CN117201136A - Teacher homepage malicious request current limiting method and system based on bucket leakage principle - Google Patents
Teacher homepage malicious request current limiting method and system based on bucket leakage principle Download PDFInfo
- Publication number
- CN117201136A CN117201136A CN202311175524.XA CN202311175524A CN117201136A CN 117201136 A CN117201136 A CN 117201136A CN 202311175524 A CN202311175524 A CN 202311175524A CN 117201136 A CN117201136 A CN 117201136A
- Authority
- CN
- China
- Prior art keywords
- request
- teacher
- homepage
- malicious
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 230000000670 limiting effect Effects 0.000 title claims abstract description 41
- 230000000903 blocking effect Effects 0.000 claims abstract description 29
- 230000003068 static effect Effects 0.000 claims abstract description 28
- 238000007789 sealing Methods 0.000 claims description 8
- 230000001960 triggered effect Effects 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 4
- 230000002829 reductive effect Effects 0.000 abstract description 3
- 238000012360 testing method Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 208000012260 Accidental injury Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Abstract
The application discloses a teacher homepage malicious request current limiting method based on a bucket leakage principle, which can not only maximally meet normal requests, but also rapidly identify malicious scanning sources ip by using an error address identification algorithm of dynamic service by combining static service and dynamic service, thereby realizing the blocking and the forbidden of malicious ips. By judging whether to trigger the current limiting rule, the malicious request test can be warned, and meanwhile, the real malicious request can be ip-blocked. According to the method and the system, the malicious ip identified in the dynamic service is sent to the static service through the dynamic and static combined mode, so that the malicious request ip can be identified in the web service stage, the request is quickly blocked, and the pressure on the dynamic service is reduced.
Description
Technical Field
The application relates to the technical field of computers, in particular to a method and a system for maliciously requesting to limit current of a teacher homepage based on a bucket leakage principle.
Background
At present, a quick publishing technology is adopted for the teacher homepage to carry out the staticization of the contents of the teacher personal homepage, the page is required to be generated by requesting dynamic service when the teacher homepage is accessed before the contents are not staticized, under the condition of a large number of malicious requests, particularly under the condition of a large number of crawlers, the dynamic service is highly loaded, the request cannot respond in time, the user experience is affected, and even the condition that the teacher homepage management machine is down occurs.
The prior art mainly avoids a large number of malicious requests through current limiting, however, the traditional current limiting scheme only limits the current of the requests, ensures the stable operation of the system through current limiting, cannot identify the malicious requests, cannot seal off the malicious requests, and can lead the normal requests to be refused when a large number of malicious requests reach, thereby reducing the use experience of users. In addition, the traditional current limiting scheme is that the authenticity of the request cannot be verified according to the access frequency, so that the situation of accidental injury can occur, and the normal request can be shielded.
Disclosure of Invention
In view of the foregoing drawbacks or shortcomings of the prior art, it is desirable to provide a method and system for malicious request throttling of a teacher homepage based on the leaky bucket principle.
In a first aspect, an embodiment of the present application provides a method for restricting malicious requests of a teacher homepage based on a leaky bucket principle, where the method includes:
s1: the teacher homepage tamper-proof module reads the ip sealing forbidden list;
s2: the teacher homepage tamper-proof module judges whether the current request ip is in the forbidden ip list, and if so, service is refused;
s3: if the content is not in the forbidden ip list, judging whether the content requested currently is static, and if so, directly reading the page content and returning the page content to the user;
s4: if the currently requested content is not static, the requested content is sent to a teacher homepage management server; the teacher homepage management server requests the corresponding character string identification;
s5: if the request is the corresponding character string identification, the teacher homepage management server verifies whether the current request ip exists in the access record queue, if so, judges whether the current request triggers a current limiting rule, and if not, web service is provided;
s6: if the request is the corresponding character string identification, the teacher homepage management server verifies whether the current request ip is a malicious request, and if so, service is refused.
In one embodiment, in step S3, the stationing includes converting a dynamic request into an html page.
In one embodiment, after the teacher's home page management server requests the corresponding character string identification, the method further comprises:
when no corresponding character string identification is requested, the teacher's home page management server denies service.
In one embodiment, step S5 further includes: if the current request ip is the system permission address, the current request ip is added into the dangerous ip list, and the service is refused.
In one embodiment, in step S5, the current limiting rule is the same number of requests of ip per second, and when the number of requests of the same ip per second is less than a preset number, the current limiting rule is not triggered; when the number of requests of the same ip per second is larger than the preset number, triggering a current limiting rule.
In one embodiment, after step S5, the method further comprises: and if the current request ip triggers the blocking action again before the blacklist of the preset level fails, permanently blocking the current ip until manual deblocking is performed.
In one embodiment, after step S5, if the current request ip triggers the blocking rule, the teacher homepage tamper-proof module sent by the current request ip is set.
In one embodiment, the method further comprises: if the blocking time of the current request ip expires, the teacher homepage tamper-proof module removes the corresponding current request ip from the ip blocking list.
In a second aspect, an embodiment of the present application provides a system for restricting malicious requests of a teacher homepage based on a leaky bucket principle, where the system includes:
the reading module is used for reading the ip sealing forbidden list by the teacher homepage tamper-proof module;
the first judging module is used for judging whether the current request ip is in the forbidden ip list or not by the teacher homepage tamper-proof module, and if so, rejecting service;
the second judging module is used for judging whether the content requested currently is static or not if the content is not in the seal-forbidden ip list, and if the content is static, directly reading the page content and returning the page content to the user;
the transmitting module is used for transmitting the requested content to the teacher homepage management server if the currently requested content is not static; the teacher homepage management server requests the corresponding character string identification;
the verification module is used for verifying whether the current request ip exists in the access record queue or not by the teacher homepage management server if the corresponding character string identification is requested, judging whether the current request triggers a current limiting rule or not if the current request ip exists in the access record queue, and providing web service if the current request ip does not trigger the current limiting rule;
and the third judging module is used for verifying whether the current request ip is a malicious request or not by the teacher homepage management server if the request is the corresponding character string identification, and rejecting service if the current request ip is the malicious request.
The beneficial effects of the application include:
according to the teacher homepage malicious request current limiting method based on the bucket leakage principle, through a mode of combining static service and dynamic service, normal requests can be met to the maximum extent, malicious scanning sources ip can be rapidly identified by using an error address identification algorithm of the dynamic service, and therefore malicious ips are blocked. By judging whether to trigger the current limiting rule, the malicious request test can be warned, and meanwhile, the real malicious request can be ip-blocked. According to the method and the system, the malicious ip identified in the dynamic service is sent to the static service through the dynamic and static combined mode, so that the malicious request ip can be identified in the web service stage, the request is quickly blocked, and the pressure on the dynamic service is reduced.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the accompanying drawings in which:
fig. 1 shows a flow diagram of a malicious request flow limiting method for a teacher homepage based on a bucket leakage principle according to an embodiment of the present application;
FIG. 2 illustrates an exemplary block diagram of a teacher homepage malicious request throttling system 200 based on the leaky bucket principle, according to an embodiment of the application;
fig. 3 is a schematic flow chart of another malicious request flow limiting method for a teacher homepage based on the bucket leakage principle according to the embodiment of the present application;
fig. 4 shows a schematic diagram of a computer system suitable for use in implementing the terminal device of an embodiment of the application.
Detailed Description
The application is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and not limiting of the application. It should be noted that, for convenience of description, only the portions related to the application are shown in the drawings.
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
Referring to fig. 1, fig. 1 shows a method for restricting malicious requests of a teacher homepage based on a bucket leakage principle according to an embodiment of the present application, where the method includes:
step 110: the teacher homepage tamper-proof module reads the ip sealing forbidden list;
step 120: the teacher homepage tamper-proof module judges whether the current request ip is in the forbidden ip list, and if so, service is refused;
step 130: if the content is not in the forbidden ip list, judging whether the content requested currently is static, and if so, directly reading the page content and returning the page content to the user;
step 140: if the currently requested content is not static, the requested content is sent to a teacher homepage management server; the teacher homepage management server requests the corresponding character string identification;
step 150: if the request is the corresponding character string identification, the teacher homepage management server verifies whether the current request ip exists in the access record queue, if so, judges whether the current request triggers a current limiting rule, and if not, web service is provided;
step 160: if the request is the corresponding character string identification, the teacher homepage management server verifies whether the current request ip is a malicious request, and if so, service is refused.
Exemplary, as shown in FIG. 3, the method generally includes
1. When the apache service is started, the teacher homepage tamper-proof module loads the tamper-proof ip list
2. When a teacher homepage management end tomcat service is started, loading a forbidden ip list
3. Starting a bucket leakage thread when a teacher homepage management end tomcat service is started, and injecting a token into a bucket leakage at a constant speed
4. The verification flow when the user initiates the request is as follows:
(1) The teacher homepage tamper-proof module judges whether the current request ip is in the forbidden ip list, and if so, directly refuses service.
(2) If the currently requested content is already static, then the direct read page content is returned to the user.
(3) If the content of the current request is not static, the request is forwarded to a teacher homepage management server, the teacher homepage management server receives the request and then requests a token, if the token request is not received, the current request is indicated to reach the maximum allowed by the server, and the current request is directly returned. If the token is taken, the currently requested service is continued. The teacher homepage quick release module firstly verifies whether a current request ip exists in an access record queue, if so, whether the current request triggers a current limiting rule needs to be judged, and the current limiting rule has two judging modes; the first is to judge according to the same ip/second request number. The system may define that the same ip may be considered as a non-considered request, a malicious request, and a current ip may be considered for a period of time to be blocked, if the number of requests per second exceeds 5. The first blocking duration is 3 minutes, if the first blocking is triggered, the current ip enters the secondary blacklist, the ip failure duration of the secondary blacklist is 30 minutes, if one ip triggers the blocking action again before the secondary blacklist fails, the current ip is blocked for 30 minutes, meanwhile, the current ip enters the tertiary blacklist, the ip failure duration of the tertiary blacklist is 60 minutes, if the current ip triggers the blocking action again before the tertiary blacklist fails, the current ip is blocked for 24 hours, meanwhile, the current ip enters the quaternary blacklist, the failure time of the quaternary blacklist is 48 hours, and if the current ip triggers the blocking action again before the quaternary blacklist fails, the current ip is blocked permanently until manual deblocking. And secondly, verifying the correctness of the url addresses according to the request, wherein the system can verify the correctness of each url address of the request, if each ip requests more than 3 times of wrong url addresses per second, the system considers that the current ip is a malicious ip, the current ip is subjected to a blocking action, and the current ip is permanently blocked until manual deblocking.
(4) When one ip triggers a blocking rule, the current ip is synchronously sent to an tamper-proof module of the apache for storage. When an ip blocking time expires, the ip blocking time is also synchronously sent to an apoche tamper-resistant module, which removes the current ip from the ip blocking list.
(5) The ip is blocked with modes in 2, the first is an automatic triggering mode, and the second is a manual adding mode. Any keep-out can be manually removed from the keep-out list.
(6) The system supports the white list function, and all ips in the white list can not be subjected to blocking operation.
Wherein Apache: apache HTTP Server (Apache) is an open source Web server of the Apache software foundation, which can run in most computer operating systems, and is one of the most popular Web server-side software because of its wide use across platforms and security. It is fast, reliable and can compile interpreters such as Perl/Python into servers through simple API extensions.
The Apache HTTP server is a modularized server, is derived from the NCSAhttpd server, and becomes Web server software with the first world use ranking after multiple modifications. It can run on almost all widely used computer platforms.
Apache originates from NCSAhttpd server, and is one of the most popular Web server software in the world after many modifications. Apache is taken from the reading of "a patch server", meaning that the patch-filled server, because it is free software, is continually being used to develop new functions, new features, and modify the original flaws. Apache has the characteristics of simplicity, high speed and stable performance, and can be used as a proxy server.
Tomcat: tomcat is a core item in Jakarta project of the Apache software foundation (Apache Software Foundation) and is commonly developed by Apache, sun and other companies and individuals. With Sun's participation and support, the latest Servlet and JSP specifications can always be embodied in Tomcat, with Tomcat 5 supporting the latest Servlet 2.4 and JSP2.0 specifications. Because Tomcat technology is advanced, performance is stable and free, the Tomcat is deeply favored by Java lovers and is accepted by partial software developers, and becomes a popular Web application server.
The Tomcat server is a free Web application server with open source codes, belongs to a lightweight application server, is commonly used in small and medium-sized systems and occasions where concurrent access users are not much, and is a first choice for developing and debugging JSP programs. It is considered that, for a beginner, when an Apache server is configured on a machine, it can be used to respond to access requests of HTML (an application under standard universal markup language) pages. In practice Tomcat is an extension of the Apache server, but it runs independently at runtime, so when a company runs Tomcat it actually runs alone as a process independent of Apache.
Token: in the system, a character string is randomly generated by the system, and the character string is a mark and can be used as a key, and only the key is held for access
A teacher homepage tamper-proof module: the module based on the apache is developed in the teacher homepage system, and can not only realize tamper resistance of static contents of the teacher homepage, but also generate the static contents of the teacher homepage by requesting dynamic service, namely, transfer the dynamic contents into html pages.
And (3) staticizing: staticization is the process of converting a dynamic request into an html page, when accessing the link address of a teacher homepage, as follows: http:// fasulty.dlut.edu.cn/jishuning/zh_cn/index.htm; when the user accesses the page, the user requests an htm page, but the htm page is not on the disk, the tamper-proof module judges whether the current htm page exists or not, is tampered or not and needs updating or not when the user receives the request, if the user does not exist, is tampered or needs updating, the user transmits the request to a management server of a homepage of a teacher, the management server provides a dynamic service actually, the management server returns the content of the current url to the user, and the tamper-proof module on the user stores the content returned by the management server into an htm file on the disk, so that the process is a static process.
And (3) automatic sealing and forbidden: when a request ip triggers a forbidden ip, the system automatically adds the ip to the forbidden list.
And (5) manual sealing and forbidden: the manager manually operates, for example, i need to reject all requests from all certain ips, and whether the requests of the ips trigger a blocking rule or not, the manager is required to manually add the ips to a blocking list.
By adopting the technical scheme, through a mode of combining static service and dynamic service, normal requests can be met to the maximum extent, and malicious scanning sources ip can be rapidly identified by using an error address identification algorithm of the dynamic service, so that the malicious ips are blocked. By judging whether to trigger the current limiting rule, the malicious request test can be warned, and meanwhile, the real malicious request can be ip-blocked. According to the method and the system, the malicious ip identified in the dynamic service is sent to the static service through the dynamic and static combined mode, so that the malicious request ip can be identified in the web service stage, the request is quickly blocked, and the pressure on the dynamic service is reduced.
In some embodiments, in step 130, the stationing includes converting a dynamic request into an html page.
In some embodiments, after the teacher's home page management server requests the corresponding string identification, the method further comprises:
when no corresponding character string identification is requested, the teacher's home page management server denies service.
In some embodiments, step 150 further comprises: if the current request ip is the system permission address, the current request ip is added into the dangerous ip list, and the service is refused.
In some embodiments, in step 150, the current limit rule is the number of requests of the same ip per second, and when the number of requests of the same ip per second is less than the preset number, the current limit rule is not triggered; when the number of requests of the same ip per second is larger than the preset number, triggering a current limiting rule.
In some embodiments, after step 150, the method further comprises: and if the current request ip triggers the blocking action again before the blacklist of the preset level fails, permanently blocking the current ip until manual deblocking is performed.
In some embodiments, after step 150, if the current request ip triggers the blocking rule, the teacher homepage tamper-proof module that the current request ip sends is stored in.
In some embodiments, the method further comprises: if the blocking time of the current request ip expires, the teacher homepage tamper-proof module removes the corresponding current request ip from the ip blocking list.
It should be noted that although the operations of the method of the present application are depicted in the drawings in a particular order, this does not require or imply that the operations must be performed in that particular order or that all of the illustrated operations be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
Further, referring to fig. 2, fig. 2 shows a teacher homepage malicious request current limiting system based on the leaky bucket principle according to an embodiment of the application, the system includes:
the reading module 210 is used for reading the ip sealing forbidden list by the teacher homepage tamper-proof module;
a first judging module 220, configured to judge whether the current request ip is in the forbidden ip list by using the teacher homepage tamper-proof module, and if so, reject the service;
a second judging module 230, configured to judge whether the content requested currently is static if not in the forbidden ip list, and directly read the page content and return the page content to the user if the content is static;
a sending module 240, configured to send the requested content to the teacher homepage management server if the currently requested content is not statically; the teacher homepage management server requests the corresponding character string identification;
the verification module 250 is configured to, if the request arrives at the corresponding character string identifier, verify, by the teacher's homepage management server, whether the current request ip already exists in the access record queue, if so, determine whether the current request triggers a current restriction rule, and if not, provide a web service;
and the third judging module is used for verifying whether the current request ip is a malicious request or not by the teacher homepage management server if the request is the corresponding character string identification, and rejecting service if the current request ip is the malicious request.
It should be understood that the elements or modules depicted in system 200 correspond to the various steps in the method described with reference to fig. 1. Thus, the operations and features described above with respect to the method are equally applicable to the system 200 and the units contained therein and are not described in detail herein. The system 200 may be implemented in advance in a browser or other security application of the electronic device, or may be loaded into the browser or security application of the electronic device by means of downloading, etc. The corresponding elements in system 200 may interact with elements in an electronic device to implement aspects of embodiments of the present application.
Referring now to FIG. 4, there is illustrated a schematic diagram of a computer system 300 suitable for use in implementing a terminal device or server in accordance with an embodiment of the present application.
As shown in fig. 4, the computer system 300 includes a Central Processing Unit (CPU) 301 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage section 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data required for the operation of the system 300 are also stored. The CPU301, ROM 302, and RAM 303 are connected to each other through a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
The following components are connected to the I/O interface 305: an input section 306 including a keyboard, a mouse, and the like; an output portion 307 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 308 including a hard disk or the like; and a communication section 309 including a network interface card such as a LAN card, a modem, or the like. The communication section 309 performs communication processing via a network such as the internet. The drive 310 is also connected to the I/O interface 305 as needed. A removable medium 311 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed on the drive 310 as needed, so that a computer program read therefrom is installed into the storage section 308 as needed.
In particular, according to embodiments of the present disclosure, the process described above with reference to fig. 1 may be implemented as a computer software program or provide related processing services in the form of an HTTP interface. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method of fig. 1. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 309, and/or installed from the removable medium 311.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules involved in the embodiments of the present application may be implemented in software or in hardware. The described units or modules may also be provided in a processor, for example, as: a processor includes a first sub-region generation unit, a second sub-region generation unit, and a display region generation unit. The names of these units or modules do not constitute a limitation of the unit or module itself in some cases, and for example, the display area generating unit may also be described as "a unit for generating a display area of text from the first sub-area and the second sub-area".
As another aspect, the present application also provides a computer-readable storage medium, which may be a computer-readable storage medium contained in the foregoing apparatus in the foregoing embodiment; or may be a computer-readable storage medium, alone, that is not assembled into a device. The computer-readable storage medium stores one or more programs for use by one or more processors in performing the text generation method described in the present application as applied to transparent window envelopes.
The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application is not limited to the specific combinations of the features described above, but also covers other embodiments which may be formed by any combination of the features described above or their equivalents without departing from the spirit of the application. Such as the above-mentioned features and the technical features disclosed in the present application (but not limited to) having similar functions are replaced with each other.
Claims (9)
1. A teacher homepage malicious request current limiting method based on a bucket leakage principle is characterized by comprising the following steps:
s1: the teacher homepage tamper-proof module reads the ip sealing forbidden list;
s2: the teacher homepage tamper-proof module judges whether the current request ip is in the forbidden ip list, and if so, service is refused;
s3: if the content is not in the forbidden ip list, judging whether the content requested currently is static, and if so, directly reading the page content and returning the page content to the user;
s4: if the currently requested content is not static, the requested content is sent to a teacher homepage management server; the teacher homepage management server requests the corresponding character string identification;
s5: if the request is the corresponding character string identification, the teacher homepage management server verifies whether the current request ip exists in the access record queue, if so, judges whether the current request triggers a current limiting rule, and if not, web service is provided;
s6: if the request is the corresponding character string identification, the teacher homepage management server verifies whether the current request ip is a malicious request, and if so, service is refused.
2. The method for limiting malicious requests for a teacher' S homepage based on the leaky bucket principle as claimed in claim 1, wherein said stationing includes converting a dynamic request into an html page in step S3.
3. The method for limiting malicious request of a teacher's homepage based on the leaky bucket principle according to claim 1, wherein after the teacher's homepage management server requests the corresponding character string identification, the method further comprises:
when no corresponding character string identification is requested, the teacher's home page management server denies service.
4. The method for limiting malicious requests of a teacher' S homepage based on the leaky bucket principle as claimed in claim 1, wherein the step S5 further comprises:
if the current request ip is the system permission address, the current request ip is added into the dangerous ip list, and the service is refused.
5. The method for limiting the malicious request of the teacher homepage based on the leaky bucket principle according to claim 1, wherein in step S5, the limiting rule is the number of requests of the same ip per second, and when the number of requests of the same ip per second is smaller than the preset number, the limiting rule is not triggered; when the number of requests of the same ip per second is larger than the preset number, triggering a current limiting rule.
6. The method for limiting malicious requests of a teacher' S homepage based on the leaky bucket principle as claimed in claim 5, further comprising, after step S5:
and if the current request ip triggers the blocking action again before the blacklist of the preset level fails, permanently blocking the current ip until manual deblocking is performed.
7. The method for limiting a malicious request of a teacher' S homepage based on the leaky bucket principle as claimed in claim 5, wherein, after step S5,
if the current request ip triggers the blocking rule, the teacher homepage tamper-proof module sent by the current request ip is provided.
8. The method for limiting malicious requests of a teacher's homepage based on the leaky bucket principle as claimed in claim 7, further comprising:
if the blocking time of the current request ip expires, the teacher homepage tamper-proof module removes the corresponding current request ip from the ip blocking list.
9. A teacher homepage malicious request current limiting system based on a bucket leakage principle is characterized by comprising:
the reading module is used for reading the ip sealing forbidden list by the teacher homepage tamper-proof module;
the first judging module is used for judging whether the current request ip is in the forbidden ip list or not by the teacher homepage tamper-proof module, and if so, rejecting service;
the second judging module is used for judging whether the content requested currently is static or not if the content is not in the seal-forbidden ip list, and if the content is static, directly reading the page content and returning the page content to the user;
the transmitting module is used for transmitting the requested content to the teacher homepage management server if the currently requested content is not static; the teacher homepage management server requests the corresponding character string identification;
the verification module is used for verifying whether the current request ip exists in the access record queue or not by the teacher homepage management server if the corresponding character string identification is requested, judging whether the current request triggers a current limiting rule or not if the current request ip exists in the access record queue, and providing web service if the current request ip does not trigger the current limiting rule;
and the third judging module is used for verifying whether the current request ip is a malicious request or not by the teacher homepage management server if the request is the corresponding character string identification, and rejecting service if the current request ip is the malicious request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311175524.XA CN117201136A (en) | 2023-09-12 | 2023-09-12 | Teacher homepage malicious request current limiting method and system based on bucket leakage principle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311175524.XA CN117201136A (en) | 2023-09-12 | 2023-09-12 | Teacher homepage malicious request current limiting method and system based on bucket leakage principle |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117201136A true CN117201136A (en) | 2023-12-08 |
Family
ID=89001260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311175524.XA Pending CN117201136A (en) | 2023-09-12 | 2023-09-12 | Teacher homepage malicious request current limiting method and system based on bucket leakage principle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117201136A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112632440A (en) * | 2020-12-18 | 2021-04-09 | 西安博达软件股份有限公司 | Static resource generation method for teacher personal homepage based on watermark characteristic rule string |
| CN115484066A (en) * | 2022-08-19 | 2022-12-16 | 重庆长安汽车股份有限公司 | Malicious request blocking method, device, equipment and storage medium of second killing system |
-
2023
- 2023-09-12 CN CN202311175524.XA patent/CN117201136A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112632440A (en) * | 2020-12-18 | 2021-04-09 | 西安博达软件股份有限公司 | Static resource generation method for teacher personal homepage based on watermark characteristic rule string |
| CN115484066A (en) * | 2022-08-19 | 2022-12-16 | 重庆长安汽车股份有限公司 | Malicious request blocking method, device, equipment and storage medium of second killing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10678910B2 (en) | Modifying web page code to include code to protect output | |
| US6058482A (en) | Apparatus, method and system for providing network security for executable code in computer and communications networks | |
| US8949990B1 (en) | Script-based XSS vulnerability detection | |
| Kirda et al. | Noxes: a client-side solution for mitigating cross-site scripting attacks | |
| US7757289B2 (en) | System and method for inspecting dynamically generated executable code | |
| US8225392B2 (en) | Immunizing HTML browsers and extensions from known vulnerabilities | |
| KR101757697B1 (en) | Apparatus and Method for marking documents with executable text | |
| Bates et al. | Regular expressions considered harmful in client-side XSS filters | |
| CN108304207A (en) | Mix the resource regeneration method and system of APP application programs | |
| US9596132B1 (en) | Virtual sandboxing for supplemental content | |
| Tang et al. | Fortifying web-based applications automatically | |
| Shahriar et al. | Client-side detection of cross-site request forgery attacks | |
| JP2004318816A (en) | Communication relay device, communication relay method, and program | |
| US20040010710A1 (en) | Method and system for filtering requests to a web site | |
| CN103036871A (en) | Support device and method of application plug-in of browser | |
| US8127033B1 (en) | Method and apparatus for accessing local computer system resources from a browser | |
| CN109325192B (en) | Advertisement anti-shielding method and device | |
| US8650214B1 (en) | Dynamic frame buster injection | |
| US7133918B2 (en) | Method and electronic device allowing an HTML document to access local system resources | |
| CN111767542A (en) | Unauthorized detection method and device | |
| CN112287349A (en) | Security vulnerability detection method and server | |
| CN117201136A (en) | Teacher homepage malicious request current limiting method and system based on bucket leakage principle | |
| Hadpawat et al. | Analysis of prevention of XSS attacks at client side | |
| CN115643054A (en) | Identity information verification method, device, server, medium and product | |
| CN111783006A (en) | Page generation method and device, electronic equipment and computer readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |