WO2015090117A1 - Website protection method and device - Google Patents

Website protection method and device Download PDF

Info

Publication number
WO2015090117A1
WO2015090117A1 PCT/CN2014/089960 CN2014089960W WO2015090117A1 WO 2015090117 A1 WO2015090117 A1 WO 2015090117A1 CN 2014089960 W CN2014089960 W CN 2014089960W WO 2015090117 A1 WO2015090117 A1 WO 2015090117A1
Authority
WO
WIPO (PCT)
Prior art keywords
website
security protection
rule
type
request message
Prior art date
Application number
PCT/CN2014/089960
Other languages
French (fr)
Chinese (zh)
Inventor
姚熙
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2015090117A1 publication Critical patent/WO2015090117A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/24Negotiation of communication capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Definitions

  • the present invention relates to the field of network security technologies, and in particular, to a website protection method and apparatus.
  • website security issues are mainly divided into the following four aspects: server security, border security, security on the Internet and extranet.
  • server security Before the attack occurs, it is the key to preventive measures before the attack occurs.
  • the firewall system is the first line of defense for website security. It can filter and block many attacks.
  • the system administrator must ensure the security of the web server system and also consider some basic security protections of the website application.
  • some specialized network security vendors provide website security products. During the construction of the website, the system administrator only needs to perform corresponding selection and setting operations according to such security protection products. This kind of security protection product will list all the security protection technologies. Generally, all the default security options are selected. The webmaster cancels the unnecessary technology as needed, leaving only the protection technology required by the website.
  • the present invention has been made in order to provide a website protection method and apparatus that overcomes the above problems or at least partially solves the above problems.
  • a website protection method including:
  • the website is secured according to the corresponding security protection rules set.
  • a website protection device comprising:
  • a messaging unit configured to send a test request message to the website server, and receive a response message returned by the website server;
  • a website type determining unit configured to parse the response message, and determine a type of the website
  • a rule setting unit configured to set a corresponding security protection rule for the website according to the type of the website
  • the security protection unit is configured to perform security protection on the website according to the corresponding security protection rules set.
  • the present invention automatically selects the corresponding security protection technology by identifying the type of the website, and the implementation process does not require manual intervention, and has the advantages of convenience and speed, and can truly realize the “one-click” setting; Different types of security protection technologies are set to avoid the security risks caused by human error, and can provide accurate security protection solutions for websites.
  • FIG. 1 shows a flow chart of a website protection method according to an embodiment of the present invention
  • Figure 2 shows a block diagram of an intelligent electronic device for performing the method according to the invention
  • Figure 3 shows a schematic diagram of a storage unit for holding or carrying program code implementing the method according to the invention.
  • a website is a collection of related web pages for displaying specific content created on the Internet using tools such as HTML according to certain rules.
  • the website can be divided into: portal, forum, community, blog, e-commerce website, enterprise website.
  • These sites have different levels and requirements for security protection.
  • the most common web application security vulnerabilities include: SQL injection, XSS cross-site, form bypass, cookie spoofing, information leakage, Google hacking, access control errors, PHP-specific exploits, and variable abuse. Use, file inclusion, upload vulnerability attacks, web page tampering, hanging horses, etc.
  • the web application firewall provides a converged solution for web security and web application delivery for web services of various websites, ensuring the security and performance of web services.
  • the web application firewall can set security rules, that is, set corresponding security protection technologies for the above different security vulnerabilities.
  • the invention provides a website protection method, which automatically loads the corresponding protection technology of the type by identifying the website type, thereby realizing the website security protection accurately and conveniently.
  • FIG. 1 is a flowchart of a website protection method according to an embodiment of the present invention, which mainly includes:
  • S101 Send a test request message to the website server, and receive a response message returned by the website server;
  • the service node sends a test request message to the website server.
  • the firewall server sends a test request to the web site server, and the firewall server is responsible for parsing the data returned by the website.
  • the method further includes: constructing the test request message according to the predetermined rule.
  • the following is an example.
  • Dedecms is called “weaving dreams” and is a PHP open source website content management system.
  • Website construction can be achieved through the dedecms template.
  • the following website that will be built through the dedecms system is called “dedecms type website”.
  • Phpcms is also a website content management system and an open source PHP development framework. Website construction can be achieved through the Phpcms template. The following website that is built through the Phpcms system is called "Phpcms type website.”
  • test request message For example, for a dedecms type of website, you can construct a test request message:
  • test request message is implemented by constructing a URL (Uniform Resource Locator) for testing including a "dede” field.
  • URL Uniform Resource Locator
  • test request message can be constructed:
  • the corresponding website type is determined according to the identifier parsed from the corresponding information.
  • the firewall server parses the response message and learns the type of the website based on the uri and the submitted parameters.
  • uri refers to the Uniform Resource Identifier, which is used to locate each resource (HTML document, image, video clip, program, etc.) available on the Web.
  • a URI generally consists of three parts:
  • URI which conforms to the current RFC 4395 specification: protocol name:://domain name.root domain/directory/filename.suffix.
  • URIs point to the inside of a resource. This URI ends with "#" followed by an anchor identifier (called a fragment identifier). For example, here is a URI pointing to section_2:
  • Protocol://domain name/directory/file# fragment identifier for example: /a/b.php#a.
  • the relative URI does not contain any naming specification information. Its path usually refers to resources on the same machine. Relative URIs may contain relative paths (eg, "..” means the previous path) and may also contain fragment identifiers.
