CN110365676A - Guard method and system are obscured in a kind of encryption of website static page - Google Patents
Guard method and system are obscured in a kind of encryption of website static page Download PDFInfo
- Publication number
- CN110365676A CN110365676A CN201910630125.5A CN201910630125A CN110365676A CN 110365676 A CN110365676 A CN 110365676A CN 201910630125 A CN201910630125 A CN 201910630125A CN 110365676 A CN110365676 A CN 110365676A
- Authority
- CN
- China
- Prior art keywords
- file
- website
- server
- obscured
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000003068 static effect Effects 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 title claims abstract description 18
- 230000004044 response Effects 0.000 claims abstract description 24
- 238000006243 chemical reaction Methods 0.000 claims description 26
- 238000000605 extraction Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 4
- 230000003993 interaction Effects 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 238000012986 modification Methods 0.000 claims description 3
- 230000008859 change Effects 0.000 claims 1
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- UPLPHRJJTCUQAY-WIRWPRASSA-N 2,3-thioepoxy madol Chemical compound C([C@@H]1CC2)[C@@H]3S[C@@H]3C[C@]1(C)[C@@H]1[C@@H]2[C@@H]2CC[C@](C)(O)[C@@]2(C)CC1 UPLPHRJJTCUQAY-WIRWPRASSA-N 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003449 preventive effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Disclosed herein a kind of encryptions of website static page to obscure guard method and system; it is recoded to the related resource address in the file name, file path name and the file that are stored in server-side using encryption obfuscation; and the content of pages conversed analysis backstage respective file content and structure for carrying out encoded translated processing before response WEB front-end request, attacker can not being returned by front end, to improve the safety of attacker's reverse-engineering difficulty, guarding website static page.
Description
Technical field
The present invention relates to Website page secure context, in particular to a kind of website static page encryption obscure guard method and
System.
Background technique
Currently, the emergency event for website attack happens occasionally, particular for governments at all levels, China website band politics mesh
Hacker attack it is generally existing.Since the loophole of computer system emerges one after another, viral wooden horse and malicious code are wreaked havoc on the net, are passed
There are short slabs for system technology preventive means, therefore buffer zone political motives hacker is particularly difficult.As early as possible using autonomous controllable novel
Technological means, which disposes web portal security platform, has urgent demand and important meaning.
In the prior art, the file information of website static page, such as filename, file relative path etc. are directly exposed to
Client access front end browser in so that attacker easily by browser access directly analyze background system structure with
Document characteristic, so that it is determined that implementing to distort, inject etc. the destination address and attack pattern of attacks.Therefore certain technical side is used
The safety of formula protection server background information makes it be not directly exposed to browser front end reduction web station system under fire
Network attack is resisted in face, and improving website operational safety is necessary.
Summary of the invention
For above situation, to overcome prior art defect, the present invention provides a kind of encryptions of website static page to obscure
Guard method and system are obscured by using encrypting in advance to static file, and when WEB server customer in response end is requested
The technical method for sending virtual file information to client avoids hacker from directly acquiring by browser front end the file of server-side
The relevant informations such as path improve hacker's conversed analysis and attack the difficulty of web station system, improve the safety of website operation.
Protection system is obscured in a kind of encryption of website static page, and the technical solution solved includes: one website of a server-side
Terminal;Wherein by http protocol communication interaction, the server-side includes that a coding turns for the server-side and the website terminal
Block and a WEB server are changed the mold, wherein the transcoding module can communicate to connect the WEB server, the code conversion
Module is used to obscure the file information static encryption coding and WEB requests the code conversion of interior resource address to handle.
Guard method is obscured in a kind of encryption of website static page, includes the following steps:
S01, static in advance add, is carried out to the first file where WEB server configuration static page by the document No. device
It is close to obscure coding, it completes server-side local file and obscures scrambled processing, it includes filename, file column that content is obscured in encryption
At least one of table, file path and resource identifier;
S02, server-side local file is obscured scrambled processing after result be stored in the second file, the WEB is taken
The static page file of business device configuration transforms to the second file from the first file;
S03, the starting WEB server, provide the service of website static page to the client, ask in response from client
Request response code conversion processing is completed by the encoded filter when asking, the website terminal receives request resource file,
By being shown in the website terminal browser.
