[go: up one dir, main page]

CN107046544B - Method and device for identifying illegal access request to website - Google Patents

Method and device for identifying illegal access request to website Download PDF

Info

Publication number
CN107046544B
CN107046544B CN201710301078.0A CN201710301078A CN107046544B CN 107046544 B CN107046544 B CN 107046544B CN 201710301078 A CN201710301078 A CN 201710301078A CN 107046544 B CN107046544 B CN 107046544B
Authority
CN
China
Prior art keywords
access request
website
link
client
legal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710301078.0A
Other languages
Chinese (zh)
Other versions
CN107046544A (en
Inventor
罗振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Lexin Software Technology Co Ltd
Original Assignee
Shenzhen Lexin Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Lexin Software Technology Co Ltd filed Critical Shenzhen Lexin Software Technology Co Ltd
Priority to CN201710301078.0A priority Critical patent/CN107046544B/en
Publication of CN107046544A publication Critical patent/CN107046544A/en
Application granted granted Critical
Publication of CN107046544B publication Critical patent/CN107046544B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明实施例公开了一种识别对网站非法访问请求的方法和装置。其中,识别对网站非法访问请求的方法,其特征在于,方法包括:获取客户端对网站发起的访问请求,将获取到的访问请求的链接与白名单的合法性规则进行匹配,根据匹配结果识别获取到的访问请求是否合法。白名单定义了访问请求的合法性规则,当网站服务器获取到访问请求时,加载该白名单定义的合法性规则,将获取到的访问请求与白名单定义的合法性规则进行匹配,根据匹配结果来初步识别获取到的访问请求是否合法,以便根据初步识别结果确定是否加载拦截器进一步验证,可高效准确地识别访问请求的合法性,并且实现按需加载拦截器,节省服务器资源占用,提高了对CSRF攻击进行拦截的准确性。

Figure 201710301078

The embodiment of the present invention discloses a method and a device for identifying an illegal access request to a website. Wherein, the method for identifying an illegal access request to a website is characterized in that the method includes: obtaining the access request initiated by the client to the website, matching the link of the obtained access request with the legality rules of the whitelist, and identifying according to the matching result. Whether the obtained access request is legal. The whitelist defines the legality rules of the access request. When the website server obtains the access request, it loads the legality rules defined by the whitelist, and matches the obtained access request with the legality rules defined by the whitelist. According to the matching result To preliminarily identify whether the obtained access request is legal, so as to determine whether to load the interceptor for further verification according to the preliminary identification result, which can efficiently and accurately identify the legitimacy of the access request, and realize the on-demand loading of the interceptor, saving server resource occupation and improving The accuracy of blocking CSRF attacks.

Figure 201710301078

Description

一种识别对网站的非法访问请求的方法和装置A method and apparatus for identifying an illegal access request to a website

技术领域technical field

本发明涉及网络安全技术领域,尤其涉及一种识别对网站的非法访问请求的方法及装置。The present invention relates to the technical field of network security, and in particular, to a method and device for identifying an illegal access request to a website.

背景技术Background technique

目前网站的安全问题日益严重,网站管理者要从大量的访问请求中寻找到可疑的活动迹象是很困难的。At present, the security problems of websites are becoming more and more serious, and it is very difficult for website administrators to find signs of suspicious activities from a large number of access requests.

现有技术中,一种识别非法http(hyper text transfer protocol,超文本传输协议)访问请求的方案是,根据已知攻击策略(例如CSRF攻击,sql注入攻击),制定对应匹配策略(判断访问请求中的非法字符以及非法关键字)来拦截非法访问请求,实现该方案的途径是利用专门的硬件防火墙来加载相应规则进行过滤;基于CSRF攻击的防护方法可以采用验证http referer字段来实现,其中,根据http协议,在http头中有一个字段叫referer,httpreferer字段记录了该http访问请求的来源地址。另一种方法是,在每个页面表单隐藏一个input校验值为检测字段,用来和服务器验证是否一致。In the prior art, a solution for identifying illegal http (hyper text transfer protocol, hypertext transfer protocol) access requests is to formulate a corresponding matching policy (judging access requests) according to known attack strategies (eg CSRF attack, sql injection attack). Illegal characters and illegal keywords) to intercept illegal access requests. The way to implement this solution is to use a special hardware firewall to load corresponding rules for filtering; the protection method based on CSRF attacks can be implemented by verifying the http referer field, where, According to the http protocol, there is a field called referer in the http header, and the httpreferer field records the source address of the http access request. Another method is to hide an input check value in each page form as a detection field, which is used to verify whether it is consistent with the server.

现有技术的方法中,根据预定的匹配策略来拦截非法访问请求,这种防护方法安全性不高,对CSRF攻击的防护效果不好,检测效率不高,不需要检测的http请求也会占用检测资源。通过在每个页面表单添加input校验值的方法,其开发过程繁琐、效率低下。In the method of the prior art, illegal access requests are intercepted according to a predetermined matching strategy. This protection method has low security, poor protection against CSRF attacks, low detection efficiency, and http requests that do not require detection will also occupy Check resources. By adding an input check value to each page form, the development process is cumbersome and inefficient.

发明内容SUMMARY OF THE INVENTION

为解决相关技术问题,本发明提供一种识别对网站非法访问请求的方法和装置,以高效准确地识别出对网站的非法访问请求。In order to solve the related technical problems, the present invention provides a method and device for identifying an illegal access request to a website, so as to efficiently and accurately identify the illegal access request to a website.

为实现上述目的,本发明实施例采用如下技术方案:To achieve the above purpose, the embodiment of the present invention adopts the following technical solutions:

第一方面,本发明实施例提供了一种识别对网站非法访问请求的方法,所述方法包括:In a first aspect, an embodiment of the present invention provides a method for identifying an illegal access request to a website, the method comprising:

获取客户端对所述网站发起的访问请求;Obtain the access request initiated by the client to the website;

将所述获取到的访问请求的链接与白名单的合法性规则进行匹配,根据匹配结果识别所述获取到的访问请求是否合法。The obtained link of the access request is matched with the legality rule of the whitelist, and whether the obtained access request is legal is identified according to the matching result.

第二方面,本发明实施例还对应提供了一种识别对网站非法访问请求的装置,所述装置包括:In a second aspect, an embodiment of the present invention also provides a device for identifying an illegal access request to a website, the device comprising:

访问请求获取模块,用于获取客户端对所述网站发起的访问请求;an access request acquisition module, used to acquire the access request initiated by the client to the website;

识别模块,用于将所述获取到的访问请求的链接与白名单的合法性规则进行匹配,根据匹配结果识别所述获取到的访问请求是否合法。The identification module is configured to match the obtained link of the access request with the legality rule of the whitelist, and identify whether the obtained access request is legal according to the matching result.

