CN114615073A

CN114615073A - Access flow control method, device, equipment and medium

Info

Publication number: CN114615073A
Application number: CN202210304703.8A
Authority: CN
Inventors: 蒋顺风
Original assignee: Guangzhou Cubesili Information Technology Co Ltd
Current assignee: Guangzhou Cubesili Information Technology Co Ltd
Priority date: 2022-03-22
Filing date: 2022-03-22
Publication date: 2022-06-10

Abstract

The application discloses an access flow control method, a device, equipment and a medium thereof, wherein the method comprises the following steps: responding to an access request pushed by a client, generating a flow verification request containing an accessor address of the client and a target network access address accessed by the accessor address, and pushing the flow verification request to a flow control center for flow limiting verification; inquiring whether a target network access address exists in an access current-limiting list, if so, monitoring a current-limiting check event in a flow control center, and if not, opening the authority of the client to access the target network access address; when the monitoring duration exceeds the preset monitoring duration, opening the authority of the client to access the target network access address; and receiving a current-limiting check result pushed by the flow control center, and judging whether the authority of the client for accessing the target network access address is opened or not according to the current-limiting check result. The method and the device for providing the flow control service for the back-end server cluster in the distributed cluster mode have the advantages of saving the operation resources of the server cluster, being more accurate in flow control and the like.

Description

Access flow control method, device, equipment and medium

Technical Field

The present application relates to the field of server flow control, and in particular, to an access flow control method, and further, to a device, an apparatus, and a non-volatile storage medium corresponding to the method.

Background

The existing internet platform provides various types of related online services for platform users, for example, the internet live platform provides various types of live online services for the platform users, such as live viewing services, virtual gift presentation online services interacting with a host user, and the like, and the online services provided by the internet platform generally forward and push access requests of the platform users to a back-end server for processing in a proxy server manner, but the proxy server generally also performs flow control processing on the requests of the platform users, so as to prevent that when the internet live platform holds hot online activities or suffers from malicious internet attacks such as CC attack and the like, highly concurrent excessive requests are pushed to the back-end server, which easily causes server crash, and thus related online services cannot provide services for the platform users.

However, the flow control service established by the existing internet platform for the proxy server cluster is to set an independent flow control module for each proxy server, and each proxy server is independently responsible for flow control processing of the received request, and this flow control manner occupies computational resources of the proxy servers, so that the proxy servers cannot apply the computational resources to request response and forwarding, and cannot quickly feed back the request pushed by the platform user to influence user experience.

In addition, the development cost of configuring an independent flow control module for each proxy server is high, and meanwhile, the flow control modules in the proxy servers are independent from each other, so that it is difficult to perform unified flow control configuration on a proxy server cluster where each proxy server is located, and the maintenance cost is high.

In view of the problems with the flow control of existing proxy server clusters, the present applicant has made a corresponding search for a solution to the problems.

Disclosure of Invention

The application aims to meet the requirements of users and provides an access flow control method, and further relates to a corresponding device, equipment, a non-volatile storage medium and a computer program product of the method.

In order to realize the purpose of the application, the following technical scheme is adopted:

an access flow control method adapted to the purpose of the present application, comprising the steps of:

responding to an access request pushed by a client, determining a visitor address corresponding to the client and a target network access address accessed by the visitor address, and pushing a flow verification request containing the visitor address and the target network access address to a flow control center for flow limiting verification;

inquiring whether a target network access address exists in an access flow limiting list, if so, monitoring a flow limiting verification event acting on the flow verification request in the flow control center, and if not, opening the authority of the client to access the target network access address;

when the monitoring duration of the current-limiting verification event exceeds the preset monitoring duration, opening the authority of the client to access the target network access address, and if the monitoring duration of the current-limiting verification event does not exceed the preset monitoring duration, continuing to monitor the current-limiting verification event;

and receiving a current-limiting check result pushed by the flow control center, and judging whether to open the authority of accessing the target network access address to the client according to the current-limiting check result.

In a further embodiment, the step of pushing the traffic verification request including the visitor address and the target network access address to the traffic control center for performing the flow limitation verification includes the following steps executed by the traffic control center:

acquiring the flow verification request pushed by the proxy server, acquiring the visitor address and the target network access address contained in the request, and correspondingly counting the total network access amount per second and the access times per second of the client corresponding to the target network access address according to the flow verification request;

inquiring whether a current limiting strategy corresponding to the target network access address exists in a current limiting strategy pool, wherein target network access addresses corresponding to a plurality of target network access addresses are stored in the current limiting strategy pool;

when a current limiting strategy corresponding to the target network access address exists, acquiring a preset website current limiting threshold value and a client current limiting threshold value which are contained in the current limiting strategy;

judging whether the current latest counted website per second access total amount exceeds the website current limiting threshold value, if so, pushing a current limiting check result representing that current limiting is executed on the target network access address to a proxy server;

and judging whether the current latest counted access times per second of the client exceeds the client current limiting threshold, if so, pushing a current limiting check result representing that the client is forbidden to access to the proxy server, and if not, pushing a current limiting check result representing that the client is allowed to access to the proxy server.

In a further embodiment, the method comprises the following parallel steps performed by the flow control center:

receiving a current limiting strategy updating instruction pushed by a management end, and acquiring a network access address contained in the current limiting strategy updating instruction and a latest current limiting strategy corresponding to the network access address;

judging whether a current limiting strategy corresponding to the network access address exists in a current limiting strategy pool, if so, updating the current limiting strategy of the network access address in the current limiting strategy pool according to the latest current limiting strategy;

and when the current limiting strategy corresponding to the network access address does not exist in the current limiting strategy pool, storing the latest current limiting strategy in the current limiting strategy pool, and broadcasting the generated access current limiting list containing the network access address to a proxy server cluster for updating.

receiving flow verification requests pushed by one or more proxy servers in a proxy server cluster, and acquiring network access addresses contained in the flow verification requests;

judging whether each network access address has a corresponding current-limiting strategy in a current-limiting strategy pool or not, and counting the total network access amount per second of the network access addresses with the current-limiting strategies, wherein the total network access amount per second is counted according to the number of flow verification requests to which the network access addresses belong;

and when the total network access amount per second of any network access address exceeds a current limiting threshold value contained in a current limiting policy of the network access address, generating an access current limiting list containing the network access address, and broadcasting the access current limiting list to the proxy server cluster for updating.

In a further embodiment, the step of opening the permission of the client to access the target network access address when the monitoring duration of the current limit check event exceeds a preset monitoring duration, and if not, continuing to monitor the current limit check event includes the following steps executed by the proxy server:

after the flow verification request is pushed to a flow control center, the flow verification request is stored into a request queue, and each flow verification request and the enqueue time of the flow verification request in the request queue are correspondingly stored;

monitoring the enqueue time of each flow verification request in the request queue, and determining a network access address contained in any flow verification request when the enqueue time of the flow verification request exceeds the preset monitoring time;

and forwarding the access request corresponding to the flow verification request to a back-end server corresponding to the network access address so as to open the authority of the client side to which the access request belongs to access the network access address.

In a further embodiment, the step of determining whether to open the right to access the target network access address to the client according to the current-limiting verification result includes the following steps executed by the proxy server:

analyzing the flow-limiting verification result pushed by the flow-limiting verification center to obtain a flow-limiting identifier contained in the flow-limiting verification result;

when the flow control identifier represents that the access is allowed, the access request is forwarded to a back-end server corresponding to the target network access address so as to open the authority of the client for accessing the target network access address;

and when the flow control identifier represents that the access is forbidden, the access request is not forwarded to a back-end server corresponding to the target network access address, and an access error notification is pushed to the client.

In a further embodiment, after the step of pushing the traffic verification request including the visitor address and the target network access address to the traffic control center for performing the flow limitation verification, the method includes the following steps performed by the proxy server:

acquiring the current-limiting check result pushed by the flow control center;

analyzing the current-limiting checking result, and when the current-limiting checking result contains a current-limiting identifier acting on the target network access address, not forwarding the access request to a back-end server corresponding to the target network access address, and pushing an access error notification to the client;

and storing the target network access address into the access flow limiting list.

An access flow control device proposed for the purpose of the present application, comprising:

the verification request pushing module is used for responding to an access request pushed by a client, determining a visitor address corresponding to the client and a target network access address accessed by the visitor address, and pushing a flow verification request containing the visitor address and the target network access address to a flow control center for flow limiting verification;

a check event monitoring module, configured to query whether a target network access address exists in an access flow limit list, if so, monitor a flow limit check event in the flow control center that acts on the flow check request, and if not, open a right of the client to access the target network access address;

a monitoring duration judging module, configured to, when the monitoring duration of the current-limiting verification event exceeds a preset monitoring duration, open the permission of the client to access the target network access address, and if the monitoring duration of the current-limiting verification event does not exceed the preset monitoring duration, continue to monitor the current-limiting verification event;

and the verification result response module is used for receiving the current-limiting verification result pushed by the flow control center and judging whether to open the authority of accessing the target network access address to the client according to the current-limiting verification result.

In a further embodiment, the verification request pushing module includes:

the flow statistics submodule is used for acquiring the flow verification request pushed by the proxy server, acquiring the visitor address and the target network access address contained in the request, and correspondingly counting the total network access amount per second and the access times per second of the client corresponding to the target network access address according to the flow verification request;

a current-limiting strategy query submodule for querying whether a current-limiting strategy corresponding to the target network access address exists in a current-limiting strategy pool, wherein the current-limiting strategy pool stores target network access addresses corresponding to a plurality of target network access addresses;

the threshold value obtaining submodule is used for obtaining a preset website current limiting threshold value and a client current limiting threshold value contained in a current limiting strategy when the current limiting strategy corresponding to the target network access address exists;

the website threshold judging submodule is used for judging whether the current latest counted website per second access total amount exceeds the website current limiting threshold, and if the current latest counted website per second access total amount exceeds the website current limiting threshold, pushing a current limiting check result representing that current limiting is executed on the target network access address to the proxy server;

and the client threshold judgment submodule is used for judging whether the current latest counted access times per second of the client exceeds the client current limiting threshold, if so, pushing a current limiting check result representing that the client is forbidden to access to the proxy server, and if not, pushing a current limiting check result representing that the client is allowed to access to the proxy server.

In a further embodiment, the verification result response module includes:

the request recording submodule is used for pushing the flow verification request to a flow control center and then storing the flow verification request into a request queue, wherein each flow verification request and the enqueue time of each flow verification request in the request queue are correspondingly stored;

an enqueue time monitoring submodule, configured to monitor an enqueue time of each traffic verification request in the request queue, and when the enqueue time of any traffic verification request exceeds a preset monitoring time, determine a network access address included in the traffic verification request;

and the request forwarding submodule is used for forwarding the access request corresponding to the flow verification request to a back-end server corresponding to the network access address so as to open the authority of the client side to which the access request belongs to access the network access address.

In a further embodiment, the monitoring duration determining module includes:

the flow control identification obtaining sub-module is used for analyzing the flow limiting verification result pushed by the flow control center and obtaining the flow control identification contained in the flow limiting verification result;

the access permission opening sub-module is used for forwarding the access request to a back-end server corresponding to the target network access address when the flow control identifier represents permission to access, so as to open the permission of the client for accessing the target network access address;

and the access permission prohibiting submodule is used for not forwarding the access request to a back-end server corresponding to the target network access address when the flow control identifier represents prohibition of access, and pushing an access error notice to the client.

In a preferred embodiment, the monitoring duration determining module further includes:

a check result obtaining submodule, configured to obtain the flow-limiting check result pushed by the flow control center;

a check result analyzing submodule, configured to analyze the current-limiting check result, and when the current-limiting check result includes a current-limiting identifier acting on the target network access address, not forward the access request to a backend server corresponding to the target network access address, and push an access error notification to the client;

and the access address storage submodule is used for storing the target network access address into the access flow limiting list.

In order to solve the above technical problem, an embodiment of the present invention further provides a computer device, including a memory and a processor, where the memory stores computer-readable instructions, and the computer-readable instructions, when executed by the processor, cause the processor to execute the steps of the above access flow control method.

In order to solve the above technical problem, an embodiment of the present invention further provides a storage medium storing computer-readable instructions, which, when executed by one or more processors, cause the one or more processors to perform the steps of the above access flow control method.

In order to solve the above technical problem, an embodiment of the present invention further provides a computer program product, which includes a computer program and computer instructions, and when the computer program and the computer instructions are executed by a processor, the processor executes the steps of the access flow control method.

Compared with the prior art, the application has the following advantages:

the application provides a flow control center of a distributed cluster for an internet platform, the flow limit check of each proxy server in a proxy server cluster is managed in a distributed and centralized way through the flow control center, the proxy server only needs to push an accessor address of a client side belonging to an access request and a target network access address accessed by the accessor address into the flow control center after receiving the access request each time, the flow control center is responsible for checking the client access times acting on the client side and the total access amount of the target network service address, and the proxy server only needs to obtain the check result pushed by the flow control access and then carries out flow control processing according to the check result, compared with the existing flow control mode of the proxy server, the application does not need to respectively set a relevant flow control mode for each proxy server in the proxy server cluster, thereby saving the time consumed by a developer for respectively configuring a relevant flow control module for each proxy server, and the flow verification processing is handed over to the flow control center to be responsible without independent responsibility of each proxy server, so that the computational resources of the proxy servers are effectively saved, the proxy servers can respond and feed back the pushing requests of platform users more quickly, and the network experience of the platform users is improved.

Secondly, each server cluster in the proxy server cluster in the application keeps synchronization of a verification object through an access flow limiting list recording network access addresses needing flow limiting verification and a flow control center, monitors flow verification requests of the network access addresses in the access flow limiting list, and forwards and feeds back access requests corresponding to the flow verification requests with monitoring duration exceeding preset duration, so that the influence on use experience of platform users due to overlong time of the flow control center responding to the flow verification requests is avoided.

In addition, the verification strategy of the flow control center performs flow limiting processing on the network access address so as to realize multidimensional flow limiting verification on the machine room level aiming at the domain name, and performs multidimensional flow verification from the total access amount of the network access address and the total access amount of the user by counting the total access amount per second and the total access amount of the client of the network access address, thereby effectively preventing online service from being broken down caused by malicious network attack and improving the service quality of the online service in an internet platform.

Drawings

The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:

fig. 1 is a schematic diagram of a typical network deployment architecture related to implementing the technical solution of the present application;

FIG. 2 is a schematic flow chart diagram of an exemplary embodiment of an access flow control method of the present application;

fig. 3 is a schematic flow chart illustrating a flow verification request of a flow control center according to an embodiment of the present application;

FIG. 4 is a flow diagram illustrating an embodiment of a flow control center for synchronously updating a restricted access list of a proxy server cluster according to the present application;

FIG. 5 is a flow diagram illustrating another embodiment of a flow control center for synchronously updating a restricted access list of a proxy server cluster according to the present application;

FIG. 6 is a schematic flow chart illustrating an embodiment of the present application for a proxy server to listen for traffic verification events;

fig. 7 is a schematic flowchart illustrating an embodiment of a method for a proxy server determining whether to open a right to access a target network access address to a client according to a current-limiting check result according to the present application;

fig. 8 is a schematic flowchart illustrating another embodiment of the present application, in which a proxy server determines whether to open the permission to access the target network access address to the client according to a result of current limit check;

FIG. 9 is a functional block diagram of an exemplary embodiment of an access flow control device of the present application;

fig. 10 is a block diagram of a basic structure of a computer device according to an embodiment of the present application.

Detailed Description

Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.

As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.

It will be understood by those within the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.

As will be appreciated by those skilled in the art, "client," "terminal," and "terminal device" as used herein include both devices that are wireless signal receivers, which are devices having only wireless signal receivers without transmit capability, and devices that are receive and transmit hardware, which have receive and transmit hardware capable of two-way communication over a two-way communication link. Such a device may include: cellular or other communication devices such as personal computers, tablets, etc. having a single line display or a multi-line display or cellular or other communication devices without a multi-line display; PCS (Personal Communications Service), which may combine voice, data processing, facsimile and/or data communication capabilities; a PDA (Personal Digital Assistant), which may include a radio frequency receiver, a pager, internet/intranet access, a web browser, a notepad, a calendar and/or a GPS (Global Positioning System) receiver; a conventional laptop and/or palmtop computer or other device having and/or including a radio frequency receiver. As used herein, a "client," "terminal device" can be portable, transportable, installed in a vehicle (aeronautical, maritime, and/or land-based), or situated and/or configured to operate locally and/or in a distributed fashion at any other location(s) on earth and/or in space. The "client", "terminal Device" used herein may also be a communication terminal, a web terminal, a music/video playing terminal, such as a PDA, an MID (Mobile Internet Device) and/or a Mobile phone with music/video playing function, and may also be a smart tv, a set-top box, and the like.

The hardware referred to by the names "server", "client", "work node", etc. is essentially an electronic device with the performance of a personal computer, and is a hardware device having necessary components disclosed by the von neumann principle such as a central processing unit (including an arithmetic unit and a controller), a memory, an input device, an output device, etc., a computer program is stored in the memory, and the central processing unit calls a program stored in an external memory into the internal memory to run, executes instructions in the program, and interacts with the input and output devices, thereby completing a specific function.

It should be noted that the concept of "server" as referred to in this application may also be extended to apply to a cluster of servers. According to the network deployment principle understood by those skilled in the art, the servers should be logically divided, and in physical space, the servers may be independent from each other but called through interfaces, or may be integrated into a physical computer or a set of computer clusters. Those skilled in the art will appreciate this variation and should not be so limited as to restrict the implementation of the network deployment of the present application.

Referring to fig. 1, the hardware basis required for implementing the related art embodiments of the present application may be deployed according to the architecture shown in the figure. The server 80 is deployed at the cloud end, and serves as an online server, which may be responsible for further connecting to related data servers and other servers providing related support, so as to form a logically associated service cluster to provide services for related terminal devices, such as a smart phone 81 and a personal computer 82 shown in the figure, or a third-party server (not shown). Both the smart phone and the personal computer can access the internet through a known network access mode, and establish a data communication link with the cloud server 80 so as to run a terminal application program related to the service provided by the server.

For the server, the application program is usually constructed as a service process, and a corresponding program interface is opened for remote call of the application program running on various terminal devices.

The application program refers to an application program running on a server or a terminal device, the application program implements the related technical scheme of the application in a programming mode, a program code of the application program can be saved in a nonvolatile storage medium which can be identified by a computer in a form of a computer executable instruction, and is called into a memory by a central processing unit to run, and the related device of the application is constructed by running the application program on the computer.

The person skilled in the art will know this: although the various methods of the present application are described based on the same concept so as to be common to each other, they may be independently performed unless otherwise specified. In the same way, for each embodiment disclosed in the present application, it is proposed based on the same inventive concept, and therefore, concepts of the same expression and concepts of which expressions are different but are appropriately changed only for convenience should be equally understood.

Referring to fig. 2, an access flow control method of the present application, in an exemplary embodiment, includes the following steps:

step S11, responding to the access request pushed by the client, determining the visitor address corresponding to the client and the target network access address accessed by the client, so as to push the traffic verification request including the visitor address and the target network access address to the traffic control center for performing the flow limiting verification:

the current proxy server responds to the access request pushed by the client, determines the visitor address corresponding to the client and the target network access address which is required to be accessed by pushing the access request according to the access request, and further generates a flow verification request comprising the visitor address and the target network access address so as to push the flow verification request to a flow control center for flow limiting verification.

The purpose of pushing the access request by the client is to access the network page pointed by the target network access address or perform corresponding operations in the network page corresponding to the target network access address, such as login account, registration account or entering a live broadcast room page and the like, after receiving the access request, the current proxy server generally forwards the access request to a backend server corresponding to a target network access address, so that the client accesses a network page corresponding to the target network access address, but for the purposes of reducing the flow pressure of the back-end server and maintaining the target network access address, the method carries out the flow-limiting check on the client end accessing the network access address and the network access address, after the proxy server acquires the access request pushed by the client end, and pushing the generated flow verification request containing the visitor address and the target network access address to a flow control center for flow limiting verification.

The visitor address generally refers to an internet protocol address, i.e., a generally colloquially called IP address, used to characterize the client of the push access request.

The network access address generally refers to a URL (uniform resource locator), and the client accesses a network page corresponding to the target network access address or executes corresponding online operation by pushing an access request pointing to the target network access address.

The flow control center is used for taking charge of flow limiting processing services such as flow verification and the like for the proxy server cluster, receiving flow verification requests pushed by any proxy server in the proxy server cluster to verify whether network access addresses corresponding to the flow verification requests meet the flow limiting strategy of the flow verification requests or not, further performing flow limiting processing on the network access addresses, preventing a large number of requests from being pushed to rear-end servers associated with the network access addresses, reducing the operation pressure of the rear-end servers, and further ensuring the operation smoothness of the rear-end servers.

After receiving the flow verification request pushed by the current proxy server, the flow control center analyzes the flow verification request to obtain the visitor address and the target network access address contained in the flow verification request, and performs statistical processing on the number of times of access per second of the client corresponding to the target network access address according to the visitor address, namely when receiving the visitor address each time, correspondingly adding the number of times of access per second of the client acting on the visitor address of the target network access address, and correspondingly performing statistics on the number of times of access per second of the network acting on the target network access address according to the target network access address; meanwhile, the flow control center inquires whether a flow limiting strategy corresponding to the target network access address exists in a flow limiting strategy pool, if the flow limiting strategy exists, a client flow limiting threshold value contained in the flow limiting strategy is obtained to judge whether the number of times of each access of the client acting on the visitor address exceeds the client flow limiting threshold value, a website flow limiting threshold value contained in the flow limiting strategy is obtained, and whether the network per second access amount acting on the target network access address exceeds the website flow limiting threshold value is judged; if the current latest counted access times of the client exceeds the client current limit threshold value, pushing a current limit check result representing that the client is forbidden to access to the current proxy server, and if the current latest counted access times of the client do not exceed the client current limit threshold value, pushing a current limit check result representing that the client is allowed to access to the current proxy server; and if the current latest counted website total access per second exceeds the website current limiting threshold, pushing a current limiting verification result representing that current limiting is performed on the target network access address to the current proxy server.

Step S12, querying whether a target network access address exists in an access flow limit list, if so, monitoring a flow limit check event in the flow control center that acts on the flow check request, and if not, opening the right of the client to access the target network access address:

and the current proxy server inquires whether the target network access address exists in an access current-limiting list, monitors the current-limiting check event acted on the flow check request by the flow control center if the target network access address exists in the access current-limiting list, and opens the authority of the client for accessing the target network access address if the target network access address does not exist in the access current-limiting list.

The access flow limiting list is stored with network access addresses to be subjected to flow limiting verification, the network access addresses stored in the access flow limiting list are generally pushed and updated by the current proxy server according to the flow control center, and specifically, after the flow control center acquires a flow limiting policy newly configured for a network access address not having a flow limiting policy, the flow control center broadcasts the network access address to the proxy server cluster or broadcasts an access flow limiting list newly added with the network access address, so that each proxy server in the cluster correspondingly updates the current access flow limiting list.

In addition, another way for updating the access flow limiting list of each proxy server in the proxy server cluster by the flow control center is that when the current total access amount per second of the website corresponding to any newly counted network access address by the flow control center exceeds the website flow limiting threshold value, the flow control center broadcasts the network access address to the proxy server cluster or broadcasts the access flow limiting list newly added with the network access address, so that each proxy server in the cluster correspondingly updates the current access flow limiting list.

The flow limit check event refers to an event acting on the flow check request in the flow control center, and after the current proxy server determines that a target network access address exists in the access flow limit list, the current proxy server monitors the event acting on the flow check request in the flow control center, so that when the flow control center processes the flow check request overtime, the current proxy server can open the authority of the client for accessing the target network access address.

In an embodiment of how to open the right to access the target network access address to the client, the proxy server generally forwards the access request pushed by the client to a backend server associated with the target network access address, so that the backend server responds to the access request, and the client can access a network page corresponding to the target network access address or perform a corresponding online operation.

Step S13, when the monitoring duration of the current limiting verification event exceeds the preset monitoring duration, opening the permission of the client to access the target network access address, and if not, continuing to monitor the current limiting verification event:

the current proxy server continuously monitors the current-limiting verification event acting on the flow verification request, and when the monitoring time for monitoring the current-limiting verification event exceeds the preset monitoring time, the current proxy server opens the authority for accessing the target network access address to the client, so as to prevent the situation that the proxy server cannot receive the current-limiting verification result pushed by the flow control center for a long time due to the fact that the flow control center cannot respond due to network congestion or other reasons, and further prevent the client from accessing the network page corresponding to the target network access address, and influencing the network experience of a user.

Regarding the specific implementation manner of the current proxy server monitoring the current limiting check event, the current proxy server pushes the flow check request to a flow control center and stores the flow check request in a request queue after determining that a target network access address exists in the access current limiting list, storing each flow check request and its enqueue time in the request queue correspondingly to monitor the enqueue time of each flow check request in the request queue, when the enqueue time of any flow check request exceeds the preset monitoring time length, determining the network access address contained in the flow check request, and then the access request corresponding to the flow verification request is forwarded to the back-end server corresponding to the network access address, so as to open the authority of the client terminal belonging to the access request to access the network access address.

Step S14, receiving the current limit check result pushed by the traffic control center, and determining whether to open the right to access the target network access address to the client according to the current limit check result:

and the proxy server receives a current-limiting check result which is pushed by the flow control center and acts on the flow check request so as to analyze the current-limiting check result, and further judges whether to open the authority of accessing the target network access address to the client according to the current-limiting check result.

The flow-limiting check result generally includes a flow-control identifier to control whether the current proxy server forwards the access request pushed by the client to the back-end server, specifically, the current proxy server analyzes the flow-limiting check result pushed by the flow control center to obtain a flow control identifier contained in the flow-limiting check result, when the flow control identification represents that the access is allowed, the current proxy server forwards the access request to a back-end server corresponding to the target network access address so as to open the authority of the client for accessing the target network access address, when the flow control identifier represents that access is prohibited, the current proxy server does not forward the access request to a back-end server corresponding to the target network access address and pushes an access error notification to the client, to inform the user at the client to make the access to the understood network address later.

It can be known from the typical implementation manner of the method that the method provides a flow control center of a distributed cluster for an internet platform, the flow control center distributes and centrally manages the flow limit check of each proxy server in the proxy server cluster, the proxy server only needs to push the visitor address of the client to which the access request belongs and the target network access address to the flow control center after receiving the access request each time, the flow control center is responsible for checking the client access times acting on the client and the total access amount of the target network service address, the proxy server only needs to obtain the check result pushed by the flow control access, and then performs flow control processing according to the check result, compared with the existing proxy server manner, the method does not need to set a relevant flow control manner for each proxy server in the proxy server cluster, the time consumed by a developer for configuring a relevant flow control module for each proxy server is saved, the flow verification processing is handed over to the flow control center without the independent responsibility of each proxy server, the computational resources of the proxy servers are effectively saved, the proxy servers can respond and feed back the request pushed by the platform user more quickly, and the network experience of the platform user is improved.

Secondly, each server cluster in the proxy server cluster in the method keeps synchronization of a verification object through an access flow limiting list recording network access addresses needing flow limiting verification and a flow control center, monitors flow verification requests of the network access addresses in the access flow limiting list, and forwards and feeds back access requests corresponding to the flow verification requests with monitoring duration exceeding preset duration, so that the influence on use experience of platform users due to overlong time of the flow control center responding to the flow verification requests is avoided.

In addition, the flow limiting processing is carried out on the network access address by the verification strategy of the flow control center of the method, so that the multidimensional flow limiting verification is carried out on the machine room level aiming at the domain name, and the multidimensional flow verification is carried out on the total access amount of the network access address and the total access amount of the client by counting the total access amount per second of the network access address and the total access amount of the user, so that the collapse of the online service caused by malicious network attack is effectively prevented, and the service quality of the online service in an internet platform is improved.

The above exemplary embodiments and variations thereof fully disclose the embodiments of the access flow control method of the present application, but many variations thereof can be deduced by transforming and augmenting some technical means, and other embodiments are briefly described as follows:

in an embodiment, referring to fig. 3, the step of pushing the traffic verification request including the visitor address and the destination network access address to the traffic control center for performing the flow limitation verification includes the following steps executed by the traffic control center:

step S111, obtaining the traffic verification request pushed by the proxy server, obtaining the visitor address and the target network access address included in the request, and correspondingly counting the total network access amount per second and the number of times of client access per second corresponding to the target network access address according to the traffic verification request:

the flow control center acquires a flow verification request pushed by the current proxy server, acquires an accessor address and a target network access address contained in the flow verification request to determine the target network access address corresponding to the flow verification request, and further correspondingly counts the total network access amount per second and the access times per second of a client of the target network access address.

The flow control center counts the network access amount per second of the target network access address, and is determined according to the received flow verification request pointing to the target network access address, for example, after the flow control center receives 10 flow verification requests pointing to the target network access address within 1 second of the time end, the total network access amount per second of the target network access address within 1 second is 10.

The number of times of access per second of the client of the target network access address refers to the number of times of access of any client to the target network access address within 1 second, and the flow control center correspondingly counts the number of times of access per second of the client of the visitor address to the target network access address within each second according to the visitor address contained in the received flow verification request pointing to the target network access address.

Step S112, querying whether a current limiting policy pool has a current limiting policy corresponding to the target network access address, where the current limiting policy pool stores target network access addresses corresponding to a plurality of target network access addresses:

when counting the total network access amount per second and the access times per second of a client of a target network access address, the flow control center simultaneously inquires whether a flow limiting strategy corresponding to the target network access address exists from the flow limiting strategy pool, if so, the flow limiting strategy is obtained to carry out flow limiting verification processing on the target network access address, and if not, a flow limiting verification result representing that the client is allowed to access is pushed to the proxy server.

Step S113, when the current-limiting strategy corresponding to the target network access address exists, acquiring a preset website current-limiting threshold value and a client current-limiting threshold value contained in the current-limiting strategy:

and after the flow control center inquires out the flow limiting strategy corresponding to the target network access address from the flow limiting strategy pool, acquiring a preset network flow limiting threshold and a client flow limiting threshold which are contained in the flow limiting strategy, wherein the network flow limiting threshold is verified correspondingly to the total network access per second, and the client flow limiting threshold is verified correspondingly to the access times per second of the client.

Step S114, judging whether the current latest counted website total access amount per second exceeds the website current limiting threshold, if so, pushing a current limiting check result representing that current limiting is executed on the target network access address to a proxy server:

when the current latest counted network access total per second for the target network access address by the flow control center exceeds the network current limiting threshold value, a current limiting check result representing that the target network access address points to current limiting is pushed to the proxy server so as to control the proxy server not to push the access request pushed by the client to the target network access address, and further forbid the client from accessing the target network access address.

And if the current latest counted total website per second access amount does not exceed the website current limiting threshold, continuing to count the total network per second access amount of the target network access address and the number of times of client per second access aiming at the client.

Step S115, judging whether the current latest counted access times per second of the client exceeds the client current limiting threshold, if so, pushing a current limiting check result representing that the client is forbidden to access to the proxy server, and if not, pushing a current limiting check result representing that the client is allowed to access to the proxy server:

when the current latest counted access times per second of the client acting on the client for the target network access address by the flow control center exceeds the client flow limiting threshold value, pushing a flow limiting check result for forbidding the client to access the target network access address to the proxy server, and if the current latest counted access times per second of the client acting on the target network access address by the flow control center does not exceed the client flow limiting check result, pushing a flow limiting check result representing permission of the client to access to the proxy server, so as to control the proxy server to forward an access request pushed by the client to a back-end server associated with the target network access address.

In this embodiment, the flow control center controls the access flow of the network access address from the access amount of the network access address and the access times of a certain client by counting the total network access amount per second and the access times per second of the client of the network access address, so as to prevent a back-end server associated with the network access address from causing service breakdown or downtime due to huge flow.

In one embodiment, referring to fig. 4, the method includes the following parallel steps performed by the flow control center:

step S15, receiving a current limiting policy update instruction pushed by the management end, and acquiring a network access address and a latest current limiting policy corresponding to the network access address included in the current limiting policy update instruction:

the current-limiting strategy updating instruction is triggered and pushed by a strategy editing event acted on a certain network access address by a management end, wherein the strategy editing event refers to that a developer on the management end edits a corresponding website current-limiting threshold and a client current-limiting threshold for the certain network access address so as to specify a current-limiting strategy of the network access address.

And after the flow control center acquires the current limiting strategy updating instruction, acquiring a network access address contained in the instruction and a latest current limiting strategy corresponding to the network access address so as to continuously store and process the latest current limiting strategy.

Step S16, determining whether a current limiting policy corresponding to the network access address exists in a current limiting policy pool, and if so, updating the current limiting policy of the network access address in the current limiting policy pool according to the latest current limiting policy:

when the current limiting policy of the network access address pointed by the current limiting processing updating instruction exists in the current limiting policy pool, the flow control center updates the current limiting policy of the network access address in the current limiting policy pool correspondingly according to the latest current limiting policy contained in the current limiting policy updating instruction, for example, the current limiting policy is continuously updated correspondingly or the website current limiting threshold and the customer current limiting threshold contained in the current limiting policy are updated correspondingly.

Step S17, when there is no current limiting policy corresponding to the network access address in the current limiting policy pool, storing the latest current limiting policy in the current limiting policy pool, and broadcasting the generated access current limiting list including the network access address to the proxy server cluster for updating:

when the current limiting strategy of the network access address pointed by the current limiting processing updating instruction does not exist in the current limiting strategy pool, the flow control center correspondingly stores the network access address and the latest current limiting strategy into the current limiting strategy pool, generates the latest access current limiting list containing the network access address, and broadcasts the latest access current limiting list to the proxy server cluster so that the proxy server in the cluster can receive the access current limiting list to perform synchronous updating.

In this embodiment, when adding a new current-limiting policy to the current-limiting policy pool, the flow control center synchronously updates the access current-limiting list of each proxy server in the proxy server cluster, so as to ensure synchronization of network access addresses that need current-limiting processing, and prevent the proxy servers from releasing access requests of the network access addresses that need current-limiting.

In one embodiment, referring to fig. 5, the method includes the following parallel steps performed by the flow control center:

step S15', receiving traffic verification requests pushed by one or more proxy servers in the proxy server cluster, and obtaining network access addresses included in the traffic verification requests:

the flow control center generally receives flow verification requests pushed by the proxy servers in the proxy server cluster continuously, and obtains network access addresses included in the flow verification requests, so as to perform flow verification on the network access addresses.

Step S16', determining whether each network access address has a corresponding flow limiting policy in a flow limiting policy pool, and counting the total network access amount per second of the network access addresses having the flow limiting policy, where the total network access amount per second is counted according to the number of flow verification requests to which the network access addresses belong:

after obtaining the network access address included in the flow verification request, the flow control center queries whether a current limiting policy corresponding to the network access address exists in the current limiting processing pool, and if so, counts the total network access amount per second of the network access address.

Step S17', when the total network access amount per second of any network access address exceeds the current limiting threshold included in the current limiting policy, the generated access current limiting list including the network access address is broadcasted to the proxy server cluster for updating:

when the flow control center judges that the latest counted network access total amount per second of any network access address exceeds the network current limit threshold, a current limit check result representing the current limit pointed by the target network access address is pushed to a proxy server pushing a flow check request corresponding to the network access address, and an access current limit list containing the network access address is generated and broadcasted to a proxy server cluster for updating.

In this embodiment, the flow control center processes and limits the access flow of the network access addresses exceeding the flow limit threshold, and broadcasts an access flow limit list including the network access addresses to the proxy server cluster to control the flow verification process of each proxy server.

In an embodiment, referring to fig. 6, when the monitoring duration of the current limiting verification event exceeds a preset monitoring duration, the step of opening the right of the client to access the target network access address, and if the monitoring duration of the current limiting verification event does not exceed the preset monitoring duration, the step of continuing to monitor the current limiting verification event includes the following steps executed by the proxy server:

step S131, after the flow verification request is pushed to the flow control center, storing the flow verification request in a request queue, where each flow verification request and its enqueue time in the request queue are stored correspondingly:

after the proxy server pushes the flow verification request to the flow control center, the flow verification request is stored into the request queue, a plurality of flow verification requests and enqueue time of the flow verification requests are correspondingly stored in the request queue, the flow verification requests do not exceed the preset monitoring time length and are not responded by the flow control center to push the corresponding flow-limiting verification result, and namely the flow verification requests which exceed the preset monitoring time length and have the corresponding flow-limiting verification result in the request queue are removed.

Step S132, monitoring the enqueue time of each traffic verification request in the request queue, and when the enqueue time of any traffic verification request exceeds a preset monitoring duration, determining a network access address included in the traffic verification request:

the proxy server monitors the enqueue time of each flow verification request stored in the request queue, and respectively judges whether the enqueue time exceeds a preset monitoring time length, when the enqueue time of any flow verification request exceeds the preset monitoring time length, the queue server determines the network access addresses corresponding to the flow verification requests, so that the access requests corresponding to the flow verification requests can be subsequently pushed to the back-end server corresponding to the corresponding network access addresses.

Step S133, forwarding the access request corresponding to the traffic verification request to the backend server corresponding to the network access address, so as to open the right of the client to which the access request belongs to access the network access address:

after the proxy server determines the traffic verification request with the enqueuing time exceeding the preset monitoring duration, the proxy server determines an access request corresponding to the traffic verification request, so that the access request is pushed to a back-end server associated with a network access address corresponding to the real-time traffic verification request, and a client side to which the access request belongs is opened to access the network access address.

In this embodiment, the proxy server monitors the enqueue time of each flow verification request to determine whether the flow control center responds to the flow verification request for too long time, and then opens the network access address to which the client to which the request with too long response time belongs accesses, so as to prevent the too long response time from affecting the network experience of the user.

In an embodiment, referring to fig. 7, the step of determining whether to open the right to access the target network access address to the client according to the current-limiting check result includes the following steps executed by the proxy server:

step S141, analyzing the flow limit verification result pushed by the flow control center, and acquiring a flow control identifier included in the flow limit verification result:

the proxy server analyzes the flow limiting check result pushed by the flow control center responding to the flow check request, and obtains a flow control identifier contained in the flow limiting check result, wherein the flow control identifier is used for controlling whether the proxy server forwards the access request corresponding to the flow check request.

Step S142, when the flow control identifier represents that access is allowed, forwarding the access request to a back-end server corresponding to the target network access address to open the right of the client to access the target network access address:

and when the flow control identifier represents that the access is allowed, the proxy server forwards and pushes the access request corresponding to the flow verification request to a back-end server corresponding to the target network access address, so that the client accesses the target network access address through the back-end server and performs corresponding network online operation.

Step S143, when the flow control identifier represents that access is prohibited, the access request is not forwarded to the back-end server corresponding to the target network access address, and an access error notification is pushed to the client:

when the flow control identifier represents that access is prohibited, the proxy server does not forward the access request corresponding to the flow verification request to a backend server associated with the target network access address, and pushes an access error notification to a client to which the access request belongs, wherein the access error notification is used for notifying the client that the access to the target network access address fails, and the access failure reason can be included because the target network access address is in a current limiting state.

In this embodiment, the proxy server determines whether to forward the access request to the backend server to open the client access network access address according to the check result of the flow control access.

In an embodiment, referring to fig. 8, after the step of pushing the traffic verification request including the visitor address and the destination network access address to the traffic control center for performing the flow limitation verification, the method includes the following steps performed by the proxy server:

step S141', obtaining the current limit verification result pushed by the flow control center:

and the proxy server acquires a current limiting check result acted on the target network service address by the flow control center.

Step S142', parsing the current limit check result, and when the current limit check result includes a current limit identifier acting on the target network access address, not forwarding the access request to a back-end server corresponding to the target network access address, and pushing an access error notification to the client:

the proxy server analyzes the current limiting check result, when determining that the current limiting identification which acts on the target network service address and is contained in the current limiting check result, the current latest statistics of the website per second access total amount of the target network service address by the flow control center exceeds the website current limiting threshold, the proxy server does not forward the access request corresponding to the flow check request to the back-end server associated with the target network access address, and pushes an access error notice to the client side to which the access request belongs, wherein the access error notice is used for notifying the client side that the access to the target network access address fails, and the access failure reason can be that the target network access address is in a current limiting state.

Step S143', store the target network access address in the access restriction list:

and storing the target network access address corresponding to the current-limiting identifier into the access current-limiting list so as to perform response duration monitoring processing on a flow verification event of a flow verification request after the flow verification request acting on the target network access address is pushed to a flow control center in the following.

In this embodiment, if the access flow limit list of the proxy server is not synchronized with the network access address that needs to be subjected to flow limit verification in the flow control center, in order to immediately stop the proxy server from continuously forwarding the access request that needs to be subjected to flow limit verification to the backend server, thereby causing flow congestion, when the proxy server receives the network access address that needs to be subjected to flow limit in the flow control center and does not exist in the access flow limit list, the proxy server stores the network access address into the access flow limit list, so as to prevent the access request of the network access address from being forwarded to the backend server without being subjected to flow limit verification.

Further, an access flow control apparatus of the present application may be constructed by functionalizing the steps of the method disclosed in the above embodiments, and according to this concept, refer to fig. 9, wherein in an exemplary embodiment, the apparatus includes: the verification request pushing module 11 is configured to respond to an access request pushed by a client, determine an address of an accessor corresponding to the client and a target network access address accessed by the accessor, and push a flow verification request including the address of the accessor and the target network access address to a flow control center for performing flow limiting verification; a check event monitoring module 12, configured to query whether a target network access address exists in an access flow limit list, if so, monitor a flow limit check event in the flow control center that acts on the flow check request, and if not, open a right of the client to access the target network access address; a monitoring duration determining module 13, configured to, when the monitoring duration of the current-limiting verification event exceeds a preset monitoring duration, open the permission of the client to access the target network access address, and if the monitoring duration of the current-limiting verification event does not exceed the preset monitoring duration, continue to monitor the current-limiting verification event; and the verification result response module 14 is configured to receive the current-limiting verification result pushed by the traffic control center, and determine whether to open the permission to access the target network access address to the client according to the current-limiting verification result.

In one embodiment, the verification request pushing module 11 includes: the flow statistics submodule is used for acquiring the flow verification request pushed by the proxy server, acquiring the visitor address and the target network access address contained in the request, and correspondingly counting the total network access amount per second and the access times per second of the client corresponding to the target network access address according to the flow verification request; a current-limiting strategy query submodule, configured to query whether a current-limiting strategy corresponding to the target network access address exists in a current-limiting strategy pool, where target network access addresses corresponding to multiple target network access addresses are stored in the current-limiting strategy pool; the threshold value obtaining submodule is used for obtaining a preset website current limiting threshold value and a client current limiting threshold value contained in a current limiting strategy when the current limiting strategy corresponding to the target network access address exists; the website threshold judging submodule is used for judging whether the current latest counted website per second access total amount exceeds the website current limiting threshold, and if the current latest counted website per second access total amount exceeds the website current limiting threshold, pushing a current limiting check result representing that current limiting is executed on the target network access address to the proxy server; and the client threshold judgment submodule is used for judging whether the current latest counted access times per second of the client exceeds the client current limiting threshold, if so, pushing a current limiting check result representing that the client is forbidden to access to the proxy server, and if not, pushing a current limiting check result representing that the client is allowed to access to the proxy server.

In one embodiment, the verification result response module 13 includes: the request recording submodule is used for pushing the flow verification request to a flow control center and then storing the flow verification request into a request queue, wherein each flow verification request and the enqueue time of each flow verification request in the request queue are correspondingly stored; an enqueue time monitoring submodule, configured to monitor an enqueue time of each traffic verification request in the request queue, and when the enqueue time of any traffic verification request exceeds a preset monitoring time, determine a network access address included in the traffic verification request; and the request forwarding submodule is used for forwarding the access request corresponding to the flow verification request to a back-end server corresponding to the network access address so as to open the authority of the client side to which the access request belongs to access the network access address.

In one embodiment, the listening duration determining module 14 includes: the flow control identification obtaining sub-module is used for analyzing the flow limiting verification result pushed by the flow control center and obtaining the flow control identification contained in the flow limiting verification result; the access permission opening sub-module is used for forwarding the access request to a back-end server corresponding to the target network access address when the flow control identifier represents permission to access, so as to open the permission of the client for accessing the target network access address; and the access permission prohibiting submodule is used for not forwarding the access request to a back-end server corresponding to the target network access address when the flow control identifier represents prohibition of access, and pushing an access error notice to the client.

In another embodiment, the listening duration determining module 14 further includes: a check result obtaining submodule, configured to obtain the flow-limiting check result pushed by the flow control center; a check result analyzing submodule, configured to analyze the current-limiting check result, and when the current-limiting check result includes a current-limiting identifier acting on the target network access address, not forward the access request to a backend server corresponding to the target network access address, and push an access error notification to the client; and the access address storage submodule is used for storing the target network access address into the access flow limiting list.

In order to solve the foregoing technical problem, an embodiment of the present application further provides a computer device, configured to run a computer program implemented according to the access flow control method. Referring to fig. 10, fig. 10 is a block diagram of a basic structure of a computer device according to the present embodiment.

As shown in fig. 10, the internal structure of the computer device is schematic. The computer device includes a processor, a non-volatile storage medium, a memory, and a network interface connected by a system bus. The non-volatile storage medium of the computer device stores an operating system, a database and computer readable instructions, the database can store control information sequences, and the computer readable instructions can enable the processor to realize an access flow control method when being executed by the processor. The processor of the computer device is used for providing calculation and control capability and supporting the operation of the whole computer device. The memory of the computer device may have stored therein computer readable instructions that, when executed by the processor, cause the processor to perform a method of access flow control. The network interface of the computer device is used for connecting and communicating with the terminal. Those skilled in the art will appreciate that the architecture shown in fig. 10 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

In this embodiment, the processor is configured to execute specific functions of each module/sub-module in the access flow control device of the present application, and the memory stores program codes and various data required for executing the modules. The network interface is used for data transmission to and from a user terminal or a server. The memory in this embodiment stores program codes and data necessary for executing all modules/sub-modules in the access flow control device, and the server can call the program codes and data of the server to execute the functions of all sub-modules.

The present application also provides a non-volatile storage medium, wherein the access flow control method is written as a computer program and stored in the storage medium in the form of computer readable instructions, which when executed by one or more processors, means the execution of the program in a computer, thereby causing the one or more processors to perform the steps of any of the above described access flow control methods.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).

In summary, the flow control service is provided for the proxy server cluster in a distributed cluster manner, so that the operation pressure of the server is saved, and the pressure of the back-end server is reduced to keep alive.

It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.

Those of skill in the art will appreciate that the various operations, methods, steps in the processes, acts, or solutions discussed in this application can be interchanged, modified, combined, or eliminated. Further, other steps, measures, or schemes in various operations, methods, or flows that have been discussed in this application can be alternated, altered, rearranged, broken down, combined, or deleted. Further, steps, measures, schemes in the prior art having various operations, methods, procedures disclosed in the present application may also be alternated, modified, rearranged, decomposed, combined, or deleted.

The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, several modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims

1. An access flow control method, comprising the steps of:

2. The method of claim 1, wherein the step of pushing the traffic verification request including the visitor address and the destination network access address to the traffic control center for performing the flow limitation verification comprises the following steps performed by the traffic control center:

judging whether the current latest counted website per second access total amount exceeds the website current limit threshold, if so, pushing a current limit check result representing that current limit is executed on the target network access address to a proxy server;

3. Method according to claim 1, characterized in that it comprises the following parallel steps performed by the flow control center:

4. Method according to claim 1, characterized in that it comprises the following parallel steps performed by the flow control center:

and when the total network access amount per second of any network access address exceeds a current limiting threshold value contained in a current limiting policy of the network access address, broadcasting an access current limiting list containing the network access address to the proxy server cluster for updating.

5. The method according to claim 1, wherein the step of opening the right of the client to access the target network access address when the listening duration of the current limit check event exceeds a preset listening duration, and if not, continuing to listen to the current limit check event includes the following steps executed by the proxy server:

after the flow verification request is pushed to a flow control center, storing the flow verification request into a request queue, wherein each flow verification request and the enqueue time thereof in the request queue are correspondingly stored;

6. The method according to claim 1, wherein the step of determining whether to open the right to access the target network access address to the client according to the current restriction check result comprises the following steps performed by the proxy server:

7. The method of claim 1, wherein the step of pushing the traffic verification request containing the visitor address and the destination network access address to a traffic control center for performing the flow limitation verification comprises the following steps performed by the proxy server:

acquiring the current-limiting check result pushed by the flow control center;

8. An access flow control apparatus, comprising:

and the verification result response module is used for receiving the current-limiting verification result pushed by the flow control center and judging whether the authority for accessing the target network access address is opened to the client side or not according to the current-limiting verification result.

9. An electronic device comprising a central processor and a memory, characterized in that the central processor is configured to invoke execution of a computer program stored in the memory to perform the steps of the method according to any one of claims 1 to 7.

10. A non-volatile storage medium, characterized in that it stores, in the form of computer-readable instructions, a computer program implemented according to the method of any one of claims 1 to 7, which, when invoked by a computer, performs the steps comprised by the method.