preset parameter value, field filling processing is directly performed according to the preset domain name parameters corresponding to the domain name. The method can convert the static resource request which does not contain the effective preset parameter value into the static resource request filled with the effective preset parameter value, thereby being convenient for realizing the normal processing of the static resource request in the subsequent process.
When judging whether the static resource request contains a valid preset parameter value, the method is realized by the following steps: judging whether a field corresponding to a preset parameter value in the static resource request is empty or not; if yes, determining that the static resource request does not contain effective preset parameter values; if not, further judging whether the valid token can be extracted from the field value corresponding to the preset parameter value; when the valid token can be extracted, determining that the static resource request contains valid preset parameter values; when the valid token cannot be extracted, determining that the static resource request does not contain valid preset parameter values. In this embodiment, the preset parameter value is a reference parameter value.
Step S230: and acquiring the static resources returned by the static resource unit and the function class data returned by the Web service unit, and returning response data corresponding to the Web access request according to the static resources and the function class data.
Specifically, after the static resources returned by the static resource unit and the functional class data returned by the Web service unit are combined, response data corresponding to the Web access request is obtained, and the response data is returned to the user terminal. The function class data returned by the Web service unit comprises: functional links or functional data.
For ease of understanding, the following details of implementation of the second embodiment of the present application will be described in detail by taking a specific example as an example, where the example mainly relates to protection against cross-site request security attacks of a front-end Web system facing a public network:
this example is mainly used to prevent CSRF (cross-site request forgery) vulnerabilities. Aiming at the loopholes, a method and a device for forwarding the HTTP request are provided in the patent application of the patent name of a method and a device for forwarding the HTTP request (application number: CN201010603366. X); the method comprises the following steps: judging whether the URL of the HTTP request of the Web client is the Web form request URL or the Web form data submitting URL; when the URL of the HTTP request is the URL of the Web form request, if the URL parameter of the HTTP request carries a valid token, forwarding the HTTP request; if the token is not carried, randomly generating a unique token, splicing the URL of the HTTP request and the generated token into a new URL, discarding the HTTP request and sending an HTTP response message for redirecting the request to the new URL to the Web client; when the URL of the HTTP request is the Web form data submitting URL, if the HTTP request has a reference value and a valid token can be extracted from the reference, the HTTP request is forwarded. The method can realize effective defense on CSRF attack and greatly reduce the calculation overhead of the Web security gateway.
It can be seen that this way, by judging whether the reference value exists in the HTTP request, if it is empty, the HTTP request is discarded. However, in practical applications, when a large website accesses internal static resources, many reference values are empty, which results in that many static resources on the page cannot be loaded. To solve the above-mentioned problem, the present example provides a new web application system security architecture, which includes an F5 forwarding unit (i.e. the above-mentioned distribution unit), an Nginx control unit (i.e. the above-mentioned reverse proxy control unit), a web service unit, and a static resource unit.
The static resource reference parameter control is realized through the Nginx control unit, and the problem that the internal static resource access cannot be loaded is solved. Meanwhile, the validity of the reference parameter is checked, so that the reference parameter is prevented from being utilized by an attacker. In addition, the web service unit judges the reference by acquiring the reference value in the Header of the request by utilizing the cross-station request forgery filter, and illegal interception forbids access.
The control of the reference parameter is realized by adjusting the web application system architecture and utilizing the Nginx control unit, so that the effective control of the static resource is realized, and finally the protection of the CSRF (Cross Site Request Forgery, cross-site request forging) cross-site request forging is realized.