本发明实施例提供的技术方案带来的有益效果:The beneficial effects brought by the technical solutions provided in the embodiments of the present invention:

本技术方案中,白名单定义了访问请求链接的合法性规则,当网站服务器获取客户端对网站发起的访问请求时,加载该白名单所定义的合法性规则,将获取到的访问请求的链接与白名单定义的合法性规则进行匹配,根据匹配结果来初步识别获取到的访问请求是否合法,方案实现简单,可高效地初步识别出访问请求的合法性,以便确定后续是否继续进一步验证其是否合法,以便根据初步识别结果确定是否加载拦截器进一步验证,访问请求合法时无需加载拦截器,初步识别访问请求非法时加载拦截器进一步验证,可准确地识别访问请求的合法性,并且实现按需加载拦截器,节省服务器资源占用,提高了对CSRF攻击进行拦截的准确性。In this technical solution, the whitelist defines the legitimacy rules of the access request link. When the website server obtains the access request initiated by the client to the website, it loads the legitimacy rules defined by the whitelist, and the link of the obtained access request is loaded. Match with the legality rules defined by the whitelist, and initially identify whether the obtained access request is legal according to the matching result. It is legal, so as to determine whether to load the interceptor for further verification according to the preliminary identification results. When the access request is legal, it is not necessary to load the interceptor. When the initial identification of the illegal access request is loaded with the interceptor for further verification, the legality of the access request can be accurately identified, and on-demand Loading an interceptor saves server resource usage and improves the accuracy of intercepting CSRF attacks.

附图说明Description of drawings

为了更清楚地说明本发明实施例中的技术方案,下面将对本发明实施例描述中所需要使用的附图作简单的介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据本发明实施例的内容和这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments of the present invention. Obviously, the drawings in the following description are only some embodiments of the present invention. , for those of ordinary skill in the art, other drawings can also be obtained according to the contents of the embodiments of the present invention and these drawings without creative efforts.

图1是本发明实施例一提供的一种识别对网站非法访问请求的方法的流程示意图;1 is a schematic flowchart of a method for identifying an illegal access request to a website provided by Embodiment 1 of the present invention;

图2是本发明实施例二提供的一种识别对网站非法访问请求的方法的流程示意图;2 is a schematic flowchart of a method for identifying an illegal access request to a website provided by Embodiment 2 of the present invention;

图3是本发明实施例三提供的一种识别对网站非法访问请求的方法的流程示意图;3 is a schematic flowchart of a method for identifying an illegal access request to a website provided by Embodiment 3 of the present invention;

图4A是本发明实施例四提供的一种识别对网站非法访问请求的装置的架构示意图;4A is a schematic structural diagram of a device for identifying an illegal access request to a website according to Embodiment 4 of the present invention;

图4B是图4A中访问请求获取模块410的一种可选实施方式的架构示意图;FIG. 4B is a schematic structural diagram of an optional implementation manner of the access request obtaining module 410 in FIG. 4A;

图4C是图4A中识别模块420的一种可选实施方式的架构示意图。FIG. 4C is a schematic structural diagram of an optional implementation manner of the identification module 420 in FIG. 4A .

具体实施方式Detailed ways

为使本发明解决的技术问题、采用的技术方案和达到的技术效果更加清楚,下面将结合附图对本发明实施例的技术方案作进一步的详细描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the technical problems solved by the present invention, the technical solutions adopted and the technical effects achieved more clearly, the technical solutions of the embodiments of the present invention will be described in further detail below with reference to the accompanying drawings. Obviously, the described embodiments are only the present invention. Some examples, but not all examples. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative efforts shall fall within the protection scope of the present invention.

实施例一Example 1

请参考图1,其是本发明实施例一提供的一种识别对网站非法访问请求的方法的流程示意图。本实施例提供的一种识别对网站非法访问请求的方法,适用于识别客户端对网站发起的访问请求是否合法的场景。本实施例提供的一种识别对网站非法访问请求的方法,可以由识别对网站非法访问请求的装置来执行,该装置可以通过软件和/或硬件来实现,并集成在对应的网站服务器中。Please refer to FIG. 1 , which is a schematic flowchart of a method for identifying an illegal access request to a website provided by Embodiment 1 of the present invention. A method for identifying an illegal access request to a website provided by this embodiment is suitable for a scenario in which an access request initiated by a client to a website is legal. A method for identifying an illegal access request to a website provided by this embodiment may be executed by a device for identifying an illegal access request to a website. The device may be implemented by software and/or hardware and integrated in a corresponding website server.

如图1所示,本实施例提供的一种识别对网站非法访问请求的方法,可以包括如下步骤:As shown in FIG. 1 , a method for identifying an illegal access request to a website provided by this embodiment may include the following steps:

S110、获取客户端对网站发起的访问请求。S110: Acquire an access request initiated by the client to the website.

示例性的,客户端可以为客户持有的终端设备,例如台式电脑、笔记本电脑、平板电脑、手机等。网站可以是指在因特网上根据一定的规则,使用HTML(Hyper Text MarkupLanguage,超文本标记语言)等工具制作的用于展示特定内容相关网页的集合,简单地说,网站是一种沟通工具,网站制作者可以通过网站来发布自己想要公开的资讯,或者利用网站来提供相关的网络服务。网站服务器是指在互联网数据中心中存放网站的服务器,主要用于网站在互联网中的发布、应用,是网络应用的基础设施,每台网站服务器可以接收至少一台客户端对网站发起的网站请求。访问请求可以包括用户浏览网站网页内容的浏览请求,用户在网站上注册账号的注册请求,用户在网站上登录已有账号的登录请求,以及不法人员恶意攻击网站时发起的异常访问请求等。在本实施例中,访问请求可以分为常规访问请求、特定访问请求和异常访问请求,常规访问请求包括浏览请求等这类不涉及网站安全的访问请求,特定访问请求包括注册请求、登录请求和要求访问网站目录文件的请求等这类可能影响网站安全的访问请求,异常访问请求包括要求篡改网站目录文件的请求等这类恶意攻击网站的访问请求。Exemplarily, the client may be a terminal device held by the client, such as a desktop computer, a notebook computer, a tablet computer, a mobile phone, and the like. A website can refer to a collection of web pages that are used to display specific content and related web pages produced by tools such as HTML (Hyper Text Markup Language) according to certain rules on the Internet. Simply put, a website is a communication tool. Producers can publish the information they want to make public through the website, or use the website to provide related network services. A website server refers to a server that stores websites in an Internet data center. It is mainly used for the publication and application of websites on the Internet. It is the infrastructure of network applications. Each website server can receive website requests from at least one client to the website. . Access requests may include browsing requests for users to browse the web content of the website, registration requests for users to register an account on the website, login requests for users to log in to an existing account on the website, and abnormal access requests initiated by criminals maliciously attacking the website, etc. In this embodiment, access requests can be divided into regular access requests, specific access requests, and abnormal access requests. Regular access requests include browsing requests and other access requests that do not involve website security, and specific access requests include registration requests, login requests and Access requests that may affect the security of the website, such as requests to access website directory files, etc., abnormal access requests include requests to tamper with website directory files and other access requests to maliciously attack websites.

