CN115134103A

CN115134103A - Request processing method, device, equipment and storage medium

Info

Publication number: CN115134103A
Application number: CN202110315860.4A
Authority: CN
Inventors: 黄珊珊; 帅涛; 郑振锋
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2021-03-24
Filing date: 2021-03-24
Publication date: 2022-09-30

Abstract

The application discloses a request processing method, a request processing device, request processing equipment and a storage medium, and belongs to the technical field of networks. According to the method, the HTTP requests are counted based on the source IP addresses, once the number of the HTTP requests sent by the same source IP address in a counting period exceeds a threshold value of a certain request processing rule, the gateway equipment writes the corresponding request processing rule instructions into the source IP address, and due to the fact that counting is carried out in real time, abnormal traffic sent by the source IP addresses can be known in time without lag analysis, so that the source IP addresses are limited in different degrees based on different number limits, abnormal traffic can be identified and limited more accurately, the purpose of dynamically and rapidly protecting the gateway is achieved, and a good foundation is laid for information routing between different network equipment.

Description

Request processing method, device, equipment and storage medium

Technical Field

The present application relates to the field of network technologies, and in particular, to a request processing method, apparatus, device, and storage medium.

Background

With the development of computer technology, the variety of various business systems is increasing, and different business services can be provided. Under normal conditions, a sender sends a hypertext transfer protocol (HTTP) request to a service system according to a requirement, and a gateway of the service system can process the request normally. When a sender is controlled by a hacker or a system program is abnormal, the sender can send a large number of HTTP requests to a service system, so that a service system gateway needs to consume a large number of resources to process the HTTP requests, cannot process normal requests, and cannot provide normal service. In the related art, an iptables tool is generally adopted, and based on an Internet Protocol (IP) address, a port number and a network communication protocol of an HTTP request, the HTTP request is subjected to processing such as rejection or speed limitation in a network layer, so as to achieve the purpose of protecting a gateway.

In the above technology, the iptables has the following problems in processing the HTTP request: iptables has hysteresis, and the processing mode is generally that after a gateway has failed, manual analysis is performed on the basis of an HTTP request received before the failure, so as to determine the HTTP request causing the gateway failure, and thereby determine an abnormal IP address, and furthermore, in subsequent network communication, the HTTP request from the address can be rejected on the basis of the abnormal IP address, and abnormal traffic cannot be identified and limited in time.

Disclosure of Invention

The embodiment of the application provides a request processing method, a request processing device, equipment and a storage medium, and the method can identify and limit abnormal flow in time and achieve the aim of dynamically and quickly protecting gateway equipment. The technical scheme is as follows:

in one aspect, a method for processing a request is provided, and the method includes:

receiving a first HTTP request;

responding to the first HTTP request missing at least two request processing rules, executing forwarding of the first HTTP request, and counting based on the source IP address of the first HTTP request;

responding to the HTTP request number of the source IP address to reach the threshold value of any request processing rule, and writing an instruction corresponding to the request processing rule;

receiving a second HTTP request from the source IP address, and executing restriction processing corresponding to the request processing rule in response to determining that the second HTTP request hits the request processing rule based on the written instruction;

wherein the at least two request processing rules are used for instructing different limiting processes to be performed based on different sending time thresholds of the HTTP requests in one counting period.

In one aspect, a request processing apparatus is provided, the apparatus including:

a receiving module, configured to receive a first HTTP request;

a forwarding module, configured to, in response to that the first HTTP request misses at least two request processing rules, perform forwarding on the first HTTP request;

a counting module for counting based on the source IP address of the first HTTP request;

the writing module is used for writing an instruction corresponding to the request processing rule when the HTTP request number of the source IP address reaches the threshold value of any request processing rule;

the receiving module is used for receiving a second HTTP request from the source IP address;

a restriction module, configured to, in response to determining that the second HTTP request hits in the request processing rule based on the written instruction, execute restriction processing corresponding to the request processing rule;

wherein the at least two request processing rules are used for indicating different limiting processes based on different sending time thresholds of the HTTP request in one counting period.

In some embodiments, the apparatus further comprises:

and the judging module is used for judging whether the first HTTP request hits the at least two request processing rules according to a target sequence, and the target sequence is used for indicating that the strictness degree corresponding to the request processing rules is from large to small.

In some embodiments, the restriction module further comprises:

the first counting module is used for counting the data packets of the source IP address;

and the rejecting module is used for discarding the data packets received in the remaining duration of the first duration in response to the number of the data packets sent by the source IP address in the first duration exceeding the first number.

In some embodiments, the restriction module further comprises:

a second counting module for counting the number of connections held with the source IP address;

and the interruption module is used for responding to the fact that the number of the connections exceeds the second number, and disconnecting the connections exceeding the second number.

In some embodiments, the restriction module further comprises:

the third counting module is used for counting the number of newly established connections with the source IP address within the first time length;

the rejecting module is used for rejecting to establish new connection with the source IP address in response to the number of the newly-established connections exceeding the third number.

In some embodiments, the at least two request processing rules include: the system comprises at least one level of speed limit rule and a rejection rule, wherein the speed limit rule is used for limiting the speed of the HTTP request sent by the source IP address, and the rejection rule is used for rejecting the HTTP request sent by the source IP address.

In some embodiments, the at least one level of speed limiting rules is configured to limit at least one of a number of connections the source IP address can maintain with the gateway device, a number of connections the gateway device can establish per second, and a number of packets transmitted per second.

In some embodiments, the apparatus further comprises:

the starting module is used for starting the timer;

and the deleting module is used for responding to the condition that the HTTP request from the source IP address is not received again in the second time length, and deleting the instruction of the corresponding request processing rule.

In some embodiments, the apparatus further comprises:

the detection module is used for responding to any HTTP request, and detecting whether the HTTP request from the source IP address of the HTTP request is received for the first time or not according to the source IP address of the HTTP request;

the starting module is used for responding to the HTTP request from the source IP address of the HTTP request for the first time, starting a counter and starting a timer to record the counting duration of the counter.

In one aspect, a computer-readable storage medium is provided, in which at least one computer program is stored, the at least one computer program being loaded and executed by a processor to perform operations performed by the request processing method.

In one aspect, a computer program product is provided that includes at least one computer program stored in a computer readable storage medium. The processor of the computer device reads the at least one computer program from the computer-readable storage medium, and the processor executes the at least one computer program to cause the computer device to implement the operations performed by the request processing method.

According to the technical scheme, the HTTP requests are counted based on the source IP addresses, once the number of the HTTP requests sent by the same source IP address in the counting period exceeds a threshold value of a certain request processing rule, the gateway equipment writes the corresponding request processing rule instruction into the source IP address, and due to the fact that counting is conducted in real time, the source IP can be known in time to send abnormal flow without hysteresis analysis, and therefore the source IP address is limited in different degrees based on different number limits, abnormal flow can be identified and limited more accurately, and the purpose of dynamically and rapidly protecting the gateway is achieved.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.

Fig. 1 is a schematic diagram of an implementation environment of a request processing method according to an embodiment of the present application;

fig. 2 is a schematic diagram of a basic principle of a request processing method according to an embodiment of the present application;

fig. 3 is a flowchart of a request processing method provided in an embodiment of the present application;

fig. 4 is a flowchart of a request processing method provided in an embodiment of the present application;

fig. 5 is a flowchart of a request processing method provided in an embodiment of the present application;

fig. 6 is a flowchart of a request processing method provided in an embodiment of the present application;

fig. 7 is a flowchart of a request processing method provided in an embodiment of the present application;

fig. 8 is a flowchart of a request processing method provided in an embodiment of the present application;

fig. 9 is a schematic structural diagram of a request processing apparatus according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present application.

Detailed Description

To make the objects, technical solutions and advantages of the present application clearer, the following detailed description of the embodiments of the present application will be made with reference to the accompanying drawings. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The terms "first," "second," and the like in this application are used for distinguishing between similar items and items that have substantially the same function or similar functionality, and it should be understood that "first," "second," and "nth" do not have any logical or temporal dependency or limitation on the number or order of execution.

Fig. 1 is a schematic diagram of an implementation environment of a request processing method provided in an embodiment of the present application, and referring to fig. 1, the implementation environment includes a network device 110 and a service system 120, where the network device 110 is connected to the service system 120 through a wireless network or a wired network.

The network device 110 is a terminal or a server. The terminal can be a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart sound box, a smart watch, and the like, which is not set in the embodiment of the present application. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like. Optionally, the number of the servers may be more or less, and this embodiment does not limit this. Of course, the server may also include other functional servers in order to provide more comprehensive and diversified services.

The service system 120 includes a gateway device and a service server, the gateway device may be a host, a server, a router, etc., and the service server may be any one of the above servers, but is not limited thereto. It should be noted that the gateway device and the server may be on the same hardware device or different hardware devices, which is not limited in this embodiment.

In the related art, the network device 110 may also be referred to as an origin system with respect to a traffic system, and is capable of sending HTTP requests to the traffic system. With respect to the network device, the business system 120, which may also be referred to as a target system, is capable of receiving HTTP requests from the network device and providing corresponding services.

Based on the foregoing implementation environment, fig. 2 is a schematic diagram of a basic principle of a request processing method provided in an embodiment of the present application. The method may be applied to a gateway device. Referring to fig. 2, a network device sends an HTTP request to a service system, and a gateway device in the service system receives the HTTP request and determines whether the HTTP request hits a request processing rule. The request processing rule may also be referred to as a service fusing rule, and the request processing rule is used for indicating how to perform different restriction processing on the HTTP request based on different sending number thresholds of the HTTP request in one counting period. And responding to the HTTP request hit any one of the restriction rules in the request processing rules, and performing corresponding restriction processing on the HTTP request by the gateway equipment. And responding to the HTTP request not hitting the request processing rule, the gateway equipment forwards the HTTP request to the service server normally. Wherein, the limiting process includes but is not limited to: limit speed and deny the request. The manner of limiting the speed includes, but is not limited to, the following dimensions: limiting the number of connections that the network device and the gateway device can maintain; limiting the number of connections which can be newly established between the network equipment and the gateway equipment per second; limiting the number of packets transmitted by the network device per second, etc.

In one possible implementation, the setting of the request processing rule is divided into the following three strategies:

(1) a hierarchical tightening strategy: the method comprises the following steps of limiting the speed of sending the HTTP request from the source system from a single dimension step by setting a plurality of request processing rules, such as: and setting a plurality of threshold values, wherein the limit of the request processing rule corresponding to the threshold value on the HTTP request sent by the network equipment is stricter as the value of the threshold value is increased.

An example of a hierarchical tightening policy is described below, where the hierarchical tightening policy combines two-level speed limit rules and rejection rules, and specifically the following is:

the counting period is 10 seconds, and the request processing rule comprises the following steps:

the first speed limit rule is as follows: in response to the number of HTTP requests sent by the network device reaching 100 in one counting period, the gateway device limits the number of data packets that can be sent by the network device per second to 3000.

The second speed limit rule is as follows: in response to the number of HTTP requests sent by the network device reaching 500 within a counting period, the gateway device limits the number of data packets that can be sent by the network device per second to 2000.

A rejection rule: in response to the number of HTTP requests sent by the network device reaching 1000 within a counting period, the gateway device rejects the HTTP requests sent by the network device.

The rules may be implemented by triggers, instructions, and timers. The trigger includes a counter and a threshold, where the trigger threshold refers to a limit value for the number of HTTP requests in the rule, for example, the trigger threshold of the first speed limit rule is 100. The counter can count the number of the HTTP requests sent by the same IP address in each counting period, and if the number of the HTTP requests sent by the IP address reaches the trigger threshold value of the certain rule, the gateway device executes the instruction corresponding to the trigger on the IP address. Wherein, the instruction is a specific command content requesting the processing rule. For example, the instruction of the first speed limit rule is that the gateway device limits the number of data packets that can be sent by the network device per second to 3000. The counting period refers to a period of time for which the counter counts the number of HTTP requests issued by the IP address, and the counted duration of the counter may be recorded by a timer. And resetting the timer when the counter is cleared every time the timer reaches the counting period.

It should be noted that, the setting of the request processing rule is an exemplary illustration of the hierarchical tightening policy. In some embodiments, an administrator may implement a hierarchical tightening policy by setting more or fewer request processing rules. For example, the hierarchical tightening policy may be implemented only by the speed limit rules of multiple levels, or the hierarchical tightening policy may be implemented by one speed limit rule and one rejection rule, and of course, the hierarchical tightening policy may also be implemented by the speed limit rules of multiple levels and one rejection rule, which is not limited in this embodiment. The values of the trigger threshold, the counting period, and the content of the instruction in the request processing rule may be set according to different application scenarios, which is not limited in this embodiment.

(2) A parallel operation strategy; by setting multiple request processing rules, the speed of sending HTTP requests from the source system is limited from multiple dimensions, for example: and setting a plurality of thresholds, wherein the HTTP requests sent by the network equipment are limited by the request processing rules corresponding to different thresholds from different dimensions.

An example of a parallel operation policy is described below, where the parallel operation policy is implemented by three speed-limiting rules, and the following is specifically described below:

the third speed limit rule is as follows: in response to that the number of HTTP requests sent by the network device reaches 100 in a counting period, and after 3000 data packets sent by the network device reach 3000, the gateway device limits the number of data packets that can be sent by the network device per second to be within 20.

The fourth speed limit rule is as follows: in response to the number of HTTP requests sent by the network device reaching 500 within a counting period, the number of newly-creatable connections per second between the network device and the gateway device is limited to 1.

The fifth speed limit rule is as follows: and in response to the number of the HTTP requests sent by the network device reaching 1000 in one counting period, limiting the sustainable connection number of the network device and the gateway device within 5.

The rules may be implemented by a trigger, an instruction, and a timer, and the specific implementation manner is the same as the hybrid policy, which is not described herein again.

(3) And (3) mixing strategy: by setting a plurality of request processing rules, the speed of sending the HTTP request from the source system is limited step by step from a plurality of dimensions. For example, a plurality of thresholds are set, the service request rule corresponding to each threshold limits the HTTP request sent by the network device from a plurality of dimensions, and as the value of the threshold increases, the limit of each dimension on the HTTP request sent by the network device is more strict in the request processing rule corresponding to the threshold.

An example of a hybrid strategy that combines two levels of speed limit rules and rejection rules is described below, specifically as follows:

first mix speed limit rule: in response to that the number of HTTP requests sent by the network device reaches 100 in one counting period, limiting the number of connections that the network device and the gateway device can maintain to within 5, and after the number of packets sent by the network device reaches 3000, the gateway device limits the number of packets that the network device can send per second to within 20.

The second hybrid speed limit rule: in response to that the number of HTTP requests sent by the network device reaches 500 in one counting period, limiting the number of connections that the network device and the gateway device can maintain to 1, and after the number of packets sent by the network device reaches 2000, the gateway device limits the number of packets that the network device can send per second to within 10.

A mixed rejection rule: in response to the number of HTTP requests sent by the network device reaching 1000 within one counting period, the gateway device rejects the HTTP requests sent by the network device.

In some embodiments, each policy is provided with a corresponding jason file for defining each rule in the policy, so that the gateway device can correctly execute the request processing rule. The following describes a setting manner of a jar file by taking a possible implementation manner of a hybrid policy as an example, specifically as follows:

the description of each attribute contained in the above jason file is shown in table 1. Referring to table 1, a first column in the table 1 represents attributes included in a jason file, a second column represents a meaning of each attribute and a note when setting the attribute, and a third column represents an example of each attribute.

In some embodiments, the service system administrator may also configure the white list to specify that some IP addresses are not restricted by the request processing rule, so as to avoid discarding request packets sent by some specific systems.

It should be noted that the gateway device determines all request processing rules one by one, and once an HTTP request hits a certain request processing rule, the gateway device immediately executes the instruction of the request processing rule, and does not continue to determine. In some embodiments, the gateway device determines whether the HTTP request hits in the request processing rule according to a target sequence, where the target sequence is used to indicate that the strictness degree corresponding to the request processing rule is from large to small. For example, the rejection rule is larger than the speed limit rule.

TABLE 1

In some embodiments, a business system administrator configures global rules to implement restrictions on HTTP requests, the global rules being: the gateway device rejects HTTP requests in response to the gateway device data throughput reaching the gateway device threshold, including but not limited to the number of HTTP requests received by the gateway device, the number of connections maintained with the network device, and the number of data packets passing per second. The value of the threshold of the gateway device is determined by the performance of the gateway device, and different values of the gateway device are different, which is not limited in this embodiment. In the case that the request processing rule and the global rule are configured at the same time, the determination sequence may be to determine the global rule first and then to determine the request processing rule, and of course, the determination sequence may also be executed according to other sequences, which is not limited in this embodiment of the present application.

Fig. 3 is a flowchart of a request processing method according to an embodiment of the present application. The method may be applied to a gateway device, see fig. 3, which in one possible implementation comprises the following steps.

301. The gateway device receives a first HTTP request.

For the gateway device in the service system, the HTTP request sent by any source system is received by the gateway device first, and the subsequent processing procedure is executed.

302. In response to the first HTTP request missing at least two request processing rules, the gateway device performs forwarding of the first HTTP request, counting based on a source IP address of the first HTTP request.

303. And responding to the HTTP request number of the source IP address reaching the threshold value of any request processing rule, and writing an instruction corresponding to the request processing rule into the gateway equipment.

When writing an instruction corresponding to a request processing rule, the gateway device writes the instruction corresponding to the request processing rule into a request processing process, where the request processing process is used to forward an HTTP request received by the gateway device, determine whether the HTTP request received by the gateway device hits the request processing rule, and execute restriction processing corresponding to the hit request processing rule on the HTTP request received by the gateway device.

304. The gateway device receives a second HTTP request from the source IP address, and in response to determining that the second HTTP request hits in the request processing rule based on the written instruction, performs restriction processing corresponding to the request processing rule.

In the request processing process, for a certain source IP address, if an instruction corresponding to a certain request processing rule has been written, the HTTP request from the source IP address hits the request processing rule corresponding to the instruction.

According to the technical scheme provided by the embodiment of the application, the HTTP requests are counted based on the source IP addresses, once the number of the HTTP requests sent by the same source IP address in the counting period exceeds the threshold value of a certain request processing rule, the gateway equipment writes the corresponding request processing rule instruction into the source IP address, and the counting is carried out in real time, so that the source IP can be timely known to send abnormal traffic without lag analysis, the source IP addresses are limited to different degrees based on different number limits, the abnormal traffic can be more accurately identified and limited, and the purpose of dynamically and quickly protecting the gateway is achieved.

The example of the hierarchical tightening policy illustrated in fig. 2 is implemented by two levels of speed limit rules and rejection rules, and the embodiment takes the implementation of the hierarchical tightening policy by using the first speed limit rule and the rejection rule as an example, and is described with reference to fig. 4 and fig. 5. Fig. 4 and fig. 5 are flowcharts of a request processing method provided in an embodiment of the present application, where the method is executed by a gateway device, and referring to fig. 4 and fig. 5, the embodiment includes the following steps.

401. The gateway device receives a first HTTP request.

In some embodiments, in response to receiving any HTTP request, the gateway device detects whether an HTTP request from the source IP address is received for the first time according to the source IP address of the HTTP request, starts a counter in response to receiving the HTTP request from the source IP address for the first time, and starts a timer to record a statistical duration of the counter. For the embodiment of the present application, the first HTTP request is an HTTP request received at any time, and may be an initial HTTP request of the source IP address, that is, a first HTTP request from the source IP address, or may not be the initial HTTP request, which is not described herein again.

402. In response to the first HTTP request missing any of the request processing rules, the gateway device forwards the first HTTP request to a traffic server.

The hit of any request processing rule means that, for the source IP address of the first HTTP request, an instruction corresponding to the request processing rule has been written in the request processing process, and the instruction is a restriction process to be executed after the source IP address meets the execution condition of the request processing rule.

In some embodiments, the gateway device determining whether the first HTTP request hits in the request processing rules comprises:

402A, the gateway device judges whether the first HTTP request hits the rejection rule, if no, 402B is executed, and if no, the restriction processing corresponding to the rejection rule is executed.

Wherein, judging whether the first HTTP request hits the rejection rule comprises: and judging whether an instruction corresponding to a rejection rule is written into the source IP address of the first HTTP request in the request processing process. In response to an instruction that a rejection rule has been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request hits the rejection rule, and in response to an instruction that no rejection rule has been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request does not hit the rejection rule.

402B, the gateway device determines whether the first HTTP request hits the first speed limit rule, and executes a subsequent forwarding process in response to that the first HTTP request does not hit the first speed limit rule, and executes a restriction process corresponding to the first speed limit rule in response to that the first HTTP request hits the first speed limit rule.

Wherein, judging whether the first HTTP request hits the first speed limit rule comprises judging whether an instruction corresponding to the first speed limit rule is written into the source IP address in the request processing process. In response to an instruction that a first speed limit rule is written into a source IP address of the first HTTP request in a request processing process, the gateway device judges that the first HTTP request hits the first speed limit rule, and in response to no instruction that the first speed limit rule is written into the source IP address in the request processing process, the gateway device judges that the first HTTP request does not hit the first speed limit rule.

403. The gateway device counts based on the source IP address of the first HTTP request.

In some embodiments, the gateway device parses the first HTTP request to obtain a source IP address of the first HTTP request, and counts the number of HTTP requests sent by the source IP address through a counter corresponding to the source IP address.

404. And responding to the HTTP request quantity sent by the source IP address to reach a threshold value of the first speed limit rule, and writing an instruction corresponding to the first speed limit rule into a request processing process by the gateway equipment.

In some embodiments, the gateway device obtains the number of HTTP requests obtained by counting the source IP address by the counter, and respectively determines whether the number of HTTP requests reaches the threshold of each request processing rule. And in response to that the HTTP request quantity reaches a threshold value of the first speed limit rule, the gateway equipment judges whether an instruction of the first speed limit rule is written into the source IP address in the request processing process, and in response to that no instruction of the first speed limit rule is written into the source IP address in the request processing process, the gateway equipment writes the instruction of the first speed limit rule into the request processing process.

It should be noted that, the timer keeps running in the above process, and in response to the counted duration of the timer reaching the counting period, the gateway device clears the counter and resets the timer, and in response to the counting period not being reached, keeps running the timer and the counter.

405. The gateway device receives a second HTTP request from the source IP address.

In some embodiments, the second HTTP request may be any HTTP request from the source IP address except the initial request, which is not described herein.

406. In response to determining that the second HTTP request hits the first speed limit rule based on the written instruction, the gateway device performs a restriction process corresponding to the first speed limit rule to speed limit the HTTP request from the source IP address.

In some embodiments, the gateway device determines whether the first HTTP request hits the request processing rule, and the determining process is as described in step 402, which is not described herein again.

In some embodiments, throttling HTTP requests from the source IP address includes any of the following:

one processing mode is as follows: and the gateway equipment counts the data packets sent by the source IP address, and discards the data packets received in the remaining time length of the first time length in response to the fact that the number of the data packets sent by the source IP address in the first time length exceeds the first number.

For example, the gateway device limits the number of data packets that can be sent per second by the certain source IP address to within 3000, and if the number of data packets sent per second by the certain source IP address exceeds 3000, the gateway device discards the data packets that exceed the limited number in the period of time. It should be noted that the source IP address may resend the discarded data packet, that is, for the received data packet, the gateway device may send an acknowledgement message to the source IP address, and the source IP address may determine whether the gateway device discards the data packet according to whether the acknowledgement message is received, so as to resend the data packet discarded by the gateway device.

The other processing mode is as follows: the gateway device counts the number of connections maintained with the source IP address, and responsive to the number of connections exceeding a second number, the connections exceeding the second number are disconnected.

For example, the gateway device limits the number of connections that can be held by the certain source IP address to 5 or less, and if the number of connections exceeds 5, the gateway device disconnects the redundant connections.

The other treatment method is as follows: the gateway equipment counts the number of newly established connections with the source IP address within a first time length, and in response to the number of newly established connections exceeding a third number, the gateway equipment refuses to establish new connections with the source IP address.

For example, the gateway device limits the number of newly established connections to a certain source IP address to within 5, and if the number of connections exceeds 5, the gateway device rejects establishing new connections with the source IP address.

The processing modes can all realize speed limitation on the HTTP request from the source IP address, and the embodiment of the present application does not limit which processing mode is adopted.

407. The gateway device proceeds with counting based on the received HTTP request.

In this embodiment of the present application, the gateway device keeps running, and may also receive HTTP requests from various source systems and execute corresponding steps in a running process of the gateway device.

408. And responding to the fact that the number of the HTTP requests sent by the source IP address reaches a rejection rule threshold value, and writing an instruction corresponding to the rejection rule into a request processing process by the gateway equipment.

In some embodiments, the gateway device obtains the number of HTTP requests obtained by counting the source IP address by the counter, and respectively determines whether the number of HTTP requests reaches the threshold of each request processing rule. And in response to that the HTTP request quantity reaches a rejection rule threshold value, the gateway equipment judges whether an instruction of a rejection rule is written into the source IP address in the request processing process, and in response to that no instruction of the rejection rule is written into the source IP address in the request processing process, the gateway equipment writes the instruction of the rejection rule into the request processing process.

It should be noted that the timer keeps running in the above process, and in response to that the duration counted by the timer reaches the count period, the gateway device clears the counter and resets the timer, and in response to that the count period is not reached, keeps running the timer and the counter.

409. The gateway device receives a third HTTP request from the source IP address.

In some embodiments, the third HTTP request may be any HTTP request from the source IP address except the initial request, which is not described herein.

410. In response to determining that the third HTTP request hits the rejection rule based on the written instruction, the gateway device rejects the third HTTP request.

In some embodiments, the gateway device determines whether the third HTTP request hits the request processing rule, and the determining process is as described in step 402, which is not described herein again.

In some embodiments, in response to determining that the third HTTP request hits in the rejection rule based on the written instruction, the gateway device performs a restriction process corresponding to the rejection rule, rejects the third HTTP request, and stops the determination process.

In some embodiments, for a source IP address that hits in any request processing rule, the gateway device starts a timer, and in response to not receiving an HTTP request from the source IP address again within the second duration, deletes the instruction of the corresponding request processing rule. By deleting the command of the request processing rule in time according to the transmission condition of the HTTP request, the source system which is recovered to be normal can be prevented from being accidentally injured, and the normal business service is kept.

Furthermore, the technical scheme limits the speed of sending the HTTP request by the abnormal IP address from a single dimension, reduces the gateway resource waste caused by abnormal flow, and ensures the gateway to process the normal request.

The embodiment takes the example of implementing the mixing policy by using two-stage speed limit rule and rejection rule as described in fig. 2, and is described with reference to fig. 6 and fig. 7. Fig. 6 and fig. 7 are flowcharts of a request processing method provided in an embodiment of the present application, where the method is executed by a gateway device, and referring to fig. 6 and fig. 7, the embodiment includes the following steps.

601. The gateway device receives a first HTTP request.

The content of this step is as described in step 401 of fig. 4, and is not described herein again.

602. In response to the first HTTP request missing any of the request processing rules, the gateway device forwards the first HTTP request to a traffic server.

The hit of any request processing rule means that an instruction corresponding to the request processing rule has been written into the source IP address of the first HTTP request in the request processing process, and the instruction is a restricted process to be executed after the source IP address meets the execution condition of the request processing rule.

In some embodiments, the gateway device determines whether the first HTTP request hits in the request processing rule, referring to the step of determining the request processing rule in fig. 7, the method includes the following steps:

602A, the gateway device determines whether the first HTTP request hits a hybrid rejection rule, if the first HTTP request does not hit the hybrid rejection rule, 602B is executed, and if the first HTTP request hits the hybrid rejection rule, a restriction process corresponding to the hybrid rejection rule is executed.

Wherein determining whether the first HTTP request hits a hybrid denial rule comprises: and judging whether an instruction corresponding to a mixed rejection rule is written into the source IP address of the first HTTP request in the request processing process. In response to an instruction that a hybrid rejection rule has been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request hits the hybrid rejection rule, and in response to an instruction that no hybrid rejection rule has been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request does not hit the hybrid rejection rule.

602B, the gateway device determines whether the first HTTP request hits the second hybrid speed-limiting rule, and in response to that the first HTTP request does not hit the second hybrid speed-limiting rule, executes step 602C, and in response to that the first HTTP request hits the second hybrid speed-limiting rule, executes a limiting process corresponding to the second hybrid speed-limiting rule.

Wherein, judging whether the first HTTP request hits the second hybrid speed-limiting rule comprises: and judging whether an instruction corresponding to the second hybrid speed limit rule is written into the source IP address of the first HTTP request in the request processing process. And in response to the request processing process not having the instruction for writing the second hybrid speed-limiting rule into the source IP address, the gateway device judges that the first HTTP request does not hit the second hybrid speed-limiting rule.

602C, the gateway device determines whether the first HTTP request hits the first hybrid speed-limiting rule, executes a subsequent forwarding process in response to that the first HTTP request does not hit the first hybrid speed-limiting rule, and executes a limiting process corresponding to the first hybrid speed-limiting rule in response to that the first HTTP request hits the first hybrid speed-limiting rule.

Wherein, judging whether the first HTTP request hits the first hybrid speed-limiting rule comprises: and judging whether an instruction corresponding to the first mixed speed-limiting rule is written into the source IP address of the first HTTP request in the request processing process. In response to an instruction that a first hybrid speed-limiting rule has been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request hits the first hybrid speed-limiting rule, and in response to an instruction that a first hybrid speed-limiting rule has not been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request does not hit the first hybrid speed-limiting rule.

603. The gateway device counts based on the source IP address of the first HTTP request.

In some embodiments, the gateway device parses the first HTTP request to obtain a source IP address of the first HTTP request, and counts the number of HTTP requests sent by the source IP address through a counter corresponding to the source IP address, which is referred to as a gateway device counting step in fig. 7.

604. And responding to the HTTP request quantity sent by the source IP address to reach a threshold value of the first mixed speed-limiting rule, and writing an instruction corresponding to the first mixed speed-limiting rule into a request processing process by the gateway equipment.

In some embodiments, the gateway device obtains the number of HTTP requests obtained by counting the source IP address by the counter, and respectively determines whether the number of HTTP requests reaches the threshold of each request processing rule, see the request number determining step in fig. 7. In response to that the number of HTTP requests reaches the threshold of the first hybrid speed-limiting rule, the gateway device determines whether an instruction of the first hybrid speed-limiting rule has been written to the source IP address in the request processing process, and in response to that there is no instruction of the first hybrid speed-limiting rule written to the source IP address in the request processing process, the gateway device writes the instruction of the first hybrid speed-limiting rule in the request processing process, see the step of writing the first hybrid speed-limiting rule in fig. 7.

It should be noted that the timer keeps running in the above process, and in response to that the duration counted by the timer reaches the counting period, the gateway device clears the counter and resets the timer, and in response to that the counting period is not reached, keeps running the timer and the counter, see the counting period determination step in fig. 7.

605. The gateway device receives a second HTTP request from the source IP address.

606. In response to determining that the second HTTP request hits the first hybrid speed-limiting rule based on the written instruction, the gateway device performs a limiting process corresponding to the first hybrid speed-limiting rule to speed-limit the HTTP request from the source IP address.

In some embodiments, the gateway device determines whether the second HTTP request hits the request processing rule, see step of determining the request processing rule in fig. 7, where the determining process is as described in step 602, and is not described herein again.

In some embodiments, throttling the HTTP request from the source IP address comprises any one of the following:

one processing mode is as follows: the gateway equipment counts the number of connections kept with a source IP address and the number of data packets sent by the source IP address at the same time, responds that the number of connections kept between the gateway equipment and the source IP address exceeds a first number, disconnects the connections exceeding the first number, responds that the number of data packets sent by the source IP address exceeds a second number, limits the number of data packets sent by the source IP address in a first time duration, and responds that the number of data packets sent by the source IP address in the first time duration exceeds a third number, and discards the data packets received in the remaining time duration of the first time duration.

For example: the gateway device limits the number of connections that can be kept with a certain source IP address within 5, and after the number of data packets sent by the source IP address reaches 3000, the gateway device limits the number of data packets that can be sent by the source IP address within 20 per second. If the number of connections maintained with the source IP address exceeds 5, the gateway device disconnects the redundant connections. If the number of the data packets sent by the source IP address exceeds 3000, the gateway device limits the number of the data packets that can be sent by the source IP address per second to be within 20, and if the number of the data packets sent by the source IP address within one second exceeds 20, the gateway device discards the data packets exceeding the limit number within the period of time.

The other treatment mode is as follows: the gateway equipment counts the number of connections kept with the source IP address and the number of data packets sent by the source IP address at the same time, responds that the number of connections kept between the gateway equipment and the source IP address exceeds a first number, the connections exceeding the first number are disconnected, and responds that the number of data packets sent by the source IP address in the first time length exceeds a fourth number, the data packets received in the remaining time length of the first time length are discarded.

For example, the gateway device limits the number of connections that can be maintained with a source IP address to within 5, and limits the number of packets that can be sent by the network device per second to within 3000. If the number of connections to the source IP address exceeds 5, the gateway device disconnects the redundant connection. If the number of data packets sent by the source IP address in one second exceeds 3000, the gateway device discards the data packets exceeding the limit number in the period of time.

It should be noted that the source IP address may resend the discarded data packet, that is, for the received data packet, the gateway device may send an acknowledgement message to the source IP address, and the source IP address may determine whether the gateway device discards the data packet according to whether the acknowledgement message is received, so as to resend the data packet discarded by the gateway device.

The processing mode can achieve speed limit on the HTTP request from the source IP address, and in the embodiment of the present application, a mode of speed limit in two dimensions is adopted in the above process, and in some embodiments, speed limit in more dimensions is also adopted, which is not limited herein.

607. The gateway device proceeds with counting based on the received HTTP request.

In this embodiment of the present application, the gateway device keeps operating, and may also receive HTTP requests from various source systems and execute corresponding steps in an operating process of the gateway device, where the HTTP requests originating from the same source IP address as the first HTTP request are concerned in this embodiment of the present application, and when receiving the HTTP requests from the same source IP address, counting of corresponding counters is triggered, see the step of counting the gateway device in fig. 7, which is not described herein again.

608. And responding to the HTTP request quantity sent by the source IP address to reach a threshold value of the second mixed speed-limiting rule, and writing an instruction corresponding to the second mixed speed-limiting rule into a request processing process by the gateway equipment.

In some embodiments, the gateway device obtains the number of HTTP requests obtained by counting the source IP address by the counter, and respectively determines whether the number of HTTP requests reaches the threshold of each request processing rule, see the request number determining step in fig. 7. In response to that the number of the HTTP requests reaches the threshold of the second hybrid speed-limiting rule, the gateway device determines whether an instruction of the second hybrid speed-limiting rule has been written to the source IP address in the request processing process, and in response to that there is no instruction of the second hybrid speed-limiting rule written to the source IP address in the request processing process, the gateway device writes the instruction of the second hybrid speed-limiting rule in the request processing process, see the step of writing the second hybrid speed-limiting rule in fig. 7.

609. The gateway device receives a third HTTP request from the source IP address.

610. And in response to determining that the third HTTP request hits the second hybrid speed-limiting rule based on the written instruction, the gateway device performs a limiting process corresponding to the second hybrid speed-limiting rule to limit the HTTP request from the source IP address.

In some embodiments, the gateway device determines whether the third HTTP request hits the request processing rule, see step of determining the request processing rule in fig. 7, where the determining process is as described in step 602, and is not described herein again.

In some embodiments, the processing manner for limiting the speed of the HTTP request from the source IP address is as described in step 606, and is not described herein again.

611. The gateway device proceeds with counting based on the received HTTP request.

Referring to the gateway device counting step in fig. 7, the content of this step is as described in step 607, and is not described herein again.

612. And responding to the HTTP request quantity sent by the source IP address to reach a mixed rejection threshold value, and writing an instruction corresponding to the mixed rejection rule into a request processing process by the gateway equipment.

In some embodiments, the gateway device obtains the number of HTTP requests obtained by counting the source IP address by the counter, and respectively determines whether the number of HTTP requests reaches a threshold of each request processing rule, see the step of determining the number of requests in fig. 7. In response to that the number of HTTP requests reaches the threshold of the mixed rejection rule, the gateway device determines whether an instruction of the mixed rejection rule has been written to the source IP address in the request processing process, and in response to that no instruction of the mixed rejection rule has been written to the source IP address in the request processing process, the gateway device writes the instruction of the mixed rejection rule into the request processing process, see the step of writing the mixed rejection rule in fig. 7.

613. The gateway device receives a fourth HTTP request from the source IP address.

In some embodiments, the fourth HTTP request may be any HTTP request from the source IP address except the initial request, which is not described herein.

614. In response to determining that the fourth HTTP request hits a hybrid rejection rule based on the written instruction, the gateway device performs restriction processing corresponding to the hybrid rejection rule, rejecting the fourth HTTP request.

In some embodiments, the gateway device determines whether the fourth HTTP request hits in the request processing rule, referring to the step of determining the request processing rule in fig. 7, where the determining process is described in step 602, and is not described herein again.

In some embodiments, in response to determining that the fourth HTTP request hits a hybrid rejection rule based on the written instruction, the gateway device performs restriction processing corresponding to the hybrid rejection rule, rejects the fourth HTTP request, and stops the determination flow.

In some embodiments, for a source IP address that hits any request processing rule, the gateway device starts a timer, and in response to not receiving an HTTP request from the source IP address again within the second duration, deletes the instruction of the corresponding request processing rule. By deleting the command of the request processing rule in time according to the HTTP sending condition, the accidental injury to the source system which is recovered to be normal can be avoided, and the normal business service is kept.

According to the technical scheme provided by the embodiment of the application, the HTTP requests are counted based on the source IP addresses, once the number of the HTTP requests sent by the same source IP address in the counting period exceeds the threshold value of a certain request processing rule, the gateway equipment writes the corresponding request processing rule instruction into the source IP address, and due to the fact that counting is carried out in real time, hysteresis analysis is not needed, and which source IPs send abnormal flow can be known in time, so that the source IP addresses are limited in different degrees based on different number limits, abnormal flow can be identified and limited more accurately, and the purpose of dynamically and rapidly protecting the gateway is achieved.

Furthermore, the technical scheme simultaneously limits the speed of sending the HTTP request by the abnormal IP address from multiple dimensions, reduces the gateway resource waste caused by abnormal flow, and ensures the gateway to process the normal request.

The following embodiment performs the request processing based on another hybrid policy, and the following describes the specific content of the hybrid policy as follows:

the third mixing speed limit rule: in response to the number of HTTP requests sent by the network device reaching 100 in one counting period, the number of connections that the network device and the gateway device can maintain is limited to 5, and the gateway device limits the number of data packets that the network device can send per second to 3000.

Fourth mix speed limit rule: in response to the number of HTTP requests sent by the network device reaching 500 in one counting period, the number of connections that can be held by the network device and the gateway device is limited to 1, and the gateway device limits the number of data packets that can be sent by the network device per second to 2000.

The fifth mixing speed limit rule: in response to the number of HTTP requests sent by the network device reaching 1000 within a counting period, the gateway device limits the number of data packets that can be sent by the network device per second to 1000.

Fig. 8 is a flowchart of a request processing method provided in an embodiment of the present application, where the method is executed by a gateway device, refer to fig. 8, and the embodiment includes the following steps.

801. The gateway device receives a first HTTP request.

The content of this step is as described in step 601 of fig. 6, and is not described herein again.

802. In response to the first HTTP request missing any of the request processing rules, the gateway device forwards the first HTTP request to a traffic server.

In some embodiments, the gateway device determining whether the first HTTP request hits in the request processing rules includes the following steps:

802A, the gateway device determines whether the first HTTP request hits a fifth hybrid speed-limiting rule, if the first HTTP request does not hit the fifth hybrid speed-limiting rule, 802B is executed, and if the first HTTP request hits the fifth hybrid speed-limiting rule, a restriction process corresponding to the fifth hybrid speed-limiting rule is executed.

Wherein, judging whether the first HTTP request hits the fifth hybrid speed limit rule includes: and judging whether an instruction corresponding to a fifth hybrid speed limit rule is written into the source IP address of the first HTTP request in the request processing process. And in response to the request processing process not having the instruction for writing the fifth hybrid speed-limiting rule to the source IP address, the gateway device determines that the first HTTP request does not hit the fifth hybrid speed-limiting rule.

802B, the gateway device determines whether the first HTTP request hits the fourth hybrid speed-limiting rule, and in response to that the first HTTP request does not hit the fourth hybrid speed-limiting rule, executes step 802C, and in response to that the first HTTP request hits the fourth hybrid speed-limiting rule, executes a restriction process corresponding to the fourth hybrid speed-limiting rule.

Wherein, judging whether the first HTTP request hits the fourth hybrid speed limit rule comprises: and judging whether an instruction corresponding to a fourth hybrid speed-limiting rule is written into the source IP address of the first HTTP request in the request processing process. In response to the instruction that the fourth hybrid speed-limiting rule has been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request hits the fourth hybrid speed-limiting rule, and in response to the instruction that the fourth hybrid speed-limiting rule has not been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request does not hit the fourth hybrid speed-limiting rule.

802C, the gateway device determines whether the first HTTP request hits a third hybrid speed-limiting rule, executes a subsequent forwarding process in response to that the first HTTP request does not hit the third hybrid speed-limiting rule, and executes a restriction process corresponding to the third hybrid speed-limiting rule in response to that the first HTTP request hits the third hybrid speed-limiting rule.

Wherein, judging whether the first HTTP request hits the third hybrid speed-limiting rule comprises: and judging whether an instruction corresponding to the third hybrid speed-limiting rule is written into the source IP address of the first HTTP request in the request processing process. In response to an instruction that a third hybrid speed-limiting rule has been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request hits the third hybrid speed-limiting rule, and in response to an instruction that no third hybrid speed-limiting rule has been written to the source IP address in the request processing process, the gateway device determines that the first HTTP request does not hit the third hybrid speed-limiting rule.

803. The gateway device counts based on the source IP address of the first HTTP request.

The content of this step is as described in step 603 in fig. 6, and is not described herein again.

804. And responding to the HTTP request quantity sent by the source IP address and reaching a threshold value of a third mixed speed-limiting rule, and writing an instruction corresponding to the third mixed speed-limiting rule into a request processing process by the gateway equipment.

In some embodiments, the gateway device obtains the number of HTTP requests obtained by counting the source IP address by the counter, and respectively determines whether the number of HTTP requests reaches the threshold of each request processing rule. And in response to that the number of the HTTP requests reaches a threshold value of a third hybrid speed-limiting rule, the gateway device judges whether an instruction of the third hybrid speed-limiting rule is written into the source IP address in the request processing process, and in response to that no instruction of the third hybrid speed-limiting rule is written into the source IP address in the request processing process, the gateway device writes the instruction of the third hybrid speed-limiting rule into the request processing process.

805. The gateway device receives a second HTTP request from the source IP address.

806. In response to determining that the second HTTP request hits the third hybrid speed-limiting rule based on the written instruction, the gateway device performs a limiting process corresponding to the third hybrid speed-limiting rule to speed-limit the HTTP request from the source IP address.

In some embodiments, the method for the gateway device to determine whether the second HTTP request hits the request processing rule is described in step 802, which is not described herein again.

In some embodiments, the way of processing the rate limit for the HTTP request from the source IP address is as described in step 606 in fig. 6, which is not described herein again.

807. The gateway device proceeds with counting based on the received HTTP request.

The content of this step is as described in step 607 in fig. 6, and is not described herein again.

808. And responding to the HTTP request quantity sent by the source IP address to reach a fourth mixed speed limit threshold value, and writing an instruction corresponding to the fourth mixed speed limit rule into a request processing process by the gateway equipment.

In some embodiments, the gateway device obtains the number of HTTP requests obtained by counting the source IP address by the counter, and respectively determines whether the number of HTTP requests reaches a threshold of each request processing rule. And in response to that the number of the HTTP requests reaches a threshold value of a fourth hybrid speed-limiting rule, the gateway device judges whether an instruction of the fourth hybrid speed-limiting rule is written into the source IP address in the request processing process, and in response to that no instruction of the fourth hybrid speed-limiting rule is written into the source IP address in the request processing process, the gateway device writes the instruction of the fourth hybrid speed-limiting rule into the request processing process.

809. The gateway device receives a third HTTP request from the source IP address.

810. In response to determining that the third HTTP request hits the fourth hybrid speed-limiting rule based on the written instruction, the gateway device performs a limiting process corresponding to the fourth hybrid speed-limiting rule to speed-limit the HTTP request from the source IP address.

In some embodiments, the gateway device determines whether the third HTTP request hits the request processing rule, and the determining process is as described in step 802, which is not described herein again.

811. The gateway device proceeds with counting based on the received HTTP request.

The content of this step is as described in step 807, and is not described herein again.

812. And responding to the HTTP request quantity sent by the source IP address to reach a fifth mixed speed limit threshold value, and writing an instruction corresponding to a fifth mixed speed limit rule into a request processing process by the gateway equipment.

In some embodiments, the gateway device obtains the number of HTTP requests obtained by counting the source IP address by the counter, and respectively determines whether the number of HTTP requests reaches the threshold of each request processing rule. And in response to that the number of the HTTP requests reaches a threshold value of a fifth hybrid speed-limiting rule, the gateway device judges whether an instruction of the fifth hybrid speed-limiting rule is written into the source IP address in the request processing process, and in response to that no instruction of the fifth hybrid speed-limiting rule is written into the source IP address in the request processing process, the gateway device writes the instruction of the fifth hybrid speed-limiting rule into the request processing process.

813. The gateway device receives a fourth HTTP request from the source IP address.

814. In response to determining that the fourth HTTP request hits the fifth hybrid speed-limiting rule based on the written instruction, the gateway device performs a limiting process corresponding to the fifth hybrid speed-limiting rule to speed-limit the HTTP request from the source IP address.

In some embodiments, the gateway device determines whether the fourth HTTP request hits the request processing rule, and the determining process is as described in step 802, which is not described herein again.

In some embodiments, the processing manner for limiting the speed of the HTTP request from the source IP address is as described in step 606 in fig. 6, which is not described herein again.

Fig. 9 is a schematic structural diagram of a request processing apparatus according to an embodiment of the present application, and referring to fig. 9, the apparatus includes:

a receiving module 901, configured to receive a first HTTP request;

a forwarding module 902, configured to, in response to that the first HTTP request misses the at least two request processing rules, perform forwarding on the first HTTP request;

a statistics module 903, configured to count based on a source IP address of the first HTTP request;

a writing module 904, configured to write an instruction corresponding to the request processing rule when the number of HTTP requests of the source IP address reaches a threshold of any request processing rule;

the receiving module 901 is configured to receive a second HTTP request from the source IP address;

a restriction module 905 configured to, in response to determining that the second HTTP request hits in the request processing rule based on the written instruction, perform restriction processing corresponding to the request processing rule;

In some embodiments, the apparatus further comprises:

In some embodiments, the restriction module 905 block further comprises:

and the rejecting module is used for discarding the data packets received in the remaining time length of the first time length in response to the fact that the number of the data packets sent by the source IP address in the first time length exceeds the first number.

In some embodiments, the restriction module 905 further comprises:

In some embodiments, the apparatus further comprises:

the starting module is used for starting the timer;

and the deleting module is used for responding to the situation that the HTTP request from the source IP address is not received again in the second duration, and deleting the instruction of the corresponding request processing rule.

In some embodiments, the apparatus further comprises:

In this technical solution, the gateway device is a computer device, fig. 10 is a schematic structural diagram of a computer device provided in this embodiment, and the computer device 1000 may generate relatively large differences due to different configurations or performances, and may include one or more processors (CPUs) 1001 and one or more memories 1002, where at least one program code is stored in the one or more memories 1002, and the at least one program code is loaded and executed by the one or more processors 1001 to implement the methods provided in the foregoing method embodiments. Certainly, the computer device 1000 may further have a wired or wireless network interface, a keyboard, an input/output interface, and other components to facilitate input and output, and the computer device 1000 may further include other components for implementing device functions, which are not described herein again.

In an exemplary embodiment, a computer readable storage medium, such as a memory including at least one program code, which is executable by a processor to perform the request processing method in the above embodiments, is also provided. For example, the computer-readable storage medium may be a read-only memory (ROM), a Random Access Memory (RAM), a compact disc-read-only memory (CD-ROM), a magnetic tape, a floppy disk, an optical data storage device, and the like.

In an exemplary embodiment, a computer program product is also provided, the computer program product comprising at least one computer program, the at least one computer program being stored in a computer readable storage medium. The processor of the computer device reads the at least one computer program from the computer-readable storage medium, and executes the at least one computer program to cause the computer device to perform the operations performed by the request processing method.

In some embodiments, the computer program according to the embodiments of the present application may be deployed to be executed on one computer device or on multiple computer devices located at one site, or may be executed on multiple computer devices distributed at multiple sites and interconnected by a communication network, and the multiple computer devices distributed at the multiple sites and interconnected by the communication network may constitute a block chain system.

It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, and the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.

The above description is intended only to illustrate the alternative embodiments of the present application, and should not be construed as limiting the present application, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present application should be included in the scope of the present application.

Claims

1. A method for processing a request, the method comprising:

receiving a first HTTP request;

in response to the first HTTP request missing at least two request processing rules, performing forwarding of the first HTTP request, counting based on a source IP address of the first HTTP request;

wherein the at least two request processing rules are used for indicating that different limiting processing is performed based on different sending time thresholds of the HTTP requests in one counting period.

2. The method of claim 1, further comprising:

and judging whether the first HTTP request hits the at least two request processing rules according to a target sequence, wherein the target sequence is used for indicating that the strictness degree corresponding to the request processing rules is from large to small.

3. The method of claim 1, wherein in response to the hit request processing rule being a speed limit rule, the performing a limit process corresponding to the request processing rule comprises:

and counting the data packets of the source IP address, and discarding the data packets received in the remaining time length of the first time length in response to the fact that the number of the data packets sent by the source IP address in the first time length exceeds the first number.

4. The method of claim 1, wherein in response to the hit request processing rule being a speed limit rule, the performing the limiting process corresponding to the request processing rule comprises:

the number of connections maintained with the source IP address is counted and in response to the number of connections exceeding a second number, connections exceeding the second number are disconnected.

5. The method of claim 1, wherein in response to the hit request processing rule being a speed limit rule, the performing the limiting process corresponding to the request processing rule comprises:

and counting the number of newly-established connections with the source IP address within a first time length, and refusing to establish new connections with the source IP address in response to the fact that the number of newly-established connections exceeds a third number.

6. The method of claim 1, wherein the at least two request processing rules comprise: the system comprises at least one level of speed limit rule and a rejection rule, wherein the speed limit rule is used for limiting the speed of the HTTP request sent by the source IP address, and the rejection rule is used for rejecting the HTTP request sent by the source IP address.

7. The method of claim 6, wherein the at least one level of speed limiting rules is configured to limit at least one of a number of connections that the source IP address can maintain with the gateway device, a number of connections that can be newly established per second with the gateway device, and a number of packets transmitted per second.

8. The method according to claim 1, wherein after the performing of the restriction processing corresponding to the request processing rule, the method further comprises:

and starting a timer, and in response to not receiving the HTTP request from the source IP address again within the second time length, deleting the instruction of the corresponding request processing rule.

9. The method of claim 1, further comprising:

in response to receiving any HTTP request, detecting whether an HTTP request from the source IP address of the HTTP request is received for the first time according to the source IP address of the HTTP request, and in response to receiving the HTTP request from the source IP address of the HTTP request for the first time, starting a counter and starting a timer to record the statistical duration of the counter.

10. A request processing apparatus, characterized in that the apparatus comprises:

a receiving module, configured to receive a first HTTP request;

the forwarding module is used for responding to at least two request processing rules missed by the first HTTP request, and then forwarding the first HTTP request;

wherein the at least two request processing rules are used for indicating different limiting processes based on different sending time thresholds of the HTTP requests in one counting period.

11. A computer device comprising one or more processors and one or more memories, wherein at least one computer program is stored in the one or more memories and loaded into and executed by the one or more processors to perform the operations performed by the request processing method of any one of claims 1 to 9.

12. A computer-readable storage medium, having stored therein at least one computer program, which is loaded and executed by a processor to perform operations performed by a request processing method according to any one of claims 1 to 9.