Encrypted static file and is stored in WEB by using obscuring in advance static file encryption by the present invention
Server configures under the file path of static page, and when website terminal, which sends WEB to WEB service end, requests, WEB request is added
File that is close to obscure coding, obscuring for inquiring and obtaining encryption, avoids hacker from directly acquiring server-side by browser front end
The relevant informations such as file path, improve the safety of website operation.
Detailed description of the invention
The flow diagram that guard method is obscured in a kind of website static page encryption of the present invention is shown in Fig. 1.
A kind of server-side local file that guard method is obscured in static page encryption in website of the present invention, which is shown, in Fig. 2 obscures
Scrambled processing flow schematic diagram.
A kind of website static page encryption of the present invention, which is shown, in Fig. 3 obscures at the request response code conversion of guard method
Manage flow diagram.
Fig. 4 is shown a kind of website static page encryption of the present invention and obscures protection system schematic.
Specific embodiment
It is described below for disclosing the present invention so that those skilled in the art can be realized the present invention.It is excellent in being described below
Embodiment is selected to be only used as illustrating, it may occur to persons skilled in the art that other obvious modifications.It defines in the following description
This hair invention basic principle can be applied to other embodiments, deformation scheme, improvement project, equivalent program and do not have
Away from the other technologies scheme of the spirit and scope of the present invention.
It please refers to Fig. 4 to show, protection system schematic is obscured in a kind of encryption of website static page;The system comprises: one
Server-side 40;With a website terminal 30;Wherein the server-side 40 and the website terminal 30 pass through http protocol communication interaction,
The server-side 40 includes a transcoding module 10 and a WEB server 20, wherein the transcoding module 10 can communicate
The WEB server 20 is connected, the transcoding module 10 is used to obscure coding to the file information static encryption and WEB is asked
The code conversion of interior resource address is asked to handle.
The WEB server 20 is for receiving, parsing and responding the request from the website terminal;
Wherein the transcoding module 10 for complete to the file resource address information being stored in the server-side 40 into
Encoding operation is obscured in row encryption, and completes respective file information extraction and encoding operation in WEB request data package;It is wherein described
The file information includes at least one of filename, listed files, file path and resource identifier.
The transcoding module 10 has a document No. device 11 and an encoded filter 12, the transcoding module
10 are deployed in the server-side 40.
The document No. device 11, which is used to encrypt, obscures code storage in static file or the static file folder of server, and
Possess the modification authority of the static page file.
The encoded filter 12 obtains user's request data package and response data packet from the WEB server 20, and
Information in data packet is analyzed and extracted, the aiming field of extraction includes filename, document code, resource identifier, text
Part store path and listed files etc., and transcoding operation is carried out to field is extracted, it is mixed to encryption to complete virtual network address
Confuse the conversion operation of coded address.
It mainly includes server-side local file that protection security mechanism is obscured in the website static page encryption that the system is realized
Obscure scrambled processing and request response code conversion handles two parts.
Referring to FIG. 2, wherein server-side local file is obscured scrambled processing and is mainly completed by document No. device 11, it is real
Now encryption is obscured under specified file destination catalogue, the specific steps are as follows:
S011, document No. device 11 obtain specified file catalogue;
S012, document No. device 11 traverse specified file catalogue, obtain respective file information, the file information includes file
At least one of name, listed files, file path and resource identifier;
S013, the filename, listed files, file path and resource identifier etc. encrypt and obscure coded treatment;
S014, the filename according to after code conversion, listed files, file path and resource identifier reconstruct specified file catalogue
Middle content, and be stored in new file directory.
The above operation is completed, and server-side local file is obscured scrambled processing and completed, and the new file directory is
Coding file is obscured in encryption;The static page file that the WEB server 20 is configured from specified file catalog transformation to
New file directory.
The document No. device 11 can using full dose processing or incremental processing operational mode, to specified file catalogue into
Row local file obscures scrambled processing, and the full dose processing is generally used for the online preceding security mechanism in website and initialized
Journey, automatic trigger when the legal update of incremental processing data generally in the operational process of website.