举例来说,用户可以在客户端上的网页浏览器输入网站的网址信息,打开网站网页,客户端根据用户的操作对网站发起访问请求,网站服务器获取到该访问请求。其中,客户端发起访问请求的具体方式,和网站服务器获取访问请求的具体方式可以根据实际情况进行设定,这里不作任何限定。For example, the user can enter the website address information in the web browser on the client, open the website page, the client initiates an access request to the website according to the user's operation, and the website server obtains the access request. The specific manner in which the client initiates the access request and the specific manner in which the website server obtains the access request may be set according to the actual situation, which is not limited here.

S120、将获取到的访问请求的链接与白名单的合法性规则进行匹配,根据匹配结果识别获取到的访问请求是否合法。S120. Match the obtained link of the access request with the validity rules of the whitelist, and identify whether the obtained access request is legal according to the matching result.

示例性的,访问请求的链接也称超级链接,是指从一个网页指向一个目标的连接关系,所指向的目标可以是另一个网页,也可以是相同网页上的不同位置,还可以是图片、电子邮件地址、文件、甚至是应用程序等,具体指向的目标视网站服务器获取到的访问请求而定。本实施例中的白名单是基于PHP(PHP:Hypertext Preprocessor,超文本预处理器)框架Kohana配置的,该白名单定义了访问请求链接的合法性规则,白名单的合法性规则是网站服务器初步判断获取到的访问请求是否合法的依据。Exemplarily, the link of the access request is also called a hyperlink, which refers to a connection relationship from a webpage to a target, and the pointed target can be another webpage, or a different location on the same webpage, or a picture, E-mail addresses, files, and even applications, etc., the specific target depends on the access request obtained by the website server. The whitelist in this embodiment is configured based on the PHP (PHP: Hypertext Preprocessor, hypertext preprocessor) framework Kohana, and the whitelist defines the legality rules for accessing the request link, and the legality rules of the whitelist are preliminary to the website server. The basis for judging whether the obtained access request is legitimate.

举例来说,网站服务器管理人员可以预先在指向网站各目标的链接中,对不符合特定链接形式的链接设置标识符,以表示对应该链接的访问请求初步判断为非法访问请求,需要加载拦截器拦截该访问请求,进一步验证该访问请求是否为非法访问请求,而对符合特定链接形式的链接则不设置该标识符,默认对应这类链接的访问请求合法,无需加载拦截器拦截。网站服务器管理人员具体可以根据各链接中的URL(Uniform ResourceLocator,统一资源定位符)来决定是否为某个链接设置标识符,网站上的每个目标文件都对应一个唯一的URL信息,根据链接中的URL信息,可以确定该链接对应的访问请求的类型,例如根据链接中的URL信息,可以确定该链接对应的访问请求为常规访问请求、特定访问请求或异常访问请求,对于常规访问请求的链接不设置标识符,对于特定访问请求的链接和异常访问请求的链接设置标识符。For example, website server administrators can set identifiers for links that do not conform to a specific link form in the links to each target of the website in advance, to indicate that the access request corresponding to the link is initially judged to be an illegal access request, and an interceptor needs to be loaded. Intercept the access request to further verify whether the access request is an illegal access request, and the identifier is not set for links that conform to a specific link form. By default, the access request corresponding to this type of link is legal, and there is no need to load an interceptor to intercept. The website server administrator can specifically decide whether to set an identifier for a link according to the URL (Uniform ResourceLocator) in each link. Each target file on the website corresponds to a unique URL information. The URL information of the link can determine the type of the access request corresponding to the link. For example, according to the URL information in the link, it can be determined that the access request corresponding to the link is a general access request, a specific access request or an abnormal access request. The identifier is not set, and the identifier is set for the link of a specific access request and the link of an abnormal access request.

优选的,所述根据匹配结果识别所述获取到的访问请求是否合法包括:当访问请求的链接不符合设定形式规则时,则拦截访问请求;当访问请求的链接符合设定形式规则时,则不拦截访问请求。即白名单的合法性规则定义为:对于没有设置标识符的链接对应的访问请求判定为合法访问请求,不需加载拦截器拦截访问请求。对于有设置标识符的链接对应的访问请求被认为不符合白名单的合法性规则,初步判定为非法访问请求,需要加载拦截器拦截访问请求进一步验证其是否为非法请求。Preferably, identifying whether the obtained access request is legal according to the matching result includes: when the link of the access request does not conform to the set form rule, intercepting the access request; when the link of the access request conforms to the set form rule, Access requests are not intercepted. That is, the legality rule of the whitelist is defined as: for an access request corresponding to a link without an identifier set, it is determined as a legal access request, and an interceptor does not need to be loaded to intercept the access request. For the access request corresponding to the link with the set identifier, it is considered that it does not meet the legality rules of the whitelist, and it is initially determined to be an illegal access request. It is necessary to load an interceptor to intercept the access request to further verify whether it is an illegal request.

需要说明的是,本实施例通过白名单的合法性规则,是初步判断获取到的访问请求是否合法,对于初步判断为合法的访问请求无需再进一步验证,但对于初步判断为非法的访问请求需加载拦截器进一步验证其是否为非法访问请求,进一步验证的操作流程在实施例三中给出了可选的实施方式,在此不加以赘述。It should be noted that this embodiment uses the legality rule of the whitelist to preliminarily determine whether the obtained access request is legal, and no further verification is required for the access request that is preliminarily determined to be legal, but the access request that is preliminarily determined to be illegal needs to be verified. The loading interceptor further verifies whether it is an illegal access request. The operation flow of the further verification is an optional implementation manner given in the third embodiment, which will not be repeated here.