It follows that the web application architecture in this example includes an F5 forwarding unit, an nginnx control unit, a web service unit, and a static resource unit. The F5 forwarding unit forwards the web access request of the user to each web application system according to the domain name system accessed by the user, and firstly forwards the web access request to the Nginx control unit of each application system. The Nginx control unit analyzes the user web request, respectively sends the static resource request and the web application function request to the static resource unit and the web service unit, processes the acquired static resource, links the static resource with the web application function and returns the static resource to the F5 forwarding unit, and further analyzes the static resource request, if the static resource request is internal access, the reference parameter value is filled according to the preset domain name parameter, otherwise, the access is forbidden. The method can avoid information leakage caused by direct access of the important URL link, thereby effectively preventing the reference parameter from being utilized by an attacker. The web service unit provides corresponding function links to the Nginx control unit according to the user web application function request. The static resource unit provides corresponding static resources for the Nginx control unit according to the user request.
Fig. 5 shows a specific flowchart of a processing method for implementing Web access requests by respective processing units in the Web application system architecture. As shown in fig. 5, the method mainly comprises the following steps:
step 51: the user triggers a web access request through the web system.
Step 52: and the F5 forwarding unit distributes the web access request to the Nginx control unit according to the difference of domain names accessed by users.
Step 53: the Nginx control unit analyzes the user web request, respectively sends the static resource request and the web application function request (namely the application function request) to the static resource unit and the web service unit, processes the acquired static resource, and returns the link with the web application function to the F5 forwarding unit.
Step 54: the static resource unit is responsible for storing static resources of the web system, such as pictures, icon, audio, video and the like, and processing the received static resource requests according to the processed static resources.
Step 55: the web service unit provides corresponding function links to the Nginx control unit according to the user web application function request.
The specific functions of the individual units are described below in conjunction with fig. 5:
f5 forwarding unit: and the network management module is used for distributing the network management module to the Nginx control unit according to the load strategy according to different domain names accessed by users.
An Nginx control unit: the method is used for analyzing the web request of the user, respectively sending the static resource request and the web application function request to the static resource unit and the web service unit, and returning the obtained static resource to the F5 forwarding unit after being processed and linked with the web application function or data. The Nginx control unit further analyzes the static resource request, if the static resource request is internal access, the reference parameter value is filled according to the preset domain name parameter, and otherwise, the access is forbidden. For internal access, the problem that static page resources cannot be loaded is effectively solved. For external illegal access, the information leakage caused by direct access of the important URL link can be prevented, so that the reference parameter is effectively prevented from being utilized by an attacker.
Static resource unit: is responsible for storing web system static resources such as pictures, icon, audio, video, etc. Providing static resources for user requests.
web service unit: and verifying the user web application function request, and providing corresponding function links or data for the legal request to the Nginx control unit. The web service unit judges the reference by acquiring the reference value in the Header of the request by utilizing the cross-station request forgery filter, and illegal interception forbids access.
For convenience of explanation, fig. 6 shows a timing chart corresponding to the above method. The process of each step is described in detail below with reference to fig. 6, by means of a timing diagram:
step 1: the user sends a web system access request first to the F5 forwarding unit.
Step 2: the F5 forwarding unit sends the web access request to the Nginx control unit according to the load strategy.
Step 3: the Nginx control unit analyzes the user web request and sends a static resource request to the static resource unit. The Nginx control unit further analyzes the static resource request, if the static resource request is internal access, the reference parameter value is filled according to the preset domain name parameter, and otherwise, the access is forbidden. For internal access, the problem that static page resources cannot be loaded is effectively solved. And the information leakage caused by direct access of the important URL link is avoided for external illegal access, so that the reference parameter is effectively prevented from being utilized by an attacker.
Step 4: the Nginx control unit analyzes the user web request and sends a web application function request to the web service unit.
Step 5: the static resources are provided by the static resource unit for the user request.
Step 6: the web service unit checks the web application function request of the user and provides corresponding function links or data to the Nginx control unit for the legal request. The web service unit passes through a cross-station request forgery filter, and judges the reference by acquiring the reference value in the Header of the request, so that illegal interception forbids access.
Step 7: the ng inx control unit returns static resources and functional links or data to the F5 forwarding unit.
Step 8: and F5, the forwarding unit processes the acquired static resources and then links or returns data with the web application function to the user. The flow ends up here.
In summary, the present example provides a new web application system security architecture, including an F5 forwarding unit, an nginnx control unit, a web service unit, and a static resource unit. The Nginx control unit analyzes a user web request, respectively sends a static resource request and a web application function request to the static resource unit and the web service unit, processes the acquired static resource, and then links with the web application function or returns data to the F5 forwarding unit. The Nginx control unit further analyzes the static resource request, if the static resource request is internal access, the reference parameter value is filled according to the preset domain name parameter, and otherwise, the access is forbidden. For internal access, the problem that static page resources cannot be loaded is effectively solved. The information leakage is caused by the fact that the external illegal access, such as important URL links, is directly accessed, so that the reference parameter is effectively prevented from being utilized by an attacker. In addition, the web service unit judges the reference by acquiring the reference value in the Header of the request by utilizing the cross-station request forgery filter, and illegal interception forbids access. In a word, the web application system security architecture controls the static resource reference parameter through the Nginx control unit, and performs validity check, so that the reference parameter is prevented from being utilized by an attacker. The web service unit judges the reference by acquiring the reference value in the Header of the request by utilizing the cross-station request forgery filter, and illegal interception forbids access. This approach significantly improves the security of access requests.
Example III
Fig. 3 is a schematic structural diagram of a processing device for Web access request according to a third embodiment of the present application, which specifically includes:
the acquisition module 31 is adapted to acquire and analyze a Web access request sent by a user terminal, and determine a static resource request and an application function request corresponding to the Web access request;
a forwarding module 32 adapted to forward a static resource request corresponding to the Web access request to a static resource unit and forward an application function request corresponding to the Web access request to a Web service unit; judging whether the static resource request is an internal access request, and determining whether to forward the static resource request to the static resource unit according to a judging result;
and the response module 33 is adapted to acquire the static resources returned by the static resource unit and the function class data returned by the Web service unit, and return response data corresponding to the Web access request according to the static resources and the function class data.
Optionally, the forwarding module is specifically adapted to:
judging whether the static resource request contains an effective preset parameter value or not;
when the static resource request does not contain an effective preset parameter value, further judging whether the static resource request is an internal access request or not;
if yes, forwarding the static resource request to the static resource unit; and if not, intercepting the static resource request.
Optionally, the forwarding module is specifically adapted to:
and acquiring a preset domain name parameter, and filling a field corresponding to the preset parameter value in the static resource request according to the domain name parameter.
Optionally, the forwarding module is specifically adapted to:
judging whether a field corresponding to the preset parameter value in the static resource request is empty or not;
if yes, determining that the static resource request does not contain an effective preset parameter value;
if not, further judging whether the valid token can be extracted from the field value corresponding to the preset parameter value; and when the valid token can be extracted, determining that the static resource request contains valid preset parameter values.
Optionally, the preset parameter value is a reference parameter value.
Optionally, the function class data returned by the Web service unit includes: functional links or functional data.
Optionally, the acquiring module is specifically adapted to:
and the reverse proxy control unit receives the Web access request from the user terminal forwarded by the distribution unit and analyzes the Web access request.
Example IV
A fourth embodiment of the present application provides a non-volatile computer storage medium, where at least one executable instruction is stored, where the computer executable instruction may perform the method for processing a Web access request in any of the foregoing method embodiments. The executable instructions may be particularly useful for causing a processor to perform the operations corresponding to the method embodiments described above.
Example five
Fig. 4 shows a schematic structural diagram of an electronic device according to a fifth embodiment of the present application, and the specific embodiment of the present application is not limited to the specific implementation of the electronic device.
As shown in fig. 4, the electronic device may include: a processor 402, a communication interface (Communications Interface) 406, a memory 404, and a communication bus 408.
Wherein:
processor 402, communication interface 406, and memory 404 communicate with each other via communication bus 408.
A communication interface 406 for communicating with other devices, such as network elements of a user terminal or other server, etc.
The processor 402 is configured to execute the program 410, and may specifically perform relevant steps in the foregoing embodiments of a method for processing a Web access request.
In particular, program 410 may include program code including computer-operating instructions.
The processor 402 may be a central processing unit CPU, or an Application specific integrated circuit ASIC (if ic Integrated Circuit), or one or more integrated circuits configured to implement embodiments of the present application. The one or more processors included in the electronic device may be the same type of processor, such as one or more CPUs; but may also be different types of processors such as one or more CPUs and one or more ASICs.
Memory 404 for storing program 410. Memory 404 may comprise high-speed RAM memory or may further comprise non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 510 may be specifically configured to cause the processor 502 to perform the respective operations corresponding to the above-described method embodiments.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other apparatus. Various general-purpose systems may also be used with the teachings herein. The required structure for a construction of such a system is apparent from the description above. In addition, the present application is not directed to any particular programming language. It will be appreciated that the teachings of the present application described herein may be implemented in a variety of programming languages, and the above description of specific languages is provided for disclosure of enablement and best mode of the present application.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the application may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the application, various features of the application are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be construed as reflecting the intention that: i.e., the claimed application requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this application.
Those skilled in the art will appreciate that the modules in the apparatus of the embodiments may be adaptively changed and disposed in one or more apparatuses different from the embodiments. The modules or units or components of the embodiments may be combined into one module or unit or component and, furthermore, they may be divided into a plurality of sub-modules or sub-units or sub-components. Any combination of all features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or units of any method or apparatus so disclosed, may be used in combination, except insofar as at least some of such features and/or processes or units are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the application and form different embodiments. For example, in the following claims, any of the claimed embodiments can be used in any combination.
Various component embodiments of the application may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that some or all of the functions of some or all of the components in accordance with embodiments of the present application may be implemented in practice using a microprocessor or Digital Signal Processor (DSP). The present application can also be implemented as an apparatus or device program (e.g., a computer program and a computer program product) for performing a portion or all of the methods described herein. Such a program embodying the present application may be stored on a computer readable medium, or may have the form of one or more signals. Such signals may be downloaded from an internet website, provided on a carrier signal, or provided in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the application, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The application may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, third, etc. do not denote any order. These words may be interpreted as names.
Claims (8)
1. A method of processing Web access requests, comprising:
acquiring and analyzing a Web access request sent by a user terminal, and determining a static resource request and an application function request corresponding to the Web access request;
judging whether the static resource request contains an effective preset parameter value or not; if the static resource request does not contain an effective preset parameter value, further judging whether the static resource request is an internal access request or not; if the static resource request is an internal access request, when the static resource request is forwarded to a static resource unit, further acquiring a preset domain name parameter, and filling a field corresponding to the preset parameter value in the static resource request according to the domain name parameter, wherein the preset domain name parameter is determined according to domain name information contained in the Web access request; if the static resource request is not an internal access request, intercepting the static resource request;
forwarding an application function request corresponding to the Web access request to a Web service unit so that the Web service unit can forge a filter by using the cross-station request, and judging the reference by acquiring the reference value in the Header of the request and illegally intercepting the reference;
and acquiring the static resources returned by the static resource unit and the function class data returned by the Web service unit, and returning response data corresponding to the Web access request according to the static resources and the function class data.
2. The method of claim 1, wherein the determining whether the static resource request includes a valid preset parameter value comprises:
judging whether a field corresponding to the preset parameter value in the static resource request is empty or not;
if yes, determining that the static resource request does not contain an effective preset parameter value;
if not, further judging whether the valid token can be extracted from the field value corresponding to the preset parameter value; and when the valid token can be extracted, determining that the static resource request contains valid preset parameter values.
3. The method according to any one of claims 1-2, wherein the preset parameter value is a reference parameter value.
4. The method of claim 1, wherein the functional class data returned by the Web service unit comprises: functional links or functional data.
5. The method of claim 1, wherein the obtaining and parsing the Web access request sent by the user terminal comprises:
and the reverse proxy control unit receives the Web access request from the user terminal forwarded by the distribution unit and analyzes the Web access request.
6. A processing apparatus for Web access requests, comprising:
the acquisition module is suitable for acquiring and analyzing the Web access request sent by the user terminal and determining a static resource request and an application function request corresponding to the Web access request;
the forwarding module is suitable for judging whether the static resource request contains a valid preset parameter value or not; if the static resource request does not contain an effective preset parameter value, further judging whether the static resource request is an internal access request or not; if the static resource request is an internal access request, when the static resource request is forwarded to a static resource unit, further acquiring a preset domain name parameter, and filling a field corresponding to the preset parameter value in the static resource request according to the domain name parameter, wherein the preset domain name parameter is determined according to domain name information contained in the Web access request; if the static resource request is not an internal access request, intercepting the static resource request; forwarding an application function request corresponding to the Web access request to a Web service unit so that the Web service unit can forge a filter by using the cross-station request, and judging the reference by acquiring the reference value in the Header of the request and illegally intercepting the reference;
and the response module is suitable for acquiring the static resources returned by the static resource unit and the function class data returned by the Web service unit, and returning response data corresponding to the Web access request according to the static resources and the function class data.
7. An electronic device, comprising: the device comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete communication with each other through the communication bus;
the memory is configured to store at least one executable instruction, where the executable instruction causes the processor to perform operations corresponding to the method for processing a Web access request according to any one of claims 1 to 5.
8. A computer storage medium having stored therein at least one executable instruction for causing a processor to perform operations corresponding to the method of processing a Web access request according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011003875.9A CN114301890B (en) | 2020-09-22 | 2020-09-22 | Web access request processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011003875.9A CN114301890B (en) | 2020-09-22 | 2020-09-22 | Web access request processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114301890A CN114301890A (en) | 2022-04-08 |
| CN114301890B true CN114301890B (en) | 2023-09-05 |
Family
ID=80963991
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011003875.9A Active CN114301890B (en) | 2020-09-22 | 2020-09-22 | Web access request processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301890B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103136205A (en) * | 2011-11-23 | 2013-06-05 | 上海博泰悦臻网络技术服务有限公司 | Web picture service system and method |
| CN105978933A (en) * | 2016-04-25 | 2016-09-28 | 青岛海信电器股份有限公司 | Webpage request method, webpage response method, terminal, server, and webpage request and response system |
| CN109067914A (en) * | 2018-09-20 | 2018-12-21 | 星环信息科技(上海)有限公司 | Proxy Method, device, equipment and the storage medium of Web service |
| CN110569465A (en) * | 2019-08-27 | 2019-12-13 | 上海易点时空网络有限公司 | Offline access method and device for client application program |
| CN111274512A (en) * | 2020-01-16 | 2020-06-12 | 深圳市元征科技股份有限公司 | Page loading method, device and medium |
| CN111416813A (en) * | 2020-03-16 | 2020-07-14 | 山东浪潮通软信息科技有限公司 | Data filtering system based on reverse proxy service and implementation method |
| CN111580854A (en) * | 2020-03-18 | 2020-08-25 | 平安科技(深圳)有限公司 | Front-end and back-end separation method based on application program interface gateway and related equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080201118A1 (en) * | 2007-02-16 | 2008-08-21 | Fan Luo | Modeling a web page on top of HTML elements level by encapsulating the details of HTML elements in a component, building a web page, a website and website syndication on browser-based user interface |
| US8935654B2 (en) * | 2011-04-21 | 2015-01-13 | Accenture Global Services Limited | Analysis system for test artifact generation |
| US10039005B2 (en) * | 2015-07-07 | 2018-07-31 | Full Spectrum Inc. | System and method for dynamic allocation of frequency sub-channels for wireless communication |
| RU2673403C2 (en) * | 2015-12-28 | 2018-11-26 | Хуавэй Текнолоджиз Ко., Лтд. | Website access method, device and website system |
-
2020
- 2020-09-22 CN CN202011003875.9A patent/CN114301890B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103136205A (en) * | 2011-11-23 | 2013-06-05 | 上海博泰悦臻网络技术服务有限公司 | Web picture service system and method |
| CN105978933A (en) * | 2016-04-25 | 2016-09-28 | 青岛海信电器股份有限公司 | Webpage request method, webpage response method, terminal, server, and webpage request and response system |
| CN109067914A (en) * | 2018-09-20 | 2018-12-21 | 星环信息科技(上海)有限公司 | Proxy Method, device, equipment and the storage medium of Web service |
| CN110569465A (en) * | 2019-08-27 | 2019-12-13 | 上海易点时空网络有限公司 | Offline access method and device for client application program |
| CN111274512A (en) * | 2020-01-16 | 2020-06-12 | 深圳市元征科技股份有限公司 | Page loading method, device and medium |
| CN111416813A (en) * | 2020-03-16 | 2020-07-14 | 山东浪潮通软信息科技有限公司 | Data filtering system based on reverse proxy service and implementation method |
| CN111580854A (en) * | 2020-03-18 | 2020-08-25 | 平安科技(深圳)有限公司 | Front-end and back-end separation method based on application program interface gateway and related equipment |
Non-Patent Citations (1)
| Title |
|---|
| A new cache approach based on graph for Web servers;E. Edi;《IEEE》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114301890A (en) | 2022-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9900346B2 (en) | Identification of and countermeasures against forged websites | |
| US8826411B2 (en) | Client-side extensions for use in connection with HTTP proxy policy enforcement | |
| US8225392B2 (en) | Immunizing HTML browsers and extensions from known vulnerabilities | |
| US9021586B2 (en) | Apparatus and methods for preventing cross-site request forgery | |
| EP1088427B1 (en) | System and method for security of code | |
| EP2408166B1 (en) | Filtering method, system and network device therefor | |
| US8161538B2 (en) | Stateful application firewall | |
| CN107046544B (en) | Method and device for identifying illegal access request to website | |
| US20130007882A1 (en) | Methods of detecting and removing bidirectional network traffic malware | |
| US20130007870A1 (en) | Systems for bi-directional network traffic malware detection and removal | |
| CN110113366B (en) | CSRF vulnerability detection method and device, computing device and storage medium | |
| US11770385B2 (en) | Systems and methods for malicious client detection through property analysis | |
| US8584240B1 (en) | Community scan for web threat protection | |
| CN107295116B (en) | Domain name resolution method, device and system | |
| CN104079557A (en) | CC attack protection method and device | |
| US8208375B2 (en) | Selective filtering of network traffic requests | |
| CN110545269A (en) | Access control method, device and storage medium | |
| US8650214B1 (en) | Dynamic frame buster injection | |
| US9888034B2 (en) | Pluggable API firewall filter | |
| CN114301890B (en) | Web access request processing method and device | |
| CN114301648A (en) | Data configuration method and device, storage medium and electronic device | |
| CN112437036B (en) | Data analysis method and equipment | |
| CN112202717B (en) | HTTP request processing method and device, server and storage medium | |
| CN116633577A (en) | Internet-based cross-site request counterfeiting protection method and system | |
| CN116260621A (en) | Method and device for processing HTTP (hyper text transport protocol) request, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhou Benwen Inventor after: Liang Zheng Inventor after: Zhou Qi Inventor after: Wei Ziyang Inventor before: Zhou Benwen Inventor before: Liang Zheng Inventor before: Zhou Qi |