Referring to FIG. 3, wherein the request response code conversion processing is mainly completed by the encoded filter 12, mainly
Realize that virtual network address and encryption obscure the on-line conversion between coding, steps are as follows:
S031, website terminal 30 initiate resource file request to server-side 40, and request is using the virtual network address arranged;
S032, request data package are sent to the server-side 40, are received by WEB server 20, and complete by encoded filter 12
Information extraction, the information include at least one of filename, listed files, file path and resource identifier;
S033,12 pairs of the encoded filter information extracted carry out code conversion, and coding result, which corresponds in server-side 40, to be encrypted
Obscure rear filename, document code, resource identifier, file store path and listed files;
Writeback request data packet will be encoded after the completion of S034, code conversion, be transmitted to the WEB server 20, the WEB service
Device 20 can directly acquire the resource for being stored in and encrypting and obscuring in file, and form response data packet;
S035, response data packet complete information extraction by encoded filter 12, and the file information includes filename, file
At least one of list, file path and resource identifier;
S036, encoded filter 12 complete code conversion, and coding result are write back response data packet, pass WEB server back
20, wherein coding result corresponds to virtual network address, and server-side 40 is encrypted obscure rear filename, document code, resource mark
Know symbol, file store path and listed files;
Response data packet is sent to website terminal 30 by S037, the WEB server 20.
In above-mentioned request response code conversion treatment process so that the server-side 40 and the website terminal 30 it
Filename, listed files, the resource identifier of preceding communication interaction are not the true resource address of the server-side, so that compiling
Code filter can effectively filter unauthorized access, reduce server by the risk of frontal attack.
Above-mentioned server-side local file obscures scrambled treatment process and request response code conversion treatment process is embedding
Enter a kind of encryption of website static page and obscure protection system (as shown in Figure 1), includes the following steps:
S01, the first file progress of static page place is configured in advance to the WEB server 20 by the document No. device 11
First static encryption obscures coding, completes server-side local file and obscures scrambled processing, encryption obscure content include filename,
At least one of listed files, file path and resource identifier;
Result is stored in the second file after S02, server-side local file obscure scrambled processing, by the WEB server
The static page file of 20 configurations transforms to the second file from the first file;
S03, the starting WEB server 20, provide the service of website static page to the client, come from client in response
Request response code conversion processing is completed by the encoded filter 12 when request, the website terminal 30 receives request resource
File, by being shown in 30 browser of website terminal.
The present invention is by using in advance obscuring static file encryption and obscuring coding to WEB request encryption, for looking into
The file that encryption is obscured is ask and obtained, hacker is avoided to directly acquire the related letter such as file path of server-side by browser front end
Breath improves the safety of website operation.
Claims (10)
1. protection system is obscured in a kind of website static page encryption, comprising: a server-side (40);With a website terminal (30);Its
Described in server-side (40) and the website terminal (30) pass through http protocol communication interaction, which is characterized in that the service
Holding (40) includes a transcoding module (10) and a WEB server (20), wherein the transcoding module (10) can communicate
It connecting the WEB server (20), the transcoding module (10) is used to obscure coding to the file information static encryption, and
The code conversion processing of resource address in WEB request data package;The WEB server (20) is come for receiving, parsing and responding
Request from website terminal (30).
2. protection system is obscured in a kind of website static page encryption according to claim 1, which is characterized in that the volume
Code conversion module (10) is obscured for completing to carry out encrypting to the file resource address information being stored on the server-side (40)
Encoding operation, and complete respective file information extraction and encoding operation in WEB request data package.
3. protection system is obscured in a kind of website static page encryption according to claim 2, which is characterized in that the text
Part information includes at least one of filename, listed files, file path and resource identifier.
4. protection system is obscured in a kind of website static page encryption according to claim 1, which is characterized in that the coding
There is conversion module (10) a document No. device (11) and an encoded filter (12), the transcoding module (10) to be deployed in
Server-side (40).
5. protection system is obscured in a kind of website static page encryption according to claim 4, which is characterized in that the file
Encoder (11), which is used to encrypt, obscures code storage in static file or the static file folder of server, and possesses static page text
The modification authority of part folder.