综上,本发明实施例一提供的识别对网站非法访问请求的方法,白名单定义了访问请求链接的合法性规则,当服务器获取客户端对网站发起的访问请求时,加载该白名单所定义的合法性规则,将获取到的访问请求的链接与白名单定义的合法性规则进行匹配,根据匹配结果来初步识别获取到的访问请求是否合法,方案实现简单,可高效地识别访问请求的合法性,访问请求合法时无需加载拦截器,初步识别访问请求非法时加载拦截器进一步验证,可准确地识别访问请求的合法性,并且实现按需加载拦截器,节省服务器资源占用,提高了对CSRF攻击进行拦截的准确性。To sum up, in the method for identifying an illegal access request to a website provided by the first embodiment of the present invention, the whitelist defines the legitimacy rules of the access request link. When the server obtains the access request initiated by the client to the website, it loads the whitelist defined It matches the obtained access request link with the legality rule defined by the whitelist, and preliminarily identifies whether the obtained access request is legal according to the matching result. The scheme is simple to implement and can efficiently identify the legality of the access request. When the access request is legitimate, there is no need to load the interceptor. When the access request is initially identified as illegal, the interceptor is loaded for further verification, which can accurately identify the legitimacy of the access request, and realize the on-demand loading of the interceptor, which saves the occupation of server resources and improves the response to CSRF. The accuracy with which the attack is intercepted.

实施例二Embodiment 2

请参考图2,其是本发明实施例二提供的一种识别对网站非法访问请求的方法的流程示意图。本实施例与实施例一的主要区别在于,本实施例在实施例的基础上,进一步为实施例一中的S120提供了一种可选实施方式。Please refer to FIG. 2 , which is a schematic flowchart of a method for identifying an illegal access request to a website according to Embodiment 2 of the present invention. The main difference between this embodiment and the first embodiment is that, on the basis of the embodiment, this embodiment further provides an optional implementation manner for S120 in the first embodiment.

如图2所示,本实施例提供的一种识别对网站非法访问请求的方法,可以包括如下步骤:As shown in FIG. 2, a method for identifying an illegal access request to a website provided by this embodiment may include the following steps:

S210、获取客户端对网站发起的访问请求。S210: Acquire an access request initiated by the client to the website.

可选的,在实施例一的基础上,图1中的S120可以包括S221和S222两个步骤,其中:Optionally, on the basis of Embodiment 1, S120 in FIG. 1 may include two steps of S221 and S222, wherein:

S221、对获取到的访问请求进行解析,获得访问请求的链接。S221. Analyze the obtained access request to obtain a link of the access request.

示例性的,本实施例对获取到的访问请求进行解析,是指网站服务器对获取到的访问请求的请求报文解析,获得请求报文中的访问请求的链接部分。Exemplarily, the parsing of the acquired access request in this embodiment means that the website server parses the acquired request message of the access request, and obtains the link part of the access request in the request message.

S222、将访问请求的链接与白名单的合法性规则进行匹配,如果匹配成功,则确定获取到的访问请求合法,如果匹配不成功,则确定获取到的访问请求非法。S222. Match the link of the access request with the legality rule of the whitelist. If the matching is successful, it is determined that the acquired access request is legal, and if the matching is unsuccessful, it is determined that the acquired access request is illegal.

示例性的,本实施例中所述的匹配成功,是指网站服务器获取到的访问请求的链接没有设置标识符,与白名单规定的合法性规则一致;同理,本实施例中所述的匹配不成功,是指网站服务器获取到的访问请求的链接有设置标识符,与白名单规定的合法性规则不一致。Exemplarily, the successful matching described in this embodiment means that the link of the access request obtained by the website server does not have an identifier set, which is consistent with the legality rules specified in the whitelist; If the match is unsuccessful, it means that the link of the access request obtained by the website server has a set identifier, which is inconsistent with the legality rules specified in the whitelist.

同样需要说明的是,本实施例通过白名单的合法性规则,是初步判断获取到的访问请求是否合法,对于初步判断为合法的访问请求无需再进一步验证,但对于初步判断为非法的访问请求需加载拦截器进一步验证其是否为非法访问请求,进一步验证的操作流程在实施例三中给出了可选的实施方式,在此不加以赘述。It should also be noted that the legality rule of the whitelist in this embodiment is to preliminarily determine whether the acquired access request is legal, and no further verification is required for the access request that is preliminarily determined to be legal, but the access request that is preliminarily determined to be illegal does not need to be further verified. An interceptor needs to be loaded to further verify whether it is an illegal access request, and the operation flow of further verification is given in the third embodiment as an optional implementation, which will not be repeated here.

综上,本发明实施例二提供的识别对网站非法访问请求的方法,白名单定义了访问请求链接的合法性规则,当服务器获取客户端对网站发起的访问请求时,加载该白名单所定义的合法性规则,并对获取到的,将获取到的访问请求的链接与白名单定义的合法性规则进行匹配,根据匹配结果来初步识别获取到的访问请求是否合法,方案实现简单,可高效地识别访问请求的合法性,访问请求合法时无需加载拦截器,初步识别访问请求非法时加载拦截器进一步验证,可准确地识别访问请求的合法性,并且实现按需加载拦截器,节省服务器资源占用,提高了对CSRF攻击进行拦截的准确性。To sum up, in the method for identifying an illegal access request to a website provided by the second embodiment of the present invention, the whitelist defines the legitimacy rules of the access request link. When the server obtains the access request initiated by the client to the website, it loads the whitelist defined It matches the obtained link of the access request with the legality rules defined by the whitelist, and preliminarily identifies whether the obtained access request is legal according to the matching result. The solution is simple and efficient. It can accurately identify the legitimacy of the access request. When the access request is legitimate, there is no need to load the interceptor. When the access request is initially identified as illegal, the interceptor is loaded for further verification. occupancy, which improves the accuracy of intercepting CSRF attacks.

实施例三Embodiment 3

请参考图3,其是本发明施例三提供的一种识别对网站非法访问请求的方法的流程示意图。本实施例在上述任一实施例的基础上,补充了在通过白名单的合法性初步识别出访问请求是否合法之后的操作过程,并进一步提供了客户端对网站发起访问请求的可选实施方式。Please refer to FIG. 3 , which is a schematic flowchart of a method for identifying an illegal access request to a website provided by Embodiment 3 of the present invention. On the basis of any of the above-mentioned embodiments, this embodiment supplements the operation process after initially identifying whether the access request is legal through the legality of the whitelist, and further provides an optional implementation manner in which the client initiates an access request to the website .

如图3所示,本实施例提供的一种识别对网站非法访问请求的方法,可以包括如下步骤:As shown in FIG. 3 , a method for identifying an illegal access request to a website provided by this embodiment may include the following steps:

S311、接收客户端对网站发起的第一资源请求,第一资源请求携带有用户标识、第一IP地址和第一发起时间。S311. Receive a first resource request initiated by the client to the website, where the first resource request carries a user identifier, a first IP address, and a first initiation time.