  • the firewall server identifies the uri specific characters and parameters based on the parsing of the response message, and learns the type of the website.
  • the response message contains a unique rule, for example:
  • the response message contains unique rules, as follows:
  • the firewall server parses out the above specific data/parameters, the corresponding website type can be known.
  • the protection technology corresponding to the dedecms type website is automatically set, if the Phpcms type website is identified; the corresponding protection technology of the Phpcms type is automatically set. Surgery.
  • different security rule bases may be set for different types of websites in advance. After the website type is identified, the corresponding security rule base is automatically invoked, so that the corresponding security protection technology is selected according to the website type.
  • the security rule library contains security rules: SQL injection attack filtering, page tampering and recovery functions, and control of the application layer to restrict some users from uploading files and accessing sensitive pages. , comprehensive tracking and analysis of suspicious ip, and so on.
  • the security rules library contains security rules: SQL injection attack filtering, XSS cross-site identification, form bypass identification, anti-page tampering, and so on.
  • the method further includes: dividing the security protection rule into a general security protection rule and a special security protection rule.
  • setting the corresponding security protection rules for the website includes: setting the general security protection rules and the corresponding special security protection rules as the protection rules of the website according to the determined type of the website. This ensures targeted security protection for the website.
  • S104 Perform security protection on the website according to the set security protection rules.
  • the firewall server runs the security rules set in step 103 above to provide corresponding security protection for the website.
  • the security rules including "filtering of SQL injection attacks, page tampering and recovery functions, control of the application layer to restrict access to files and access to sensitive pages, and full tracking and analysis of suspicious ips" are initiated.
  • the library the firewall server provides these security protections for the website.
  • the access request message is matched with the security protection rule for the website, and if the security protection rule is hit, it is considered as an attack, so the access request message is filtered out; if it is missed, it is considered to be safe. Therefore, the access request message is released.
  • the present invention automatically selects the corresponding security protection technology by identifying the type of the website, and the implementation process does not require manual intervention, and has the advantages of convenience and speed, and can truly realize the “one-click” setting; Different types of security protection technologies are set to avoid the security risks caused by human error, and can provide accurate security protection solutions for websites.
  • the present invention also provides a website protection device.
  • the device can be implemented by hardware, software, or a combination of hardware and software.
  • the device may refer to a functional entity inside a service node (for example, a firewall server) or the service node device itself, as long as the function of the device is implemented.
  • the website protection device includes:
  • a messaging unit configured to send a test request message to the website server, and receive a response message returned by the website server;
  • a website type determining unit for parsing the response message and determining the type of the website
  • a rule setting unit configured to set a corresponding security protection rule for the website according to the type of the website
  • the security protection unit is used to protect the website according to the corresponding security protection rules.
  • the apparatus further comprises: a test message construction unit configured to construct a test request message according to a predetermined rule.
  • test request message For example, for a dedecms type of website, you can construct a test request message:
  • test request message is implemented by constructing a URL (Uniform Resource Locator) for testing including a "dede” field.
  • URL Uniform Resource Locator
  • test request message can be constructed:
  • the apparatus further includes: a website type classification unit, configured to determine a corresponding website type according to the identifier parsed from the corresponding information.
  • a website type classification unit configured to determine a corresponding website type according to the identifier parsed from the corresponding information.
  • the response message contains a unique rule, for example:
  • the response message contains unique rules, as follows:
  • the rule setting unit is further configured to divide the security protection rules into general security protection rules and special security protection rules. Accordingly, the rule setting unit sets a general security protection rule and a corresponding special security protection rule as the protection rule of the website according to the determined type of the website.
  • the message sending and receiving unit is further configured to receive an access request message to the website, and correspondingly, the security protection unit matches the access request message with the security protection rule, and if the access request message hits the security protection rule, filtering the access Request message; if missed, release the access request message.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
  • the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of the functionality of some or all of the components of the website protection device in accordance with embodiments of the present invention.
  • the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • a program implementing the present invention can be stored On a computer readable medium, or in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
  • FIG. 2 illustrates an intelligent electronic device that can implement a method of implementing cloud killing against a kill test in accordance with the present invention.
  • the intelligent electronic device conventionally includes a processor 210 and a computer program product or computer readable medium in the form of a memory 220.
  • the memory 220 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM.
  • the memory 220 has a memory space 230 for program code 231 for performing any of the method steps described above.
  • storage space 230 for program code may include various program code 231 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such computer program products are typically portable or fixed storage units as described with reference to FIG.
  • the storage unit may have a storage section or a storage space or the like arranged similarly to the storage 220 in the intelligent electronic device of FIG. 2.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit comprises a program 231' for performing the steps of the method according to the invention, ie a code readable by a processor, such as 210, which, when run by the intelligent electronic device, causes the intelligent electronic device Perform the various steps in the method described above.

Abstract

Disclosed are a website protection method and device. The method comprises: sending a test request message to a website server, and receiving a response message which is returned by the website server; parsing the response message, and determining the type of the website; according to the type of the website, setting a corresponding security protection rule for the website; and according to the set corresponding security protection rule, conducting security protection on the website. By way of recognizing the type of the website, the present invention automatically selects a corresponding security protection technology for the website; since there is no need for manual intervention in an implementation process, the present invention has the advantages of convenience and quickness, and can really achieve one-click setting; moreover, since different types of security protection technologies are set for different websites in advance, the potential security risks caused by artificial selection errors are avoided, and accurate security protection solutions can be provided for the websites.

Description

网站防护方法及装置Website protection method and device 技术领域Technical field
本发明涉及网络安全技术领域,具体涉及一种网站防护方法及装置。The present invention relates to the field of network security technologies, and in particular, to a website protection method and apparatus.
背景技术Background technique
随着互联网迅速发展,网络安全问题也非常严峻。针对网站架构,网站安全问题主要分为以下四个方面:服务器安全、边界安全、Internet和Extranet上的安全。在攻击行为发生前,做到防患于未然是预防措施的关键,防火墙系统是网站安全的第一道防线,它可以过滤并阻挡许多攻击行为的发生。With the rapid development of the Internet, network security issues are also very serious. For website architecture, website security issues are mainly divided into the following four aspects: server security, border security, security on the Internet and extranet. Before the attack occurs, it is the key to preventive measures before the attack occurs. The firewall system is the first line of defense for website security. It can filter and block many attacks.
系统管理员(网站站长)作为网站安全的第一道哨岗,既要确保网站服务器系统的安全,也要考虑到网站应用的一些基本安全防护。目前,一些专门的网络安全厂商会提供网站安全防护产品。在网站建设期间,系统管理员只需按照这类安全防护产品进行对应的选择、设置等操作即可。这类安全防护产品会将所有的安全防护技术都罗列出来,一般默认全选,站长根据需要取消掉不需要的技术,而仅留下网站需要的防护技术。As the first post for website security, the system administrator (webmaster) must ensure the security of the web server system and also consider some basic security protections of the website application. Currently, some specialized network security vendors provide website security products. During the construction of the website, the system administrator only needs to perform corresponding selection and setting operations according to such security protection products. This kind of security protection product will list all the security protection technologies. Generally, all the default security options are selected. The webmaster cancels the unnecessary technology as needed, leaving only the protection technology required by the website.
上述这种站长手动选择防护技术的方式比较繁琐,而且有些站长对安全防护技术不是很了解,如果漏选了对网站而言必要的防护技术,则会对网站安全构成威胁。The above-mentioned method of manual selection of protection technology by the stationmaster is cumbersome, and some webmasters are not very familiar with the security protection technology. If the necessary protection technology for the website is omitted, it will pose a threat to website security.
发明内容Summary of the invention
鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的网站防护方法及装置。In view of the above problems, the present invention has been made in order to provide a website protection method and apparatus that overcomes the above problems or at least partially solves the above problems.
依据本发明的一个方面,提供一种网站防护方法,包括:According to an aspect of the present invention, a website protection method is provided, including:
向网站服务器发送测试请求消息,并接收所述网站服务器返回的响应消息;Sending a test request message to the website server, and receiving a response message returned by the website server;
解析所述响应消息,确定所述网站的类型;Parsing the response message to determine a type of the website;
根据所述网站的类型,为所述网站设置相应的安全防护规则;Setting corresponding security protection rules for the website according to the type of the website;
根据设置的所述相应的安全防护规则,对网站进行安全防护。The website is secured according to the corresponding security protection rules set.
根据本发明的另一方面,还提供了一种网站防护装置,包括:According to another aspect of the present invention, there is also provided a website protection device comprising:
消息收发单元,用于向网站服务器发送测试请求消息,并接收所述网站服务器返回的响应消息;a messaging unit, configured to send a test request message to the website server, and receive a response message returned by the website server;
网站类型确定单元,用于解析所述响应消息,确定所述网站的类型; a website type determining unit, configured to parse the response message, and determine a type of the website;
规则设置单元,用于根据所述网站的类型,为所述网站设置相应的安全防护规则;a rule setting unit, configured to set a corresponding security protection rule for the website according to the type of the website;
安全防护单元,用于根据设置的所述相应的安全防护规则,对网站进行安全防护。The security protection unit is configured to perform security protection on the website according to the corresponding security protection rules set.
可见,本发明通过识别网站类型,为网站自动选择对应的安全防护技术,由于实现过程无需人工干预,具有方便、快捷的优点,可真正实现“一键式”设置;而且,由于预先为不同网站设置了不同类型的安全防护技术,避免由于人为选择错误而存着的安全隐患,能够为网站提供精准的安全防护方案。It can be seen that the present invention automatically selects the corresponding security protection technology by identifying the type of the website, and the implementation process does not require manual intervention, and has the advantages of convenience and speed, and can truly realize the “one-click” setting; Different types of security protection technologies are set to avoid the security risks caused by human error, and can provide accurate security protection solutions for websites.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, and the above-described and other objects, features and advantages of the present invention can be more clearly understood. Specific embodiments of the invention are set forth below.
附图说明DRAWINGS
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be construed as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图1示出了根据本发明一个实施例的网站防护方法流程图;1 shows a flow chart of a website protection method according to an embodiment of the present invention;
图2示出了用于执行根据本发明的方法的智能电子设备的框图;以及Figure 2 shows a block diagram of an intelligent electronic device for performing the method according to the invention;
图3示出了用于保持或者携带实现根据本发明的方法的程序代码的存储单元示意图。Figure 3 shows a schematic diagram of a storage unit for holding or carrying program code implementing the method according to the invention.
具体实施方式detailed description
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the embodiments of the present invention have been shown in the drawings, the embodiments Rather, these embodiments are provided so that this disclosure will be more fully understood and the scope of the disclosure will be fully disclosed.
网站是指在因特网上,根据一定的规则,使用HTML等工具制作的用于展示特定内容的相关网页的集合。根据功能,网站可以分为:门户网站、论坛、社区、博客、电子商务网站、企事业网站等。这些网站对安全防护的级别和需求不同。以门户网站为例,由于用户多、浏览量大,因而存在较高的安全风险。目前较常见的web应用安全漏洞包括:SQL注入、XSS跨站、表单绕过、Cookies欺骗、信息泄漏、GoogleHacking、访问控制错误、PHP特有漏洞攻击、变量滥 用、文件包含、上传漏洞攻击、网页篡改、挂马等。web应用防火墙针对各类网站的web业务,提供web安全和web应用交付的融合解决方案,确保web业务的安全和性能。web应用防火墙可设置安全规则,即针对上述不同安全漏洞设置对应的安全防护技术。A website is a collection of related web pages for displaying specific content created on the Internet using tools such as HTML according to certain rules. According to the function, the website can be divided into: portal, forum, community, blog, e-commerce website, enterprise website. These sites have different levels and requirements for security protection. Taking the portal as an example, due to the large number of users and large page views, there is a high security risk. The most common web application security vulnerabilities include: SQL injection, XSS cross-site, form bypass, cookie spoofing, information leakage, Google Hacking, access control errors, PHP-specific exploits, and variable abuse. Use, file inclusion, upload vulnerability attacks, web page tampering, hanging horses, etc. The web application firewall provides a converged solution for web security and web application delivery for web services of various websites, ensuring the security and performance of web services. The web application firewall can set security rules, that is, set corresponding security protection technologies for the above different security vulnerabilities.
本发明提供一种网站防护方法,通过识别网站类型,自动加载该类型对应的防护技术,从而可准确、方便地实现网站安全防护。The invention provides a website protection method, which automatically loads the corresponding protection technology of the type by identifying the website type, thereby realizing the website security protection accurately and conveniently.
参见图1,为本发明实施例提供的一种网站防护方法的流程图,主要包括:FIG. 1 is a flowchart of a website protection method according to an embodiment of the present invention, which mainly includes:
S101:向网站服务器发送测试请求消息,并接收网站服务器返回的响应消息;S101: Send a test request message to the website server, and receive a response message returned by the website server;
具体的,服务节点向网站服务器发送测试请求消息,例如,由防火墙服务器向web网站服务器发送测试请求,防火墙服务器负责解析网站返回的数据。Specifically, the service node sends a test request message to the website server. For example, the firewall server sends a test request to the web site server, and the firewall server is responsible for parsing the data returned by the website.
防火墙服务器向网站服务器发送测试请求消息之前,还包括:根据预定规则构造测试请求消息。下面举例说明。Before the firewall server sends the test request message to the website server, the method further includes: constructing the test request message according to the predetermined rule. The following is an example.
目前有专门的内容管理系统为用户提供网站建设服务。dedecms称为“织梦”,是一个PHP开源网站内容管理系统。通过dedecms模版可以实现网站的建设。以下将通过dedecms系统建设的网站称为“dedecms类型网站”。At present, there is a special content management system to provide users with website construction services. Dedecms is called "weaving dreams" and is a PHP open source website content management system. Website construction can be achieved through the dedecms template. The following website that will be built through the dedecms system is called "dedecms type website".
Phpcms也是一个网站内容管理系统,同时也是一个开源的PHP开发框架。通过Phpcms模版可以实现网站的建设。以下将通过Phpcms系统建设的网站称为“Phpcms类型网站”。Phpcms is also a website content management system and an open source PHP development framework. Website construction can be achieved through the Phpcms template. The following website that is built through the Phpcms system is called "Phpcms type website."
比如,对于dedecms类型的网站,可以构造测试请求消息:For example, for a dedecms type of website, you can construct a test request message:
“http://www.test.com/dede/login.php”;如果正常响应,返回非404页面,就可以进行后续的响应解析。可见,通过构建包含“dede”字段的用于测试的URL(统一资源定位符,Uniform Resource Locator)实现上述测试请求消息。"http://www.test.com/dede/login.php"; if the response is normal, returning a non-404 page, you can perform subsequent response resolution. It can be seen that the above test request message is implemented by constructing a URL (Uniform Resource Locator) for testing including a "dede" field.
再如,对于phpcms类型的网站,可以构造测试请求消息:As another example, for a phpcms type of website, a test request message can be constructed:
“http://www.test.com/index.php?m=member&c=index&a=register”。如果正常响应,返回非404页面,就可以进行后续的响应解析。可见,通过构建包含“php相关”字段的用于测试的URL实现上述测试请求消息。"http://www.test.com/index.php?m=member&c=index&a=register". If the response is normal, returning a non-404 page, you can perform subsequent response resolution. It can be seen that the above test request message is implemented by constructing a URL for testing containing a "php related" field.
S102:解析响应消息,获知网站类型;S102: Parse the response message to learn the type of the website;
具体地,根据从所述相应信息中解析出的标识,确定对应的网站类型。例如,防火墙服务器解析响应消息,根据uri及提交的参数,获知网站类型。Specifically, the corresponding website type is determined according to the identifier parsed from the corresponding information. For example, the firewall server parses the response message and learns the type of the website based on the uri and the submitted parameters.
其中,uri是指通用资源标识符(Uniform Resource Identifier),用以对Web上可用的每种资源(HTML文档、图像、视频片段、程序等)进行定位。Among them, uri refers to the Uniform Resource Identifier, which is used to locate each resource (HTML document, image, video clip, program, etc.) available on the Web.
URI一般由三部分组成: A URI generally consists of three parts:
1、主机名。1, the host name.
存放资源的自身的名称,由路径表示。The name of the resource itself, represented by the path.
参考下面的URI,它符合当前的RFC4395规范:协议名称://域名.根域名/目录/文件名.后缀。Refer to the following URI, which conforms to the current RFC 4395 specification: protocol name:://domain name.root domain/directory/filename.suffix.
例如:“http://b.c/d/e.f”(假设b.c是一个可用的域名,e.f是一个标准的文件),这个URI的解释是:这是一个可通过HTTP协议访问的资源,位于主机b.c上,通过URI中的字符串“/d”访问主机上的“d”文件夹,通过“e.f”请求访问主机上“/d/e.f”这个文件。再如URI的另一个例子:“mailto:名称@域名”,是指向一个用户的邮箱。For example: "http://bc/d/ef" (assuming bc is an available domain name, ef is a standard file), the interpretation of this URI is: This is a resource accessible through the HTTP protocol, located in the host bc On the host, access the "d" folder on the host through the string "/d" in the URI, and request access to the file "/d/ef" on the host through "ef". Another example is the URI: "mailto: name@domain", which points to a user's mailbox.
2、标志符2, the identifier
有的URI指向一个资源的内部。这种URI以"#"结束,并跟着一个anchor标志符(称为片段标志符)。例如,下面是一个指向section_2的URI:Some URIs point to the inside of a resource. This URI ends with "#" followed by an anchor identifier (called a fragment identifier). For example, here is a URI pointing to section_2:
协议://域名/目录/文件#片段标示符(例如:/a/b.php#a)。Protocol://domain name/directory/file# fragment identifier (for example: /a/b.php#a).
3、相对URI3, relative URI
相对URI不包含任何命名规范信息。它的路径通常指同一台机器上的资源。相对URI可能含有相对路径(如,“..”表示上一层路径),还可能包含片段标志符。The relative URI does not contain any naming specification information. Its path usually refers to resources on the same machine. Relative URIs may contain relative paths (eg, ".." means the previous path) and may also contain fragment identifiers.
防火墙服务器根据对响应消息的解析,识别uri特定字符及参数,获知网站类型。The firewall server identifies the uri specific characters and parameters based on the parsing of the response message, and learns the type of the website.
例如,对于dedecms类型网站,其响应消息包含特有的规则,举例如下:For example, for a dedecms type website, the response message contains a unique rule, for example:
1、uri为“/include/common\.inc\.php”,并且提交的数据里面包含“GLOBALS”;1, uri is "/include/common\.inc\.php", and the submitted data contains "GLOBALS";
2、uri为“/plus/carbuyaction\.php”,并且提交的参数里面有“../”。2, uri is "/plus/carbuyaction\.php", and the parameters submitted are "../".
再如,对于Phpcms类型网站,其响应消息包含特有的规则,举例如下:As another example, for Phpcms type websites, the response message contains unique rules, as follows:
1、uri为“/yp/product.php”,并且提交的参数里面有“\bpagesize\s*=.*?print”这种模式的数据;1, uri is "/yp/product.php", and the parameters submitted are "\bpagesize\s*=.*?print" mode data;
2、对于所有的uri,提交的参数里面有“\ba\s*=\s*account_manage_avatar\b”这种模式的数据,并且提交的数据里面有“\b<\?php\b”这种模式的数据。2, for all uri, the submitted parameters have "\ba\s*=\s*account_manage_avatar\b" mode data, and the submitted data has "\b<\?php\b" Mode data.
也就是,如果防火墙服务器解析出上述特定数据/参数时,即可获知对应的网站类型。That is, if the firewall server parses out the above specific data/parameters, the corresponding website type can be known.
S103:根据网站类型,为网站设置相应的安全防护规则;S103: Set corresponding security protection rules for the website according to the type of the website;
例如,如果识别出是dedecms类型网站,自动设置dedecms类型网站对应的防护技术,如果识别出是Phpcms类型网站;自动设置Phpcms类型对应的防护技 术。For example, if it is identified as a dedecms type website, the protection technology corresponding to the dedecms type website is automatically set, if the Phpcms type website is identified; the corresponding protection technology of the Phpcms type is automatically set. Surgery.
具体实现中,可以预先地为不同类型网站设置不同的安全规则库,当识别出网站类型之后,即自动调用对应的安全规则库,从而实现根据网站类型选取对应的安全防护技术。In a specific implementation, different security rule bases may be set for different types of websites in advance. After the website type is identified, the corresponding security rule base is automatically invoked, so that the corresponding security protection technology is selected according to the website type.
比如,对于某一个类型的网站,其安全规则库包含的安全规则有:SQL注入攻击的过滤、页面防篡改功能及恢复功能、对应用层进行控制从而限制部分用户上传文件及对敏感页面的访问、对可疑ip进行全面跟踪分析,等。而对另一个类型的网站,其安全规则库包含的安全规则有:SQL注入攻击的过滤、XSS跨站识别、表单绕过识别、防网页篡改,等。For example, for a certain type of website, the security rule library contains security rules: SQL injection attack filtering, page tampering and recovery functions, and control of the application layer to restrict some users from uploading files and accessing sensitive pages. , comprehensive tracking and analysis of suspicious ip, and so on. For another type of website, the security rules library contains security rules: SQL injection attack filtering, XSS cross-site identification, form bypass identification, anti-page tampering, and so on.
本领域技术人员理解,对于各种类型的网站,安全等级不同,但是一些常规的通用安全防护技术是大部分网站都需要的,在通用防护技术之外,根据需求特定网站需要额外的补充式的专用防护技术。因此,优选地,在为所述网站设置相应的安全防护规则之前,还包括:将安全防护规则分为通用安全防护规则和专用安全防护规则。那么相应的,为网站设置相应的安全防护规则就包括:根据所确定的网站的类型,设置通用安全防护规则及相应的专用安全防护规则作为该网站的防护规则。由此,可保证对网站进行针对性的安全防护。Those skilled in the art understand that the security level is different for various types of websites, but some conventional general security protection technologies are required by most websites. In addition to general protection technologies, specific websites need additional supplements according to requirements. Special protection technology. Therefore, before the setting of the corresponding security protection rule for the website, the method further includes: dividing the security protection rule into a general security protection rule and a special security protection rule. Correspondingly, setting the corresponding security protection rules for the website includes: setting the general security protection rules and the corresponding special security protection rules as the protection rules of the website according to the determined type of the website. This ensures targeted security protection for the website.
S104:根据设置的安全防护规则,对网站进行安全防护。S104: Perform security protection on the website according to the set security protection rules.
防火墙服务器运行上述步骤103设置的安全规则,为网站提供对应的安全防护。例如,对于启动了包含“SQL注入攻击的过滤、页面防篡改功能及恢复功能、对应用层进行控制从而限制部分用户上传文件及对敏感页面的访问、对可疑ip进行全面跟踪分析”的安全规则库,防火墙服务器即为网站提供这些安全防护。在具体实现中,针对网站的访问请求消息,将访问请求消息与安全防护规则进行匹配,如果命中安全防护规则,则认为是攻击,因此过滤掉该访问请求消息;若未命中,则认为是安全的,因此放行访问请求消息。The firewall server runs the security rules set in step 103 above to provide corresponding security protection for the website. For example, the security rules including "filtering of SQL injection attacks, page tampering and recovery functions, control of the application layer to restrict access to files and access to sensitive pages, and full tracking and analysis of suspicious ips" are initiated. The library, the firewall server provides these security protections for the website. In a specific implementation, the access request message is matched with the security protection rule for the website, and if the security protection rule is hit, it is considered as an attack, so the access request message is filtered out; if it is missed, it is considered to be safe. Therefore, the access request message is released.
可见,本发明通过识别网站类型,为网站自动选择对应的安全防护技术,由于实现过程无需人工干预,具有方便、快捷的优点,可真正实现“一键式”设置;而且,由于预先为不同网站设置了不同类型的安全防护技术,避免由于人为选择错误而存着的安全隐患,能够为网站提供精准的安全防护方案。It can be seen that the present invention automatically selects the corresponding security protection technology by identifying the type of the website, and the implementation process does not require manual intervention, and has the advantages of convenience and speed, and can truly realize the “one-click” setting; Different types of security protection technologies are set to avoid the security risks caused by human error, and can provide accurate security protection solutions for websites.
与上述方法相对应,本发明还提供一种网站防护装置。该装置可以由硬件、软件或软硬件结合实现。具体地,该装置可以是指服务节点(例如:防火墙服务器)内部的功能实体或者该服务节点设备本身,只要实现该装置的功能即可。Corresponding to the above method, the present invention also provides a website protection device. The device can be implemented by hardware, software, or a combination of hardware and software. Specifically, the device may refer to a functional entity inside a service node (for example, a firewall server) or the service node device itself, as long as the function of the device is implemented.
具体地,该网站防护装置包括:Specifically, the website protection device includes:
消息收发单元,用于向网站服务器发送测试请求消息,并接收网站服务器返回的响应消息; a messaging unit, configured to send a test request message to the website server, and receive a response message returned by the website server;
网站类型确定单元,用于解析响应消息,确定网站的类型;a website type determining unit for parsing the response message and determining the type of the website;
规则设置单元,用于根据网站的类型,为网站设置相应的安全防护规则;a rule setting unit, configured to set a corresponding security protection rule for the website according to the type of the website;
安全防护单元,用于根据设置的相应的安全防护规则,对网站进行安全防护。The security protection unit is used to protect the website according to the corresponding security protection rules.
优选地,该装置还包括:测试消息构造单元,用于根据预定规则构造测试请求消息。Preferably, the apparatus further comprises: a test message construction unit configured to construct a test request message according to a predetermined rule.
比如,对于dedecms类型的网站,可以构造测试请求消息:For example, for a dedecms type of website, you can construct a test request message:
“http://www.test.com/dede/login.php”;如果正常响应,返回非404页面,就可以进行后续的响应解析。可见,通过构建包含“dede”字段的用于测试的URL(统一资源定位符,Uniform Resource Locator)实现上述测试请求消息。"http://www.test.com/dede/login.php"; if the response is normal, returning a non-404 page, you can perform subsequent response resolution. It can be seen that the above test request message is implemented by constructing a URL (Uniform Resource Locator) for testing including a "dede" field.
再如,对于phpcms类型的网站,可以构造测试请求消息:As another example, for a phpcms type of website, a test request message can be constructed:
“http://www.test.com/index.php?m=member&c=index&a=register”。如果正常响应,返回非404页面,就可以进行后续的响应解析。可见,通过构建包含“php相关”字段的用于测试的URL实现上述测试请求消息。"http://www.test.com/index.php?m=member&c=index&a=register". If the response is normal, returning a non-404 page, you can perform subsequent response resolution. It can be seen that the above test request message is implemented by constructing a URL for testing containing a "php related" field.
优选地,该装置还包括:网站类型分类单元,用于根据从所述相应信息中解析出的标识,确定对应的网站类型。Preferably, the apparatus further includes: a website type classification unit, configured to determine a corresponding website type according to the identifier parsed from the corresponding information.
例如,对于dedecms类型网站,其响应消息包含特有的规则,举例如下:For example, for a dedecms type website, the response message contains a unique rule, for example:
1、uri为“/include/common\.inc\.php”,并且提交的数据里面包含“GLOBALS”;1, uri is "/include/common\.inc\.php", and the submitted data contains "GLOBALS";
2、uri为“/plus/carbuyaction\.php”,并且提交的参数里面有“../”。2, uri is "/plus/carbuyaction\.php", and the parameters submitted are "../".
再如,对于Phpcms类型网站,其响应消息包含特有的规则,举例如下:As another example, for Phpcms type websites, the response message contains unique rules, as follows:
1、uri为“/yp/product.php”,并且提交的参数里面有“\bpagesize\s*=.*?print”这种模式的数据;1, uri is "/yp/product.php", and the parameters submitted are "\bpagesize\s*=.*?print" mode data;
2、对于所有的uri,提交的参数里面有“\ba\s*=\s*account_manage_avatar\b”这种模式的数据,并且提交的数据里面有“\b<\?php\b”这种模式的数据。2, for all uri, the submitted parameters have "\ba\s*=\s*account_manage_avatar\b" mode data, and the submitted data has "\b<\?php\b" Mode data.
其中,规则设置单元,还用于将安全防护规则分为通用安全防护规则和专用安全防护规则。对应地,规则设置单元,根据所确定的网站的类型,设置通用安全防护规则及相应的专用安全防护规则作为该网站的防护规则。The rule setting unit is further configured to divide the security protection rules into general security protection rules and special security protection rules. Correspondingly, the rule setting unit sets a general security protection rule and a corresponding special security protection rule as the protection rule of the website according to the determined type of the website.
优选地,消息收发单元还用于接收对网站的访问请求消息,对应地,安全防护单元,对访问请求消息与安全防护规则进行匹配,若访问请求消息命中安全防护规则,则过滤掉所述访问请求消息;若未命中,则放行访问请求消息。Preferably, the message sending and receiving unit is further configured to receive an access request message to the website, and correspondingly, the security protection unit matches the access request message with the security protection rule, and if the access request message hits the security protection rule, filtering the access Request message; if missed, release the access request message.
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有 相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided here are not inherent to any particular computer, virtual system, or other device. Related. Various general purpose systems can also be used with the teaching based on the teachings herein. The structure required to construct such a system is apparent from the above description. Moreover, the invention is not directed to any particular programming language. It is to be understood that the invention may be embodied in a variety of programming language, and the description of the specific language has been described above in order to disclose the preferred embodiments of the invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, the various features of the invention are sometimes grouped together into a single embodiment, in the above description of the exemplary embodiments of the invention, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those recited in the claims. Rather, as the following claims reflect, inventive aspects reside in less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the embodiments, and each of the claims as a separate embodiment of the invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。In addition, those skilled in the art will appreciate that, although some embodiments described herein include certain features that are included in other embodiments and not in other features, combinations of features of different embodiments are intended to be within the scope of the present invention. Different embodiments are formed and formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的网站防护装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储 在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components of the website protection device in accordance with embodiments of the present invention. The invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the present invention can be stored On a computer readable medium, or in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
例如,图2示出了可以实现根据本发明的实现对抗免杀测试的云查杀的方法的智能电子设备。该智能电子设备传统上包括处理器210和以存储器220形式的计算机程序产品或者计算机可读介质。存储器220可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储器220具有用于执行上述方法中的任何方法步骤的程序代码231的存储空间230。例如,用于程序代码的存储空间230可以包括分别用于实现上面的方法中的各种步骤的各个程序代码231。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘,紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为如参考图3所述的便携式或者固定存储单元。该存储单元可以具有与图2的智能电子设备中的存储器220类似布置的存储段或者存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元包括用于执行根据本发明的方法步骤的程序231’,即可以由例如诸如210之类的处理器读取的代码,这些代码当由智能电子设备运行时,导致该智能电子设备执行上面所描述的方法中的各个步骤。For example, FIG. 2 illustrates an intelligent electronic device that can implement a method of implementing cloud killing against a kill test in accordance with the present invention. The intelligent electronic device conventionally includes a processor 210 and a computer program product or computer readable medium in the form of a memory 220. The memory 220 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM. The memory 220 has a memory space 230 for program code 231 for performing any of the method steps described above. For example, storage space 230 for program code may include various program code 231 for implementing various steps in the above methods, respectively. The program code can be read from or written to one or more computer program products. These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such computer program products are typically portable or fixed storage units as described with reference to FIG. The storage unit may have a storage section or a storage space or the like arranged similarly to the storage 220 in the intelligent electronic device of FIG. 2. The program code can be compressed, for example, in an appropriate form. In general, the storage unit comprises a program 231' for performing the steps of the method according to the invention, ie a code readable by a processor, such as 210, which, when run by the intelligent electronic device, causes the intelligent electronic device Perform the various steps in the method described above.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。 It is to be noted that the above-described embodiments are illustrative of the invention and are not intended to be limiting, and that the invention may be devised without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.

Claims (14)

  1. 一种网站防护方法,其特征在于,包括:A website protection method, comprising:
    向网站服务器发送测试请求消息,并接收所述网站服务器返回的响应消息;Sending a test request message to the website server, and receiving a response message returned by the website server;
    解析所述响应消息,确定所述网站的类型;Parsing the response message to determine a type of the website;
    根据所述网站的类型,为所述网站设置相应的安全防护规则;Setting corresponding security protection rules for the website according to the type of the website;
    根据设置的所述相应的安全防护规则,对网站进行安全防护。The website is secured according to the corresponding security protection rules set.
  2. 如权利要求1所述的方法,所述向网站服务器发送测试请求消息之前,还包括:根据预定规则构造测试请求消息。The method of claim 1, before the sending the test request message to the website server, further comprising: constructing the test request message according to the predetermined rule.
  3. 如权利要求1所述的方法,所述确定所述网站的类型,包括:根据从所述相应信息中解析出的标识,确定对应的网站类型。The method of claim 1, the determining the type of the website comprises: determining a corresponding website type based on the identification parsed from the corresponding information.
  4. 如权利要求1所述的方法,所述根据所述网站的类型,为所述网站设置相应的安全防护规则之前,还包括:将安全防护规则分为通用安全防护规则和专用安全防护规则。The method of claim 1, before the setting a corresponding security protection rule for the website according to the type of the website, further comprising: dividing the security protection rule into a general security protection rule and a special security protection rule.
  5. 如权利要求4所述的方法,所述根据所述网站的类型,为所述网站设置相应的安全防护规则,包括:根据所确定的网站的类型,设置通用安全防护规则及相应的专用安全防护规则作为该网站的防护规则。The method according to claim 4, wherein the setting a corresponding security protection rule for the website according to the type of the website comprises: setting a general security protection rule and corresponding special security protection according to the determined type of the website Rules serve as a protection rule for the site.
  6. 如权利要求1-5中任一项所述的方法,根据设置的所述相应的安全防护规则,对网站进行安全防护,包括:若针对所述网站的访问请求消息命中所述安全防护规则,则过滤掉所述访问请求消息;若未命中,则放行所述访问请求消息。The method according to any one of claims 1-5, the security protection of the website according to the set security protection rule, comprising: if the access request message for the website hits the security protection rule, The access request message is filtered out; if not, the access request message is released.
  7. 一种网站防护装置,其特征在于,包括:A website protection device, comprising:
    消息收发单元,用于向网站服务器发送测试请求消息,并接收所述网站服务器返回的响应消息;a messaging unit, configured to send a test request message to the website server, and receive a response message returned by the website server;
    网站类型确定单元,用于解析所述响应消息,确定所述网站的类型;a website type determining unit, configured to parse the response message, and determine a type of the website;
    规则设置单元,用于根据所述网站的类型,为所述网站设置相应的安全防护规则;a rule setting unit, configured to set a corresponding security protection rule for the website according to the type of the website;
    安全防护单元,用于根据设置的所述相应的安全防护规则,对网站进行安全防护。The security protection unit is configured to perform security protection on the website according to the corresponding security protection rules set.
  8. 如权利要求7所述的装置,所述装置还包括:测试消息构造单元,用于根据预定规则构造测试请求消息。The apparatus of claim 7, the apparatus further comprising: a test message construction unit for constructing a test request message according to a predetermined rule.
  9. 如权利要求7所述的装置,还包括:网站类型分类单元,用于根据从所述相应信息中解析出的标识,确定对应的网站类型。The apparatus according to claim 7, further comprising: a website type classification unit configured to determine a corresponding website type based on the identification parsed from the corresponding information.
  10. 如权利要求7所述的装置,所述规则设置单元,还用于将安全防护规 则分为通用安全防护规则和专用安全防护规则。The apparatus according to claim 7, wherein said rule setting unit is further configured to use a security guard It is divided into general security protection rules and special security protection rules.
  11. 如权利要求10所述的装置,所述规则设置单元,根据所确定的网站的类型,设置通用安全防护规则及相应的专用安全防护规则作为该网站的防护规则。The apparatus according to claim 10, wherein the rule setting unit sets a general security protection rule and a corresponding special security protection rule as the protection rule of the website according to the determined type of the website.
  12. 如权利要求7-11中任一项所述的方法,所述消息收发单元还用于接收对所述网站的访问请求消息,所述安全防护单元,对所述访问请求消息与所述安全防护规则进行匹配,若所述访问请求消息命中所述安全防护规则,则过滤掉所述访问请求消息;若未命中,则放行所述访问请求消息。The method according to any one of claims 7 to 11, the message transceiving unit is further configured to receive an access request message to the website, the security protection unit, the access request message and the security protection The rules are matched. If the access request message hits the security protection rule, the access request message is filtered out; if not, the access request message is released.
  13. 一种计算机程序,包括计算机可读代码,当智能电子设备运行所述计算机可读代码运行时,导致权利要求1-6中的任一项权利要求所述的方法被执行。A computer program comprising computer readable code for causing a method of any one of claims 1-6 to be performed when the intelligent electronic device is operative to run the computer readable code.
  14. 一种计算机可读介质,其中存储了如权利要求13所述的计算机程序。 A computer readable medium storing the computer program of claim 13.
PCT/CN2014/089960 2013-12-16 2014-10-31 Website protection method and device WO2015090117A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310689662.XA CN103685274A (en) 2013-12-16 2013-12-16 Method and device for protecting websites
CN201310689662.X 2013-12-16

Publications (1)

Publication Number Publication Date
WO2015090117A1 true WO2015090117A1 (en) 2015-06-25

Family

ID=50321588

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/089960 WO2015090117A1 (en) 2013-12-16 2014-10-31 Website protection method and device

Country Status (2)

Country Link
CN (1) CN103685274A (en)
WO (1) WO2015090117A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685274A (en) * 2013-12-16 2014-03-26 北京奇虎科技有限公司 Method and device for protecting websites
CN105812393A (en) * 2016-05-24 2016-07-27 浪潮电子信息产业股份有限公司 Website protection device and method
CN107666471A (en) * 2016-07-29 2018-02-06 百度在线网络技术(北京)有限公司 Method and apparatus for protecting website
CN107580005A (en) * 2017-11-01 2018-01-12 北京知道创宇信息技术有限公司 Website protection method, device, website safeguard and readable storage medium storing program for executing
CN111416818A (en) * 2020-03-17 2020-07-14 北京金山云网络技术有限公司 Website security protection method and device and server
CN112087455B (en) * 2020-09-10 2022-10-21 杭州安恒信息技术股份有限公司 WAF site protection rule generation method, system, equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102215222A (en) * 2011-05-09 2011-10-12 北京艾普优计算机系统有限公司 Website protection method and device
CN102523218A (en) * 2011-12-16 2012-06-27 北京神州绿盟信息安全科技股份有限公司 Network safety protection method, equipment and system thereof
CN103095709A (en) * 2013-01-17 2013-05-08 深信服网络科技(深圳)有限公司 Safety protection method and device
CN103685274A (en) * 2013-12-16 2014-03-26 北京奇虎科技有限公司 Method and device for protecting websites

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102185859A (en) * 2011-05-09 2011-09-14 北京艾普优计算机系统有限公司 Computer system and data interaction method
CN103065095A (en) * 2013-01-29 2013-04-24 四川大学 WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102215222A (en) * 2011-05-09 2011-10-12 北京艾普优计算机系统有限公司 Website protection method and device
CN102523218A (en) * 2011-12-16 2012-06-27 北京神州绿盟信息安全科技股份有限公司 Network safety protection method, equipment and system thereof
CN103095709A (en) * 2013-01-17 2013-05-08 深信服网络科技(深圳)有限公司 Safety protection method and device
CN103685274A (en) * 2013-12-16 2014-03-26 北京奇虎科技有限公司 Method and device for protecting websites

Also Published As

Publication number Publication date
CN103685274A (en) 2014-03-26

Similar Documents

Publication Publication Date Title
WO2015090117A1 (en) Website protection method and device
US9992217B2 (en) Methods, systems, and computer readable media for detecting malicious network traffic
Kumar et al. Signature based intrusion detection system using SNORT
US10587647B1 (en) Technique for malware detection capability comparison of network security devices
Velu et al. Mastering Kali Linux for Advanced Penetration Testing: Secure your network with Kali Linux 2019.1–the ultimate white hat hackers' toolkit
US8601586B1 (en) Method and system for detecting web application vulnerabilities
Feng et al. Understanding and securing device vulnerabilities through automated bug report analysis
US8707441B1 (en) Techniques for identifying optimized malicious search engine results
US9009829B2 (en) Methods, systems, and media for baiting inside attackers
US20160359809A1 (en) Real-Time Reconfigurable Web Application Firewall For a Distributed Platform
US8533581B2 (en) Optimizing security seals on web pages
Alosefer et al. Honeyware: a web-based low interaction client honeypot
Chen et al. WebPatrol: Automated collection and replay of web-based malware scenarios
US20140101724A1 (en) Network attack detection and prevention based on emulation of server response and virtual server cloning
KR20090090685A (en) Method and system for determining vulnerability of web application
WO2014121713A1 (en) Url interception processing method, device and system
WO2014032619A1 (en) Web address access method and system
US10440059B1 (en) Embedding contexts for on-line threats into response policy zones
US10931688B2 (en) Malicious website discovery using web analytics identifiers
CN110880983A (en) Penetration testing method and device based on scene, storage medium and electronic device
Serketzis et al. Actionable threat intelligence for digital forensics readiness
Agarwal et al. Metasploit penetration testing cookbook
US9239907B1 (en) Techniques for identifying misleading applications
US11582226B2 (en) Malicious website discovery using legitimate third party identifiers
Li et al. Understanding security risks of embedded devices through fine-grained firmware fingerprinting

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14871281

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14871281

Country of ref document: EP

Kind code of ref document: A1