6. protection system is obscured in a kind of website static page encryption according to claim 4, which is characterized in that the volume
Code filter (12) obtains user's request data package and response data packet from WEB server (20), and to information in data packet
It is analyzed and is extracted, the aiming field of extraction includes filename, document code, resource identifier, file store path and text
Part list etc., and transcoding operation is carried out to field is extracted, virtual network address, which is completed, to encryption obscures turning for coded address
Change operation.
7. protection system is obscured in a kind of website static page encryption according to claim 1, which is characterized in that the system
It mainly includes that server-side local file obscures scrambled processing that protection security mechanism is obscured in the website static page encryption of realization
Two parts are handled with request response code conversion.
8. guard method is obscured in a kind of website static page encryption, include the following steps:
S01, the first file progress of static page place is configured in advance to WEB server (20) by the document No. device (11)
First static encryption obscures coding, completes server-side local file and obscures scrambled processing, encryption obscure content include filename,
At least one of listed files, file path and resource identifier;
S02, server-side (40) local file is obscured to scrambled processing after result be stored in the second file, will be described
The static page file of WEB server (20) configuration transforms to the second file from the first file;
S03, the starting WEB server (20), provide the service of website static page to the client, come from client in response
Request response code conversion processing, after completing coding, the WEB service are completed by the encoded filter (12) when the request of end
Device (20) can find corresponding resource file in the second file by obscuring scrambled, and to the website terminal
(30) it sends;
S04, the website terminal (30) receive request resource file, by showing in website terminal (30) browser.
9. guard method is obscured in a kind of website static page encryption according to claim 8, which is characterized in that the S01
Static encryption is obscured coding and is included the following steps: in step
S011, document No. device (11) obtain specified file catalogue;
S012, document No. device (11) traverse specified file catalogue, obtain respective file information, the file information includes file
At least one of name, listed files, file path and resource identifier;
S013, the filename, listed files, file path and resource identifier etc. encrypt and obscure coded treatment;
S14, the filename according to after code conversion, listed files, file path and resource identifier reconstruct specified file catalogue
Middle content, and be stored in new file directory.
10. guard method is obscured in a kind of website static page encryption according to claim 8, which is characterized in that the S03
Code conversion processing includes the following steps: in step
S031, website terminal (30) initiate resource file request to server-side (40), and request is using the virtual network address arranged;
S032, request data package are sent to the server-side (40), are received by WEB server (20), and pass through encoded filter
(12) information extraction is completed, the information includes at least one in filename, listed files, file path and resource identifier
Kind;
S033, encoded filter (12) carry out code conversion to the information of extraction, and coding result corresponds to quilt on server-side (40)
Rear filename, document code, resource identifier, file store path and listed files are obscured in encryption;
Writeback request data packet will be encoded after the completion of S034, code conversion, be transmitted to the WEB server (20), the WEB service
Device (20) can directly acquire the resource for being stored in and encrypting and obscuring in file, and form response data packet;
S035, response data packet complete information extraction by encoded filter (12), and the file information includes filename, text
At least one of part list, file path and resource identifier;
S036, encoded filter (12) complete code conversion, and coding result are write back response data packet, pass WEB server back
(20), wherein coding result corresponds to virtual network address, and server-side (40) is encrypted obscure rear filename, document code, money
Source identifier, file store path and listed files;
Response data packet is sent to website terminal (30) by S037, the WEB server (20).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910630125.5A CN110365676A (en) | 2019-07-12 | 2019-07-12 | Guard method and system are obscured in a kind of encryption of website static page |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910630125.5A CN110365676A (en) | 2019-07-12 | 2019-07-12 | Guard method and system are obscured in a kind of encryption of website static page |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110365676A true CN110365676A (en) | 2019-10-22 |
Family
ID=68219173
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910630125.5A Pending CN110365676A (en) | 2019-07-12 | 2019-07-12 | Guard method and system are obscured in a kind of encryption of website static page |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110365676A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113609517A (en) * | 2021-10-11 | 2021-11-05 | 深圳市沃易科技有限公司 | Data encryption method for computer software development based on Internet of things |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170123856A1 (en) * | 2011-12-12 | 2017-05-04 | International Business Machines Corporation | Threshold computing in a distributed computing system |
| CN106657074A (en) * | 2016-12-26 | 2017-05-10 | 上海斐讯数据通信技术有限公司 | URL camouflage and hidden parameter transmission method and system |
| CN106657044A (en) * | 2016-12-12 | 2017-05-10 | 杭州电子科技大学 | Webpage address hopping method for improving security defense of website system |
| CN107959660A (en) * | 2016-10-17 | 2018-04-24 | 中兴通讯股份有限公司 | A kind of static file access method and device based on Nginx |
| CN109583209A (en) * | 2018-12-13 | 2019-04-05 | 许昌学院 | It is a kind of for defending to extort the computer security protection system and method for virus |
-
2019
- 2019-07-12 CN CN201910630125.5A patent/CN110365676A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170123856A1 (en) * | 2011-12-12 | 2017-05-04 | International Business Machines Corporation | Threshold computing in a distributed computing system |
| CN107959660A (en) * | 2016-10-17 | 2018-04-24 | 中兴通讯股份有限公司 | A kind of static file access method and device based on Nginx |
| CN106657044A (en) * | 2016-12-12 | 2017-05-10 | 杭州电子科技大学 | Webpage address hopping method for improving security defense of website system |
| CN106657074A (en) * | 2016-12-26 | 2017-05-10 | 上海斐讯数据通信技术有限公司 | URL camouflage and hidden parameter transmission method and system |
| CN109583209A (en) * | 2018-12-13 | 2019-04-05 | 许昌学院 | It is a kind of for defending to extort the computer security protection system and method for virus |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113609517A (en) * | 2021-10-11 | 2021-11-05 | 深圳市沃易科技有限公司 | Data encryption method for computer software development based on Internet of things |
| CN113609517B (en) * | 2021-10-11 | 2022-02-08 | 深圳市沃易科技有限公司 | Data encryption method for computer software development based on Internet of things |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110061967B (en) | Service data providing method, device, equipment and computer readable storage medium | |
| CN112131564B (en) | Method, device, equipment and medium for encrypting data communication | |
| US20080181409A1 (en) | Method for guaranteeing security of critical data, terminal and secured chip | |
| CN101662469B (en) | Method and system based on USBKey online banking trade information authentication | |
| CN101661599B (en) | Method for authenticating validity of self-contained software of equipment system | |
| RU2008129307A (en) | APPARATUS AND METHOD FOR TRANSFER OF OBJECT OF RIGHTS FROM ONE DEVICE TO ANOTHER DEVICE BY MEANS OF A SERVER | |
| CN108600268B (en) | Encryption and decryption method applied to non-credit authentication and non-credit authentication system | |
| WO2002014986A3 (en) | Method and apparatus for controlling or monitoring access to the content of a telecommunicable data file | |
| CN110891065A (en) | Token-based user identity auxiliary encryption method | |
| CN112149068A (en) | Access-based authorization verification method, information generation method and device, and server | |
| DE19810159A1 (en) | Method of inserting service key into terminal | |
| CN103237010A (en) | Server side for providing digital content in encryption mode | |
| CA2634703A1 (en) | Method for secure transfer of medical data to a mobile unit/terminal | |
| CN105187219B (en) | The anti-tamper method of identity information in real-name authentication | |
| CN108390857A (en) | A kind of method and apparatus of high sensitive network to low sensitive network export | |
| CN107888608A (en) | A kind of encryption system for protecting computer software | |
| CN110365676A (en) | Guard method and system are obscured in a kind of encryption of website static page | |
| CN104506530B (en) | A kind of network data processing method and device, data transmission method for uplink and device | |
| CN114915458B (en) | Urban rail transit is with synthesizing monitoring protector | |
| WO2005083925A1 (en) | Securing computer data | |
| CN104751019B (en) | Seal guard method and device | |
| EP2920754B1 (en) | Method for carrying out transactions | |
| KR100803357B1 (en) | Database security device and method | |
| CN109145645B (en) | Method for protecting short message verification code in android mobile phone | |
| CN113111990A (en) | Data processing method and system for OFD electronic file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191022 |