S312、根据用户标识、第一IP地址和第一发起时间,生成第一校验码。S312. Generate a first check code according to the user identifier, the first IP address, and the first initiation time.

S313、对第一校验码进行加密,获得第二校验码,并将第二校验码发送给客户端。S313: Encrypt the first check code to obtain a second check code, and send the second check code to the client.

S314、接收客户端解密第二校验码后,对网站发起的第二资源请求,第二资源请求携带有用户标识、第一校验码、第二IP地址和第二发起时间。S314. After the client decrypts the second check code, a second resource request initiated by the website is received, and the second resource request carries the user ID, the first check code, the second IP address, and the second initiation time.

示例性的,客户端通过浏览器向网站发起访问请求时,通常会先后发起两次资源请求,即第一资源请求和第二资源请求。用户标识可以是用户在网站上注册的账号、客户端的机器码等数字码信息。第一IP地址是指网站服务器接收到第一资源请求时客户端的IP地址,第一发起时间是指网站服务器接收到第一资源请求时的时间点,第二IP地址是指网站服务器接收到第二资源请求时客户端的IP地址,第二发起时间是指网站服务器接收到第二资源请求时的时间点。Exemplarily, when a client initiates an access request to a website through a browser, it usually initiates two resource requests successively, that is, a first resource request and a second resource request. The user identification may be digital code information such as the account number registered by the user on the website, the machine code of the client terminal, and the like. The first IP address refers to the IP address of the client when the website server receives the first resource request, the first initiation time refers to the time when the website server receives the first resource request, and the second IP address refers to the time when the website server receives the first resource request. The IP address of the client when the second resource is requested, and the second initiation time refers to the time point when the website server receives the second resource request.

网站服务器根据用户标识、第一IP地址和第一发起时间,通过设定运算规则生成第一校验码,用户标识、第一IP地址和第一发起时间可以组成一个数字码,第一校验码一般位于这个数字码的后面,用于检验数字码的准确性,优选的,第一校验码经过md5加密算法进行加密处理。在网站服务器向客户端传输该第一校验码时,为避免用户不通过客户端就直接获取第一效验码向服务器发起请求,提高信息安全性,优选的,网站服务器先按异或加密算法对第一校验码加密获得第二校验码,以传输第二校验码的方式将第一校验码间接传输给客户端,客户端按对应的解密规则对第二校验码解密获得第一校验码,并对经过加密处理的第一校验码进行解密。The website server generates a first check code by setting an arithmetic rule according to the user ID, the first IP address and the first initiation time. The user ID, the first IP address and the first initiation time can form a digital code. The code is generally located behind the digital code, and is used to verify the accuracy of the digital code. Preferably, the first check code is encrypted by the md5 encryption algorithm. When the website server transmits the first verification code to the client, in order to prevent the user from directly obtaining the first verification code and initiating a request to the server without going through the client, and to improve information security, preferably, the website server first uses the XOR encryption algorithm. Encrypt the first check code to obtain the second check code, and indirectly transmit the first check code to the client by transmitting the second check code, and the client decrypts the second check code according to the corresponding decryption rule to obtain the second check code. The first check code is decrypted, and the encrypted first check code is decrypted.

需要说明的是,本实施例提到的具体加密算法和解密算法,并不构成对本发明技术方案的限定,本领域技术人员应该清楚的是,具体的加密算法和解密算法有很多种,在此不一一举例赘述。It should be noted that the specific encryption algorithm and decryption algorithm mentioned in this embodiment do not constitute a limitation on the technical solution of the present invention. It should be clear to those skilled in the art that there are many specific encryption algorithms and decryption algorithms. Not to give examples one by one.

S320、将获取到的访问请求的链接与白名单的合法性规则进行匹配,根据匹配结果识别获取到的访问请求是否合法。S320. Match the obtained link of the access request with the validity rules of the whitelist, and identify whether the obtained access request is legal according to the matching result.

示例性的,当网站服务器初步识别出获取到的访问请求合法时,无需加载拦截器拦截访问请求再验证,执行下述S330;当网站服务器初步识别出获取到的访问请求合非法时,需加载拦截器拦截访问请求,对访问请求进一步验证,执行下述S340。Exemplarily, when the website server preliminarily identifies that the obtained access request is legal, it is not necessary to load the interceptor to intercept the access request and re-verify, and execute the following S330; The interceptor intercepts the access request, further verifies the access request, and executes the following S340.

S330、响应访问请求,向客户端发送响应数据。S330. In response to the access request, send response data to the client.

示例性的,当网站服务器根据白名单的合法性规则初步识别出访问请求合法时,表示该访问请求为常规访问请求,不影响网站安全,因此,正常响应该访问请求,向客户端发送响应数据即可,流程结束。Exemplarily, when the website server initially identifies that the access request is legal according to the legality rules of the whitelist, it means that the access request is a regular access request, which does not affect the security of the website. Therefore, the access request is normally responded to and response data is sent to the client. That's it, the process ends.

S340、解析第一校验码,获得第一IP地址和第一发起时间。S340. Parse the first check code to obtain the first IP address and the first initiation time.

示例性的,解析第一检验码是指通过上述设定运输规则计算出校验码前面的数字码,该数字码由可以用户标识、第一IP地址和第一发起时间组成。Exemplarily, parsing the first check code refers to calculating a digital code preceding the check code by using the above-mentioned set transportation rules, where the digital code is composed of a user ID, a first IP address, and a first origination time.

S350、判断第一IP地址是否合法,第一发起时间是否合法,第一发起时间与第二发起时间之间的时差是否不大于预设时长,以及第一IP地址和第二IP地址是否相同。S350. Determine whether the first IP address is legal, whether the first initiation time is legal, whether the time difference between the first initiation time and the second initiation time is not greater than a preset duration, and whether the first IP address and the second IP address are the same.

示例性的,判断第一IP地址是否合法和第一发起时间是否合法,判断依据主要是IP地址的形式是否为乱码,以及发起时间的形式是否为乱码,其中,形式为乱码的IP地址和发起时间均认为非法。本实施例中的预设时长为2分钟,在其他实施例中也可以设置为其他数值,在此不作任何限定。Exemplarily, judging whether the first IP address is legal and whether the first initiation time is legal, the judgment is mainly based on whether the form of the IP address is garbled, and whether the form of the initiation time is garbled, wherein the IP address in the form of garbled and the initiation time are garbled. time is considered illegal. The preset duration in this embodiment is 2 minutes, and other values may also be set in other embodiments, which is not limited herein.

需要说明的是,本步骤包含四个判断操作,只有当四个判断操作的判断结果均为“是”时,才执行上述S330,否则,有任意一个或多个判断操作的判断结果为“否”,则执行下述S360。因此,当网站服务器通过白名单的合法性规则初步识别出访问请求非法时,并不意味着该访问请求一定为非法访问请求,需要加载拦截器拦截该访问请求进一步验证,根据拦截器的进一步验证的结果最终确定该访问请求为合法访问请求还是为非法访问请求。It should be noted that this step includes four judgment operations, and the above S330 is executed only when the judgment results of the four judgment operations are all "Yes", otherwise, the judgment result of any one or more judgment operations is "No". ”, then execute the following S360. Therefore, when the website server initially identifies that the access request is illegal through the legality rules of the whitelist, it does not mean that the access request must be an illegal access request, and an interceptor needs to be loaded to intercept the access request for further verification. The result finally determines whether the access request is a legal access request or an illegal access request.

S360、不响应访问请求,向客户端提示获取到的访问请求非法。S360. Do not respond to the access request, and prompt the client that the obtained access request is illegal.

示例性的,当初步识别为非法的访问请求,通过拦截器的进一步验证后,最终确定为非法访问请求,则网站服务器不响应访问请求,向客户端提示获取到的访问请求非法,流程结束。Exemplarily, when an illegal access request is initially identified as an illegal access request after further verification by the interceptor, it is finally determined to be an illegal access request, the website server does not respond to the access request, and prompts the client that the obtained access request is illegal, and the process ends.

综上,本发明实施例三提供的识别对网站非法访问请求的方法,白名单定义了访问请求链接的合法性规则,当服务器获取客户端对网站发起的访问请求时,加载该白名单所定义的合法性规则,将获取到的访问请求的链接与白名单定义的合法性规则进行匹配,根据匹配结果来初步识别获取到的访问请求是否合法,方案实现简单,可高效地识别访问请求的合法性,对于初步识别合法的访问请求无需加载拦截器,对于初步识别访问请求非法的访问请求,加载拦截器对其进一步验证,根据进一步验证的结果,最终确定该初步识别为非法的访问请求是否为非法访问请求,可准确地识别访问请求的合法性,并且实现按需加载拦截器,节省服务器资源占用,提高了对CSRF攻击进行拦截的准确性。To sum up, in the method for identifying an illegal access request to a website provided by the third embodiment of the present invention, the whitelist defines the legitimacy rules of the access request link. When the server obtains the access request initiated by the client to the website, the whitelist defines the It matches the obtained access request link with the legality rule defined by the whitelist, and preliminarily identifies whether the obtained access request is legal according to the matching result. The scheme is simple to implement and can efficiently identify the legality of the access request. There is no need to load an interceptor for a preliminary identification of legitimate access requests. For an access request that is initially identified as illegal, an interceptor is loaded to further verify it. The illegal access request can accurately identify the legitimacy of the access request, and load the interceptor on demand, which saves the occupation of server resources and improves the accuracy of intercepting CSRF attacks.

以下是本发明实施例提供的一种识别对网站非法访问请求的装置的实施例,识别对网站非法访问请求的装置与上述识别对网站非法访问请求的方法属于同一个发明构思,在装置的实施例中未详尽描述的细节内容,可以参考上述任一方法的实施例。The following is an example of a device for identifying an illegal access request to a website provided by an embodiment of the present invention. The device for identifying an illegal access request to a website and the above-mentioned method for identifying an illegal access request to a website belong to the same inventive concept. For details that are not described in detail in the examples, reference may be made to the embodiments of any of the above methods.

实施例四Embodiment 4

请参考图4A、图4B和图4C,其中,图4A是本发明实施例四提供的一种识别对网站非法访问请求的装置的架构示意图;图4B是图4A中访问请求获取模块410的一种可选实施方式的架构示意图;图4C是图4A中识别模块420的一种可选实施方式的架构示意图。Please refer to FIG. 4A, FIG. 4B and FIG. 4C, wherein, FIG. 4A is a schematic diagram of the architecture of a device for identifying an illegal access request to a website provided by Embodiment 4 of the present invention; FIG. 4B is a block diagram of the access request obtaining module 410 in FIG. 4A FIG. 4C is a schematic structural diagram of an optional implementation manner of the identification module 420 in FIG. 4A .

如图4A所示,本实施例提供的一种识别对网站非法访问请求的装置400,可以包括如下内容:As shown in FIG. 4A , an apparatus 400 for identifying an illegal access request to a website provided in this embodiment may include the following content:

访问请求获取模块410,用于获取客户端对网站发起的访问请求。The access request obtaining module 410 is configured to obtain the access request initiated by the client to the website.

可选的,如图4B所示,访问请求获取模块410可以包括第一资源请求接收单元411、第一校验码生成单元412、加密单元413和第二资源请求接收单元414,其中:Optionally, as shown in FIG. 4B , the access request obtaining module 410 may include a first resource request receiving unit 411, a first check code generating unit 412, an encryption unit 413 and a second resource request receiving unit 414, wherein:

第一资源请求接收单元411,用于接收客户端对网站发起的第一资源请求,第一资源请求携带有用户标识、第一IP地址和第一发起时间。The first resource request receiving unit 411 is configured to receive a first resource request initiated by the client to the website, where the first resource request carries a user identifier, a first IP address and a first initiation time.

第一校验码生成单元412,用于根据用户标识、第一IP地址和第一发起时间,生成第一校验码。The first check code generating unit 412 is configured to generate a first check code according to the user identifier, the first IP address and the first initiation time.

加密单元413,用于对第一校验码进行加密,获得第二校验码,并将第二校验码发送给客户端。The encryption unit 413 is configured to encrypt the first check code, obtain the second check code, and send the second check code to the client.

第二资源请求接收单元414,用于接收客户端解密第二校验码后,对网站发起的第二资源请求,第二资源请求携带有用户标识、第一校验码、第二IP地址和第二发起时间。The second resource request receiving unit 414 is configured to receive a second resource request initiated by the client to the website after decrypting the second check code, where the second resource request carries the user ID, the first check code, the second IP address and the Second launch time.

识别模块420,用于将获取到的访问请求的链接与白名单的合法性规则进行匹配,根据匹配结果识别获取到的访问请求是否合法。The identification module 420 is configured to match the obtained link of the access request with the legality rule of the whitelist, and identify whether the obtained access request is legal according to the matching result.

优选的,所述根据匹配结果识别获取到的访问请求是否合法包括:当访问请求的链接不符合设定形式规则时,则拦截访问请求;当访问请求的链接符合设定形式规则时,则不拦截所述访问请求。Preferably, identifying whether the acquired access request is legal according to the matching result includes: when the link of the access request does not conform to the set form rules, intercepting the access request; when the link of the access request conforms to the set form rules, then not Intercept the access request.

可选的,如图4C所示,识别模块420可以包括链接获取单元421和匹配单元422,其中:Optionally, as shown in FIG. 4C, the identification module 420 may include a link acquisition unit 421 and a matching unit 422, wherein:

链接获取单元421,用于对获取到的访问请求进行解析,获得访问请求的链接。The link obtaining unit 421 is configured to parse the obtained access request to obtain a link of the access request.

匹配单元422,用于将访问请求的链接与白名单的合法性规则进行匹配,如果匹配成功,则确定获取到的访问请求合法,如果匹配不成功,则确定获取到的访问请求非法。The matching unit 422 is configured to match the link of the access request with the validity rules of the whitelist. If the matching is successful, it is determined that the obtained access request is valid, and if the matching is unsuccessful, it is determined that the obtained access request is invalid.

响应数据发送模块430,用于如果识别获取到的访问请求合法,则响应访问请求,向客户端发送响应数据。The response data sending module 430 is configured to send response data to the client in response to the access request if it is identified that the obtained access request is legitimate.

验证模块440,用于如果识别获取到的访问请求非法,则解析第一校验码,获得第一IP地址和第一发起时间;如果确定第一IP地址合法,第一发起时间合法,第一发起时间与第二发起时间之间的时差不大于预设时长,以及第一IP地址和第二IP地址相同,则响应访问请求,向客户端返回响应数据,否则,不响应访问请求,向客户端提示获取到的访问请求非法。The verification module 440 is configured to parse the first check code and obtain the first IP address and the first initiation time if it is identified that the obtained access request is illegal; if it is determined that the first IP address is legal, the first initiation time is legal, and the first If the time difference between the initiation time and the second initiation time is not greater than the preset time length, and the first IP address and the second IP address are the same, respond to the access request and return response data to the client; otherwise, do not respond to the access request and send the client The terminal prompts that the obtained access request is illegal.

综上,本发明实施例四提供的识别对网站非法访问请求的装置,白名单定义了访问请求链接的合法性规则,当服务器获取客户端对网站发起的访问请求时,加载该白名单所定义的合法性规则,将获取到的访问请求的链接与白名单定义的合法性规则进行匹配,根据匹配结果来初步识别获取到的访问请求是否合法,方案实现简单,可高效地识别访问请求的合法性,访问请求合法时无需加载拦截器,初步识别访问请求非法时加载拦截器进一步验证,可准确地识别访问请求的合法性,并且实现按需加载拦截器,节省服务器资源占用,提高了对CSRF攻击进行拦截的准确性。To sum up, in the device for identifying an illegal access request to a website provided by the fourth embodiment of the present invention, the whitelist defines the legitimacy rules of the access request link. When the server obtains the access request initiated by the client to the website, it loads the whitelist defined It matches the obtained access request link with the legality rule defined by the whitelist, and preliminarily identifies whether the obtained access request is legal according to the matching result. The scheme is simple to implement and can efficiently identify the legality of the access request. When the access request is legitimate, there is no need to load the interceptor. When the access request is initially identified as illegal, the interceptor is loaded for further verification, which can accurately identify the legitimacy of the access request, and realize the on-demand loading of the interceptor, which saves the occupation of server resources and improves the response to CSRF. The accuracy with which the attack is intercepted.

注意,上述仅为本发明的较佳实施例及所运用技术原理。本领域技术人员会理解,本发明不限于这里所述的特定实施例,对本领域技术人员来说能够进行各种明显的变化、重新调整和替代而不会脱离本发明的保护范围。因此,虽然通过以上实施例对本发明进行了较为详细的说明,但是本发明不仅仅限于以上实施例,在不脱离本发明构思的情况下,还可以包括更多其他等效实施例,而本发明的范围由所附的权利要求范围决定。Note that the above are only preferred embodiments of the present invention and applied technical principles. Those skilled in the art will understand that the present invention is not limited to the specific embodiments described herein, and various obvious changes, readjustments and substitutions can be made by those skilled in the art without departing from the protection scope of the present invention. Therefore, although the present invention has been described in detail through the above embodiments, the present invention is not limited to the above embodiments, and can also include more other equivalent embodiments without departing from the concept of the present invention. The scope is determined by the scope of the appended claims.

Claims (8)

1. A method of identifying illegitimate access requests to a web site, the method comprising:
acquiring an access request initiated by a client to the website;
matching the link of the obtained access request with the legality rule of a white list, and identifying whether the obtained access request is legal or not according to a matching result;
the step of obtaining the access request initiated by the client to the website includes:
receiving a first resource request initiated by the client to the website, wherein the first resource request carries a user identifier, a first IP address and first initiation time;
generating a first check code according to the user identifier, the first IP address and the first initiation time;
encrypting the first check code to obtain a second check code, and sending the second check code to the client;
receiving a second resource request initiated by the client to the website after decrypting the second check code, wherein the second resource request carries the user identifier, the first check code, a second IP address and second initiation time;
after the step of matching the link of the obtained access request with the validity rule of the white list and identifying whether the obtained access request is valid according to the matching result, the method further comprises the following steps:
if the obtained access request is identified to be illegal, analyzing the first check code to obtain the first IP address and first initiation time;
and if the first IP address is determined to be legal, the first initiating time is legal, the time difference between the first initiating time and the second initiating time is not more than the preset time, and the first IP address and the second IP address are the same, responding to the access request and returning response data to the client, otherwise, not responding to the access request and prompting the client that the obtained access request is illegal.
2. The method of claim 1, wherein said identifying whether the obtained access request is legitimate based on the matching result comprises:
intercepting the access request when the link of the access request does not accord with a set form rule;
and when the link of the access request conforms to a set form rule, the access request is not intercepted.
3. The method of claim 1, wherein the step of matching the link of the obtained access request with the validity rule of the whitelist and identifying whether the obtained access request is valid according to the matching result comprises:
analyzing the obtained access request to obtain a link of the access request;
matching the link of the access request with the validity rule of the white list, if the matching is successful, determining that the obtained access request is legal, and if the matching is unsuccessful, determining that the obtained access request is illegal;
the validity rule is as follows:
and judging the access request corresponding to the link without the identifier as a legal access request without loading an interceptor to intercept the access request.
4. The method according to any of claims 1-3, wherein after the step of matching the link of the obtained access request with the validity rule of the whitelist and identifying whether the obtained access request is valid according to the matching result, further comprising:
and if the obtained access request is identified to be legal, responding to the access request and sending response data to the client.
5. An apparatus for identifying an illegitimate access request to a website, the apparatus comprising:
the access request acquisition module is used for acquiring an access request initiated by a client to the website;
the identification module is used for matching the link of the obtained access request with the legality rule of the white list and identifying whether the obtained access request is legal or not according to the matching result;
the access request acquisition module comprises:
a first resource request receiving unit, configured to receive a first resource request initiated by the client to the website, where the first resource request carries a user identifier, a first IP address, and a first initiation time;
the first check code generating unit is used for generating a first check code according to the user identifier, the first IP address and the first initiation time;
the encryption unit is used for encrypting the first check code to obtain a second check code and sending the second check code to the client;
a second resource request receiving unit, configured to receive a second resource request initiated by the client to the website after decrypting the second check code, where the second resource request carries the user identifier, the first check code, a second IP address, and a second initiation time;
the device further comprises:
the verification module is used for analyzing the first check code to obtain the first IP address and the first initiation time if the obtained access request is identified to be illegal; and if the first IP address is determined to be legal, the first initiating time is legal, the time difference between the first initiating time and the second initiating time is not more than the preset time, and the first IP address and the second IP address are the same, responding to the access request and returning response data to the client, otherwise, not responding to the access request and prompting the client that the obtained access request is illegal.
6. The apparatus of claim 5, wherein the identifying whether the obtained access request is legitimate according to the matching result comprises:
intercepting the access request when the link of the access request does not accord with a set form rule;
and when the link of the access request conforms to a set form rule, the access request is not intercepted.
7. The apparatus of claim 5, wherein the identification module comprises:
the link acquisition unit is used for analyzing the acquired access request to acquire a link of the access request;
the matching unit is used for matching the link of the access request with the legality rule of the white list, if the matching is successful, the obtained access request is determined to be legal, and if the matching is unsuccessful, the obtained access request is determined to be illegal;
the validity rule is as follows:
and judging the access request corresponding to the link without the identifier as a legal access request without loading an interceptor to intercept the access request.
8. The apparatus of any of claims 5-7, wherein the apparatus further comprises:
and the response data sending module is used for responding to the access request and sending response data to the client if the obtained access request is identified to be legal.
CN201710301078.0A 2017-05-02 2017-05-02 Method and device for identifying illegal access request to website Active CN107046544B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710301078.0A CN107046544B (en) 2017-05-02 2017-05-02 Method and device for identifying illegal access request to website

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710301078.0A CN107046544B (en) 2017-05-02 2017-05-02 Method and device for identifying illegal access request to website

Publications (2)

Publication Number Publication Date
CN107046544A CN107046544A (en) 2017-08-15
CN107046544B true CN107046544B (en) 2020-09-29

Family

ID=59546940

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710301078.0A Active CN107046544B (en) 2017-05-02 2017-05-02 Method and device for identifying illegal access request to website

Country Status (1)

Country Link
CN (1) CN107046544B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108197467A (en) * 2018-01-11 2018-06-22 郑州云海信息技术有限公司 A kind of automated detection method and system of CSRF loopholes
CN109218320B (en) * 2018-09-25 2022-09-09 中国平安人寿保险股份有限公司 Website link security verification method and device, computer equipment and storage medium
CN109743309B (en) * 2018-12-28 2021-09-10 微梦创科网络科技(中国)有限公司 Illegal request identification method and device and electronic equipment
CN109981600B (en) * 2019-03-06 2021-08-17 山东信天辰信息安全技术有限公司 Security assessment system for website reinforcement
CN110545269A (en) * 2019-08-22 2019-12-06 西安四叶草信息技术有限公司 Access control method, device and storage medium
CN112637106B (en) * 2019-09-24 2023-01-31 成都鼎桥通信技术有限公司 Method and device for terminal to access website
CN112350992A (en) * 2020-09-28 2021-02-09 广东电力信息科技有限公司 Safety protection method, device, equipment and storage medium based on web white list
CN115208593B (en) * 2021-03-26 2023-08-18 南宁富联富桂精密工业有限公司 Security monitoring method, terminal and computer readable storage medium
CN113660274B (en) * 2021-08-18 2023-04-07 中国电信股份有限公司 Website information processing method and device, storage medium and electronic equipment
CN115021998B (en) * 2022-05-27 2023-08-11 福建天晴数码有限公司 Method and system for dual anti-theft chain of static resources

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789947B (en) * 2010-02-21 2012-10-03 成都市华为赛门铁克科技有限公司 Method and firewall for preventing HTTP POST flooding attacks
US9473530B2 (en) * 2010-12-30 2016-10-18 Verisign, Inc. Client-side active validation for mitigating DDOS attacks
CN103442016B (en) * 2013-09-05 2016-08-24 星云融创(北京)科技有限公司 The method and system of white list are pushed based on website fingerprint
CN104301302B (en) * 2014-09-12 2017-09-19 深信服网络科技(深圳)有限公司 Go beyond one's commission attack detection method and device
CN106549925A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Prevent method, the apparatus and system of cross-site request forgery

Also Published As

Publication number Publication date
CN107046544A (en) 2017-08-15

Similar Documents

Publication Publication Date Title
CN107046544B (en) Method and device for identifying illegal access request to website
US10298610B2 (en) Efficient and secure user credential store for credentials enforcement using a firewall
US10425387B2 (en) Credentials enforcement using a firewall
US9900346B2 (en) Identification of and countermeasures against forged websites
CN107135073B (en) Interface calling method and device
EP2854365B1 (en) Detecting and preventing man-in-the-middle attacks on an encrypted connection
CN106341429B (en) A kind of authentication method for protecting server data safety
US9294479B1 (en) Client-side authentication
CN104735086B (en) Method and device for safely downloading file
WO2018014808A1 (en) Network attack behaviour detection method and apparatus
WO2017076214A1 (en) A sms-based website login method and login system thereof
WO2015007231A1 (en) Method and device for identification of malicious url
CN109714370B (en) HTTP (hyper text transport protocol) -based cloud security communication implementation method
WO2020019478A1 (en) Communication data encryption method and apparatus
US20110289575A1 (en) Directory authentication method for policy driven web filtering
CN107864677B (en) Content access authentication system and method
US11770385B2 (en) Systems and methods for malicious client detection through property analysis
US10348701B2 (en) Protecting clients from open redirect security vulnerabilities in web applications
CN107026828B (en) Anti-stealing-link method based on Internet cache and Internet cache
US11539711B1 (en) Content integrity processing on browser applications
CN111193708A (en) Code scanning login method and device based on enterprise browser
CN108259436B (en) User identity authentication processing method, application server and authentication system server
CN109525613B (en) Request processing system and method
CN107086918B (en) A kind of client validation method and server
CN116938492A (en) A network security protection method, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant