CN118118210A - CDN parent layer node anti-theft chain method, device, equipment and medium - Google Patents

Abstract

The present application provides a CDN parent node anti-hotlink method, device, equipment and medium, the method includes when an available parent node receives an access request initiated by a connected client, obtaining the client IP of the connected client and determining whether the access request is a detection request; when the access request is a non-detection request, verifying whether the non-detection request is a hotlink behavior based on the client IP; when the non-detection request is a non-hotlink behavior, passing the access request; when the non-detection request is a hotlink behavior, rejecting the access request. By determining whether the access request is a detection request, it is determined whether an anti-hotlink operation is required for the access request; when the access request is a non-detection request, the parent layer anti-hotlink strategy is dynamically adjusted by verifying the hotlink behavior of the client IP to avoid false triggering of the anti-hotlink operation, thereby improving the anti-theft reliability of the CDN node.

Description

CDN parent node hotlink prevention method, device, equipment and medium

Technical Field

The present application relates to the field of data processing technology, and in particular to a CDN parent node anti-hotlink method, device, equipment and medium.

Background technique

In the current CDN (Content Delivery Network) technology, edge nodes are deployed around the world to provide users with high-quality, high-efficiency, and low-latency network services nearby. In order to improve the cache hit rate and reduce the return rate, CDN adopts an edge + parent architecture. Under normal circumstances, domain names with anti-hotlink configuration are only verified at the edge node, and the edge node does not need to be verified when returning to the parent node. Once the parent IP is leaked, users will directly access the parent IP without anti-hotlink parameters to pull resource content. If a parent hotlink incident occurs, on the one hand, it is easy to cause customer complaints, cut off traffic, and cause business loss. On the other hand, the parent node traffic is not charged, which will also cause bandwidth loss for CDN.

For the above situation, the most commonly used parent-layer anti-hotlink method is to design an encryption and decryption algorithm, generate an internal authentication header for each request sent from the edge node to the parent-layer node, and then perform anti-hotlink verification at the parent-layer node. However, this method has some defects:

1) It is necessary to ensure that every request sent from the edge node to the parent node will carry an internal authentication header. However, in the actual production environment, the requests sent by the edge cache node to the parent node are very complex. Due to different customer needs, there are many customized services. If the authentication header is not added carefully, it will be rejected by the parent node, directly affecting customer business and causing customer complaints. In addition, some customers will do back-to-source authentication. The newly added internal authentication header may cause the authentication header calculated by the cache node to be inconsistent with that of the customer, which will eventually lead to the rejection of the back-to-source and affect the customer's business.

2) Each component that directly interacts with the parent-layer gateway also needs to be modified to adapt the authentication algorithm. Each request sent by the relevant component to the parent-layer node must carry an internal authentication header, which increases the modification cost of each component.

3) Although the internal authentication header is time-sensitive, if it is leaked, there is still a short-term risk of hotlinking, and abnormal behavior may still lead to customer complaints.

Therefore, how to improve the anti-theft reliability of CDN nodes has become a technical problem that needs to be solved urgently.

Summary of the invention

The present application provides a CDN parent node anti-hotlink method, device, equipment and storage medium, aiming to improve the anti-theft reliability of CDN nodes.

In a first aspect, the present application provides a CDN parent node hotlink protection method, the method comprising:

When the available parent node receives an access request initiated by the association client, it obtains the client IP of the association client and determines whether the access request is a detection request;

When the access request is a non-detection request, verifying whether the non-detection request is a hotlinking behavior based on the client IP;

When the non-probing request is not a hotlinking behavior, the access request is approved;

When the non-probing request is a hotlinking behavior, the access request is rejected.

In a second aspect, the present application further provides a CDN parent node anti-hotlink device, the CDN parent node anti-hotlink device comprising:

An access request judgment module is used to obtain the client IP of the association client when the available parent node receives the access request initiated by the association client, and judge whether the access request is a detection request;

A hotlink behavior verification module, used for verifying whether the non-probing request is a hotlink behavior based on the client IP when the access request is a non-probing request;

A request passing module, used for passing the access request when the non-probing request is a non-hotlinking behavior;

The access rejection module is used to reject the access request when the non-detection request is a hotlink behavior.

In a third aspect, the present application also provides a computer device, comprising a processor, a memory, and a computer program stored in the memory and executable by the processor, wherein when the computer program is executed by the processor, the steps of the CDN parent node anti-hotlinking method as described above are implemented.

In a fourth aspect, the present application further provides a computer-readable storage medium, on which a computer program is stored, wherein when the computer program is executed by a processor, the steps of the CDN parent node anti-hotlinking method as described above are implemented.

The present application provides a CDN parent node anti-hotlink method, device, equipment and storage medium. The method of the present application includes obtaining the client IP of the connected client and judging whether the access request is a detection request when the available parent node receives an access request initiated by the connected client; when the access request is a non-detection request, verifying whether the non-detection request is a hotlink behavior based on the client IP; when the non-detection request is a non-hotlink behavior, passing the access request; and rejecting the access request when the non-detection request is a hotlink behavior. Through the above-mentioned method, the present application determines whether it is necessary to perform an anti-hotlink operation on the access request by judging whether the access request initiated by the connected client is a detection request; when the access request is a non-detection request, judging whether the access request is a hotlink behavior by checking the hotlink behavior of the client IP, and then judging whether to pass the access request, thereby realizing the dynamic adjustment of the parent layer anti-hotlink strategy and the accuracy of identifying hotlink behavior, avoiding the false triggering of anti-hotlink operations, and improving the anti-theft reliability of CDN nodes.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for use in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present application. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying any creative work.

FIG1 is a flow chart of a first embodiment of a CDN parent node anti-hotlinking method provided by the present application;

FIG2 is a schematic diagram of a verification process for a probe request provided in an embodiment of the present application;

3 is a schematic diagram of the anti-hotlink verification process of the parent layer anti-hotlink module for non-detection requests provided in an embodiment of the present application;

FIG4 is a flow chart of a first embodiment of a CDN parent node anti-hotlinking method provided by the present application;

FIG5 is a flow chart of a second embodiment of a CDN parent node anti-hotlinking method provided by the present application;

FIG6 is a flow chart of a third embodiment of a CDN parent node anti-hotlinking method provided by the present application;

FIG7 is a schematic structural diagram of a first embodiment of a CDN parent node anti-hotlinking device provided by the present application;

FIG8 is a schematic block diagram of the structure of a computer device provided in an embodiment of the present application.

The realization of the purpose, functional features and advantages of this application will be further explained in conjunction with embodiments and with reference to the accompanying drawings.

Detailed ways

The following will be combined with the drawings in the embodiments of the present application to clearly and completely describe the technical solutions in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this application.

The flowcharts shown in the accompanying drawings are only examples and do not necessarily include all the contents and operations/steps, nor must they be executed in the order described. For example, some operations/steps may also be decomposed, combined or partially merged, so the actual execution order may change according to actual conditions.

In conjunction with the accompanying drawings, some embodiments of the present application are described in detail below. In the absence of conflict, the following embodiments and features in the embodiments can be combined with each other.

Please refer to Figure 1, which is a structural diagram of a CDN parent layer node anti-hotlink system provided by the present application.

In one embodiment, as shown in FIG. 1 , the system is mainly composed of a request processing module, a detection frequency verification module, a detection registration storage module, a parent layer anti-hotlink module, a client device and a server.

In one embodiment, the client device may be a computer device such as a laptop computer or a desktop computer.

In one embodiment, the server may be a single server or a server cluster.

In one embodiment, the request processing module is used to perform data analysis on the request initiated by the client device.

In one embodiment, the detection frequency verification module is used to detect and verify the detection frequency of the detection request.

In one embodiment, the detection registration storage module is used to register and update the client point IP of the client device into the database.

Exemplarily, a hash dictionary storage method may be used to detect registration, update, and deletion operations of the IP address requested for association, so that the parent layer anti-hotlink module can call and query.

Exemplarily, the flow chart of the request processing module, the detection frequency verification module, and the detection registration storage module is shown in Figure 2. After the CDN parent layer gateway receives the request, the request processing module distinguishes whether it is a detection request based on the request URL and the request header. If it is a detection request, it first performs the anti-hotlink judgment of the IP connection. The edge node uses the IP that initiates the connection and the agreed key key to generate an anti-hotlink string through the md5 algorithm, which is carried in the parameter signature of the detection request. The parent layer node verifies whether the encrypted string generated by the md5 algorithm of the connection client IP and the agreed key is consistent with the detection carrying parameter signature value. If not, the request is rejected and the registration of the connection IP is not performed. If it is consistent, the connection IP anti-hotlink passes, and the sliding window is used to count the detection frequency. For the detection request that passes the anti-hotlink, the detection frequency is checked. If it is within the specified range of the detection frequency, it enters the detection registration storage module to perform the registration update of the connection IP; for the detection frequency that is not within the specified range, it is considered to be an illegal detection request, and the detection registration storage module is entered to perform the deletion operation of the connection IP, and respond to the 403 rejection request.

In one embodiment, as shown in Figure 3, the parent layer anti-hotlink module includes triple filtering rules: if it is determined that the client IP is a local request, the anti-hotlink is passed; if it is a non-local request, it is determined whether the IP is in the hash dictionary and has not expired. If the IP exists and has not expired, the parent layer anti-hotlink passes; if it does not exist or is expired, it is determined whether the request IP or request domain name is in the custom whitelist. If it is in the whitelist, the parent layer anti-hotlink is passed, otherwise the request is rejected for anti-hotlink.

Please refer to FIG. 4 , which is a flowchart of a first embodiment of a CDN parent node anti-hotlinking method provided by the present application.

As shown in FIG. 4 , the CDN parent node anti-hotlinking method includes steps S101 to S104 .

S101, when an available parent node receives an access request initiated by a connection client, obtains the client IP of the connection client and determines whether the access request is a detection request;

In one embodiment, after receiving the request, the CDN parent layer gateway distinguishes whether it is a detection request based on the request URL and the request header. If it is a detection request, the detection registration is updated. If it is not a detection request, it is transferred to the parent layer anti-hotlink module for anti-hotlink judgment processing.

S102: When the access request is a non-detection request, verify whether the non-detection request is a hotlinking behavior based on the client IP;

In one embodiment, for non-probing requests, the client IP is queried and verified by comparing the client IP with the local IP, querying the hash dictionary, and querying the whitelist, so as to verify whether the non-probing request is a hotlinking behavior.

S103: when the non-detection request is not a hotlinking behavior, the access request is approved;

S104: When the non-detection request is a hotlinking behavior, reject the access request.

In one embodiment, for hotlinking behavior, the anti-hotlinking module of the parent node can be used to directly reject the request, and if it is a forged detection request, it can be marked as abnormal and eliminated. If it is a non-detection request, it will be directly rejected when encountering hotlinking, and the client IP will no longer be marked as an untrustworthy IP; and for non-hotlinking behavior, the non-detection request will be responded to.

Furthermore, when the non-probing request is a non-hotlinking behavior, after the access request is passed, the method further includes:

Based on the access request, determine the target business data, and query whether the target business data exists in the cache server of the available parent node; when the target business data exists in the cache server, respond the target business data to the established client; when the target business data does not exist in the cache server, perform a back-to-source operation, obtain the target business data, and respond the target business data to the established client.

In one embodiment, after the parent layer anti-hotlink protection passes, it enters the actual customer business logic. If the cache server of the parent layer node has a cache, it will directly respond to the client. If the cache server of the parent layer node does not have a cache of the corresponding URL, it will go back to the source to pull the file and cache it in the current parent layer node, and then respond to the client.

This embodiment provides a CDN parent node anti-hotlinking method, which determines whether an access request initiated by a connected client is a detection request, and then determines whether an anti-hotlinking operation is required for the access request; when the access request is not a detection request, the hotlinking behavior of the client IP is verified to determine whether the access request is a hotlinking behavior, and then determines whether the access request is approved, thereby achieving dynamic adjustment of the parent layer anti-hotlinking strategy and the accuracy of hotlinking behavior identification, avoiding false triggering of anti-hotlinking operations, and improving the anti-theft reliability of CDN nodes.

Please refer to FIG. 5 , which is a flow chart of a second embodiment of a CDN parent node anti-hotlinking method provided by the present application.

In this embodiment, based on the embodiment shown in FIG. 4 , step S101 specifically includes:

S201, obtaining the local IP corresponding to the available parent node, and comparing the client IP with the local IP;

S202: If the client IP is consistent with the local IP, determine that the non-probing request is the non-hotlinking behavior.

In one embodiment, when the gateway of the parent node receives a non-detection request, it first determines whether the client IP of the connection is the local IP. If the client IP is the local IP, it is confirmed to be non-hotlinking, and the parent layer anti-hotlinking is allowed.

In one embodiment, if the client IP is not the local IP, further verification is required.

Furthermore, if the client IP and the local IP are inconsistent, the preset hash dictionary is queried to see whether the client IP exists; if the client IP is found to exist in the hash dictionary, the validity period of the client IP is obtained; if the validity period is currently valid, the non-probing request is determined to be the non-hotlinking behavior.

In one embodiment, a hash dictionary storage method can be used to store the client IP associated with the parent node. The hash dictionary is responsible for detecting the registration, update, deletion and other operations of the client IP requesting the association, so that the parent anti-hotlink module can call and query.

In one embodiment, it is queried whether the client IP of the associated client has been stored in the hash dictionary. If the client IP exists in the hash dictionary and has not expired, the parent layer hotlink protection passes.

In one embodiment, if the client IP exists in the hash dictionary, but the validity period of the client IP has expired, or the client IP does not exist in the hash dictionary, the client IP is further verified.

Furthermore, if it is found that the client IP does not exist in the hash dictionary, or if it is found that the client IP exists in the hash dictionary and the validity period of the client IP is currently invalid, the client domain name of the non-detection request is obtained; a preset whitelist is obtained, and it is queried whether the client domain name and/or the client IP exists in the whitelist; if it is found that the client domain name and/or the client IP exists in the whitelist, it is determined that the non-detection request is a non-hotlinking behavior.

In one embodiment, if the client IP that initiated the access request cannot be found in the hash dictionary, or the client IP exists but has expired, a custom whitelist query is further performed on the domain name and IP of the request. If the domain name or IP is in the custom whitelist, the parent layer anti-hotlinking passes.

In one embodiment, if the domain name or IP is not in the custom whitelist, it is determined to be a hotlinking behavior and is rejected for hotlink protection.

In this embodiment, for non-detection requests, the domain name or IP of the interactive component is whitelisted in combination with a custom whitelist method to avoid the modification cost of the interactive component, and the parent layer anti-hotlinking is released for the interactive component; for other customer requests, the client IP that requests the connection is queried and compared with the hash dictionary storage. For non-existent or expired IPs, the parent layer anti-hotlinking is rejected, and for existing and non-expired IPs, the parent layer anti-hotlinking is released. In combination with a custom whitelist, the components that interact with the parent layer gateway are added to the custom whitelist, and the whitelist is dynamically loaded and takes effect at a fixed time, avoiding the modification cost of the interactive component. It also provides a way for the operation and maintenance to temporarily whitelist the client IP to access the parent layer node when troubleshooting problems with the online parent layer node.

Please refer to FIG. 6 , which is a flowchart of a third embodiment of a CDN parent node anti-hotlinking method provided by the present application.

In this embodiment, based on the embodiment shown in FIG. 4 , the step S101 and the following steps are specifically performed:

S301, when the access request is a detection request, verify whether the detection request is a legal detection request;

In one embodiment, the edge node periodically performs survival detection on the parent node. If there is no response or response timeout for multiple consecutive times, the parent IP is marked as unavailable. If there are multiple consecutive detection responses of 200, the corresponding parent IP is marked as available. At the same time, the parent node reuses the detection link of the edge node, performs URL and request header judgment on the request, and determines whether the request is a legitimate detection request.

S302: when the detection request is a legal detection request, obtain the detection frequency of the detection request, and verify whether the detection frequency of the detection request is within a legal frequency range;

S303: When the detection frequency is within a legal frequency range, register or update the client IP, and send a response signal to the associated client to respond to the access request.

In one embodiment, for the detection request, the IP hotlink protection judgment is first performed. The edge node uses the IP that initiates the connection and the agreed key key to generate an anti-hotlink string through the md5 algorithm, which is carried in the parameter signature of the detection request. The parent node verifies whether the encrypted string generated by the md5 algorithm of the connection client IP and the agreed key is consistent with the signature value of the detection parameter. If they are inconsistent, the request is rejected and the registration of the connection IP is not performed. If they are consistent, the IP hotlink protection of the connection is passed.

In one embodiment, for the detection request, the detection task's connected IP anti-hotlink check and detection frequency check are performed. If the connected IP anti-hotlink check passes and the detection frequency check is within the legal range, the detection connection client IP is registered or updated, and the expiration time of the IP is written or updated and stored in the hash dictionary. The detection request response 200 informs the client that the parent layer status is normal.

Furthermore, when the detection frequency is not within the legal frequency range, the client IP stored in the preset database is deleted, and a request rejection signal is sent to the associated client to reject the access request.

In one embodiment, if the detection request fails to establish an IP hotlink protection check, the client IP will not be registered, and the request will be directly rejected with a 403 response. If the detection request passes the IP hotlink protection check, but the frequency check exceeds the limit, the corresponding client IP in the hash dictionary will be deleted, and the request will be directly rejected with a 403 response.

In one embodiment, by multiplexing the edge node detection link, distinguishing between detection requests and non-detection requests, and performing a double check of the IP anti-hotlink verification and the detection frequency on the detection request, if the detection anti-hotlink passes and the detection frequency meets the requirements, it is a valid detection request, and the client IP of the detection request is added to the hash dictionary storage and the IP expiration time is updated; if the detection anti-hotlink fails, it is not added to the hash dictionary storage; if the detection anti-hotlink passes, but the detection frequency does not meet the requirements, the request is rejected and the client IP stored in the hash dictionary is removed.

In this embodiment, the edge node detection link is reused, and the parent node registers and stores the client IP of the detection connection to identify whether it is a hotlink, reduce the parent layer's reliance on the authentication header of each link request, and prevent the legitimate customer service request from being rejected due to the omission of the service code authentication header. Reduce the risk of introducing business logic that is different from customer requirements due to the addition of a new authentication header, and also avoid short-term hotlinking caused by internal authentication header leakage. And it can dynamically update the edge node IP list as the edge node planning is adjusted. The detection request is double-checked for IP hotlink protection and detection frequency to prevent the access of illegal detection requests from leading to successful registration of non-edge node IPs. The single controllability and accuracy of the detection request are used to completely strip the coupling of the parent layer anti-hotlink system and the customer request business logic, prevent the introduction of the parent layer anti-hotlink system from affecting the customer business logic, and ensure the accuracy of the parent layer anti-hotlink.

Please refer to Figure 7, which is a schematic diagram of the structure of a first embodiment of a CDN parent node anti-hotlinking device provided by the present application, wherein the CDN parent node anti-hotlinking device is used to execute the aforementioned CDN parent node anti-hotlinking method. The CDN parent node anti-hotlinking device can be configured in a server.

As shown in FIG. 7 , the CDN parent node anti-hotlinking device 400 includes: an access request judgment module 401 , a hotlinking behavior verification module 402 , a request approval module 403 and an access rejection module 404 .

The access request judgment module 401 is used to obtain the client IP of the association client when the available parent node receives the access request initiated by the association client, and judge whether the access request is a detection request;

A hotlinking behavior verification module 402 is used to verify whether the non-probing request is a hotlinking behavior based on the client IP when the access request is a non-probing request;

A request passing module 403, configured to pass the access request when the non-probing request is not a hotlinking behavior;

The access rejection module 404 is configured to reject the access request when the non-detection request is a hotlinking behavior.

In one embodiment, the hotlinking behavior verification module 402 includes:

A local IP acquisition unit, used to acquire the local IP corresponding to the available parent node, and compare the client IP with the local IP;

The first non-hotlinking behavior determination unit is used to determine that the non-probing request is the non-hotlinking behavior if the client IP and the local IP are consistent.

In one embodiment, the hotlinking behavior verification module 402 further includes:

An IP query unit, configured to query whether the client IP exists in a preset hash dictionary if the client IP is inconsistent with the local IP;

An effective period obtaining unit, configured to obtain the effective period of the client IP if the client IP is found to exist in the hash dictionary;

The second non-hotlinking behavior determination unit is configured to determine that the non-probing request is the non-hotlinking behavior if the validity period is currently valid.

In one embodiment, the hotlinking behavior verification module 402 further includes:

A client domain name acquisition unit, configured to acquire the client domain name of the non-detection request if it is found that the client IP does not exist in the hash dictionary, or if it is found that the client IP exists in the hash dictionary and the validity period of the client IP is currently invalid;

A whitelist acquisition unit, used to acquire a preset whitelist and query whether the client domain name and/or the client IP exists in the whitelist;

The third non-hotlinking behavior determination unit is configured to determine that the non-probing request is a non-hotlinking behavior if it is found that the client domain name and/or the client IP exists in the whitelist.

In one embodiment, the CDN parent node anti-hotlinking device 400 further includes a detection request verification module, including:

A detection request legality verification unit, used for verifying whether the detection request is a legal detection request when the access request is a detection request;

A detection frequency verification unit, used to obtain the detection frequency of the detection request when the detection request is a legal detection request, and verify whether the detection frequency of the detection request is within a legal frequency range;

The access request response unit is used to register or update the client IP when the detection frequency is within the legal frequency range, and send a response signal to the associated client to respond to the access request.

In one embodiment, the probe request verification module further includes:

The access request rejection unit is used to delete the client IP stored in the preset database when the detection frequency is not within the legal frequency range, and send a request rejection signal to the associated client to reject the access request.

In one embodiment, the CDN parent node anti-hotlinking device 400 further includes a service data response module, including:

A target business data determination unit, configured to determine the target business data based on the access request, and query whether the target business data exists in the cache server of the available parent node;

A first data response unit, configured to respond the target service data to the connection client when the target service data exists in the cache server;

The second data response unit is used to perform a back-to-source operation to obtain the target business data and respond the target business data to the association client when the target business data does not exist in the cache server.

It should be noted that technicians in the relevant field can clearly understand that for the convenience and simplicity of description, the specific working process of the above-described device and each module can refer to the corresponding process in the aforementioned CDN parent layer node anti-hotlink method embodiment, and will not be repeated here.

The apparatus provided in the above embodiment may be implemented in the form of a computer program, and the computer program may be run on a computer device as shown in FIG. 8 .

Please refer to Fig. 8, which is a schematic block diagram of the structure of a computer device provided in an embodiment of the present application. The computer device may be a server.

Referring to FIG. 8 , the computer device includes a processor, a memory, and a network interface connected via a system bus, wherein the memory may include a non-volatile storage medium and an internal memory.

The non-volatile storage medium can store an operating system and a computer program. The computer program includes program instructions, and when the program instructions are executed, the processor can execute any CDN parent node hotlink protection method.

The processor is used to provide computing and control capabilities and support the operation of the entire computer equipment.

The internal memory provides an environment for the operation of the computer program in the non-volatile storage medium. When the computer program is executed by the processor, the processor can execute any CDN parent node anti-hotlinking method.

The network interface is used for network communication, such as sending assigned tasks, etc. Those skilled in the art will appreciate that the structure shown in FIG8 is only a block diagram of a portion of the structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied. The specific computer device may include more or fewer components than those shown in the figure, or combine certain components, or have a different arrangement of components.

It should be understood that the processor may be a central processing unit (CPU), or other general-purpose processors, digital signal processors (DSP), application-specific integrated circuits (ASIC), field-programmable gate arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. Among them, the general-purpose processor may be a microprocessor or the processor may also be any conventional processor, etc.

In one embodiment, the processor is used to run a computer program stored in the memory to implement the following steps:

When the available parent node receives an access request initiated by the association client, it obtains the client IP of the association client and determines whether the access request is a detection request;

When the access request is a non-detection request, verifying whether the non-detection request is a hotlinking behavior based on the client IP;

When the non-probing request is not a hotlinking behavior, the access request is approved;

When the non-probing request is a hotlinking behavior, the access request is rejected.

In one embodiment, when the processor implements the verification based on the client IP whether the non-probing request is a hotlinking behavior, it is used to implement:

Obtain the local IP corresponding to the available parent node, and compare the client IP with the local IP;

If the client IP is consistent with the local IP, the non-probing request is determined to be the non-hotlinking behavior.

In one embodiment, after obtaining the local IP corresponding to the available parent node and comparing the client IP with the local IP, the processor is further configured to implement:

If the client IP is inconsistent with the local IP, query whether the client IP exists in the preset hash dictionary;

If the client IP is found in the hash dictionary, the validity period of the client IP is obtained;

If the effective period is currently valid, the non-probing request is determined to be the non-hotlinking behavior.

In one embodiment, after implementing the querying of whether the client IP exists in a preset hash dictionary if the client IP and the local IP are inconsistent, the processor is further configured to implement:

If it is found that the client IP does not exist in the hash dictionary, or if it is found that the client IP exists in the hash dictionary and the validity period of the client IP is currently invalid, then obtaining the client domain name of the non-detection request;

Obtain a preset whitelist, and query whether the client domain name and/or the client IP exists in the whitelist;

If it is found that the client domain name and/or the client IP exists in the whitelist, it is determined that the non-probing request is a non-hotlinking behavior.

In one embodiment, after obtaining the client IP of the associated client and determining whether the access request is a detection request, the processor is further configured to implement:

When the access request is a detection request, verifying whether the detection request is a legitimate detection request;

When the detection request is a legal detection request, obtaining a detection frequency of the detection request, and verifying whether the detection frequency of the detection request is within a legal frequency range;

When the detection frequency is within the legal frequency range, the client IP is registered or updated, and a response signal is sent to the associated client to respond to the access request.

In one embodiment, the processor, after obtaining the detection frequency of the detection request when the detection request is a legitimate detection request and verifying whether the detection frequency of the detection request is within a legitimate frequency range, is further configured to implement:

When the detection frequency is not within the legal frequency range, the client IP stored in the preset database is deleted, and a request rejection signal is sent to the associated client to reject the access request.

In one embodiment, when the non-probing request is a non-hotlinking behavior, the processor is further configured to implement, after passing the access request:

Based on the access request, determine the target business data, and query whether the target business data exists in the cache server of the available parent node;

When the target service data exists in the cache server, responding the target service data to the connection client;

When the target business data does not exist in the cache server, a back-to-source operation is performed to obtain the target business data, and the target business data is responded to the association client.

A computer-readable storage medium is also provided in an embodiment of the present application. The computer-readable storage medium stores a computer program. The computer program includes program instructions. The processor executes the program instructions to implement any CDN parent node anti-hotlinking method provided in the embodiment of the present application.

The computer-readable storage medium may be an internal storage unit of the computer device described in the above embodiment, such as a hard disk or memory of the computer device. The computer-readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a smart memory card (SmartMediaCard, SMC), a secure digital (SecureDigital, SD) card, a flash card (FlashCard), etc. equipped on the computer device.

The above is only a specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any technician familiar with the technical field can easily think of various equivalent modifications or replacements within the technical scope disclosed in the present application, and these modifications or replacements should be included in the protection scope of the present application. Therefore, the protection scope of the present application shall be based on the protection scope of the claims.

Claims (10)

1. A CDN parent node anti-hotlink method, characterized in that the method comprises: When the available parent node receives an access request initiated by the association client, it obtains the client IP of the association client and determines whether the access request is a detection request; When the access request is a non-detection request, verifying whether the non-detection request is a hotlinking behavior based on the client IP; When the non-probing request is not a hotlinking behavior, the access request is approved; When the non-probing request is a hotlinking behavior, the access request is rejected. 2. The CDN parent node anti-hotlinking method according to claim 1, characterized in that the step of verifying whether the non-detection request is a hotlinking behavior based on the client IP comprises: Obtain the local IP corresponding to the available parent node, and compare the client IP with the local IP; If the client IP is consistent with the local IP, the non-probing request is determined to be the non-hotlinking behavior. 3. The CDN parent node anti-hotlinking method according to claim 2 is characterized in that after obtaining the local IP corresponding to the available parent node and comparing the client IP with the local IP, it also includes: If the client IP is inconsistent with the local IP, query whether the client IP exists in the preset hash dictionary; If the client IP is found in the hash dictionary, the validity period of the client IP is obtained; If the effective period is currently valid, the non-probing request is determined to be the non-hotlinking behavior. 4. The CDN parent node anti-hotlinking method according to claim 3 is characterized in that if the client IP and the local IP are inconsistent, after querying whether the client IP exists in a preset hash dictionary, it also includes: If it is found that the client IP does not exist in the hash dictionary, or if it is found that the client IP exists in the hash dictionary and the validity period of the client IP is currently invalid, then obtaining the client domain name of the non-detection request; Obtain a preset whitelist, and query whether the client domain name and/or the client IP exists in the whitelist; If it is found that the client domain name and/or the client IP exists in the whitelist, it is determined that the non-probing request is a non-hotlinking behavior. 5. The CDN parent node anti-hotlinking method according to claim 1, characterized in that after obtaining the client IP of the associated client and determining whether the access request is a detection request, it also includes: When the access request is a detection request, verifying whether the detection request is a legitimate detection request; When the detection request is a legal detection request, obtaining a detection frequency of the detection request, and verifying whether the detection frequency of the detection request is within a legal frequency range; When the detection frequency is within the legal frequency range, the client IP is registered or updated, and a response signal is sent to the associated client to respond to the access request. 6. The CDN parent node anti-hotlinking method according to claim 5, characterized in that when the detection request is a legal detection request, after obtaining the detection frequency of the detection request and verifying whether the detection frequency of the detection request is within a legal frequency range, it also includes: When the detection frequency is not within the legal frequency range, the client IP stored in the preset database is deleted, and a request rejection signal is sent to the associated client to reject the access request. 7. The CDN parent node anti-hotlinking method according to any one of claims 1 to 6, characterized in that when the non-detection request is a non-hotlinking behavior, after passing the access request, it also includes: Based on the access request, determine the target business data, and query whether the target business data exists in the cache server of the available parent node; When the target service data exists in the cache server, responding the target service data to the connection client; When the target business data does not exist in the cache server, a back-to-source operation is performed to obtain the target business data, and the target business data is responded to the association client. 8. A CDN parent node anti-hotlink device, characterized in that the CDN parent node anti-hotlink device comprises: An access request judgment module is used to obtain the client IP of the association client when the available parent node receives the access request initiated by the association client, and judge whether the access request is a detection request; A hotlink behavior verification module, used for verifying whether the non-probing request is a hotlink behavior based on the client IP when the access request is a non-probing request; A request passing module, used for passing the access request when the non-probing request is a non-hotlinking behavior; The access rejection module is used to reject the access request when the non-detection request is a hotlink behavior. 9. A computer device, characterized in that the computer device includes a processor, a memory, and a computer program stored in the memory and executable by the processor, wherein when the computer program is executed by the processor, the steps of the CDN parent node anti-hotlinking method as described in any one of claims 1 to 7 are implemented. 10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, wherein when the computer program is executed by a processor, the steps of the CDN parent node anti-hotlinking method according to any one of claims 1 to 7 are implemented.