CN105187430A - Reverse proxy server, reverse proxy system and reverse proxy method - Google Patents
Reverse proxy server, reverse proxy system and reverse proxy method Download PDFInfo
- Publication number
- CN105187430A CN105187430A CN201510595368.1A CN201510595368A CN105187430A CN 105187430 A CN105187430 A CN 105187430A CN 201510595368 A CN201510595368 A CN 201510595368A CN 105187430 A CN105187430 A CN 105187430A
- Authority
- CN
- China
- Prior art keywords
- url
- target
- application server
- reverse proxy
- target url
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 230000002093 peripheral effect Effects 0.000 claims abstract description 67
- 238000012795 verification Methods 0.000 claims abstract description 43
- 230000003993 interaction Effects 0.000 claims abstract description 29
- 230000014509 gene expression Effects 0.000 claims description 28
- 230000003750 conditioning effect Effects 0.000 claims description 8
- 230000008569 process Effects 0.000 description 26
- 238000012545 processing Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a reverse proxy server, a reverse proxy system and a reverse proxy method. The reverse proxy server is connected with a peripheral application server and a peripheral client, and comprises a setting unit, an interaction unit and a verification unit, wherein the setting unit is used for setting an intercept rule of a URL; the interaction unit is used for receiving an object access request sent from the peripheral client, and transmitting the object URL in the object access request to the peripheral application server, and receiving the result data returned from the peripheral application server, and then sending the result data to the client when the verification unit verifies the object URL that the object URL is valid; and the verification unit is used for acquiring the object URL in the object access request received by the interaction unit to verify the validity of the object URL so as to reduce the possibility for attacking and destroying the application server according to the intercept rule, set by the setting unit, of the URL.
Description
Technical Field
The present invention relates to the field of computer application technologies, and in particular, to a reverse proxy server, a reverse proxy system, and a method.
Background
With the development of internet technology, enterprise management software (ERP) such as an enterprise internal mail service, a collaborative office system, a financial management system, and the like are increasingly used in external networks. However, due to the openness of the Web service itself and the vulnerabilities of the operating system, the Web service program, and the Web application itself, there is always a possibility that a website will be corrupted by an attack.
At present, when enterprise management software of an ERP class receives an access request, an application server where the enterprise management software is located verifies the access request, such as verifying a user name and a password of an access client, and since the client can directly communicate with the application server where the enterprise management software of the ERP class is located, and a pseudo URL request is frequently sent, overload of the application server is caused, for example, when a lawbreaker frequently sends a URL request carrying the user name so that the application server frequently verifies the user name, then, when the frequently verified user name occupies too much running memory, the running memory of security protection software in the application server may be insufficient, so that the protection capability of the security protection software on the application server is reduced, and the possibility that the application server is damaged by an attack is increased.
Disclosure of Invention
The invention provides a reverse proxy server, a reverse proxy system and a method, thereby reducing the possibility that an application server is damaged by attack.
A reverse proxy server, respectively coupled to an application server of a peripheral device and a client of the peripheral device, comprising: a setting unit, an interaction unit and a verification unit, wherein,
the setting unit is used for setting the interception rule of the URL;
the interaction unit is used for receiving a target access request sent by a peripheral client, forwarding a target URL in the target access request to an application server of the peripheral when the verification unit verifies that the target URL is valid, receiving result data returned by the application server of the peripheral and sending the result data to the client;
the verification unit is used for acquiring the target URL in the target access request received by the interaction unit according to the URL interception rule set by the setting unit and verifying the validity of the target URL.
Preferably, the reverse proxy server further comprises: a forwarding unit for forwarding, among other things,
the setting unit is further used for setting a forwarding rule of the URL;
the interaction unit is further configured to receive a service request sent by the peripheral client, receive a service target URL sent by the forwarding unit, send the service target URL to the peripheral application server, receive web page information corresponding to the service target URL returned by the peripheral application server, and send the web page information corresponding to the service target URL to the peripheral client;
the forwarding unit is configured to obtain a service target URL in the service request received by the interaction unit, verify whether the service target URL is related to a target URL verified by the verification unit to be valid, and if so, send the service target URL to the interaction unit according to a forwarding rule of a URL address set by the setting unit.
Preferably, the reverse proxy server further comprises: a determination unit for determining, wherein,
the determining unit is used for determining all user name information in the application server of the peripheral equipment;
the verification unit is configured to determine whether the user name in the target URL exists in all the user name information determined by the determination unit, and if yes, the target URL is valid.
Preferably, the setting unit is configured to set any one or more of a style URLPattern of the URL, a forwarding Condition of the URL, and a variable serververvariables of the application server in the URL, wherein,
the URLPattern includes: requestedURL, Using, and Pattern; wherein, the RequestedURL comprises two options of MatchesthePattern or DoesnotMatcheschepattern; the Using comprises three expression options of regular expressions, Wildcards and exact match; the Pattern provides a corresponding implementation scheme for any expression in the Using;
the Condition includes: the method comprises the following steps of (1) conditioning, checkifinputting and Pattern, wherein the conditioning comprises three variables of { QUERY _ STRING }, { HTTP _ HOST }, and { SERVER _ PORT } of all URLs in an application SERVER; the Checkifinputting comprises two options of MatchthePattern and DoesNotMatchthePattern, and the Pattern comprises a corresponding URL style in the Checkifinputting option;
the ServerVariables include: a variable of an application server of the peripheral;
the verification unit is configured to, when the target URL meets the style URLPattern of the URL address set by the setting unit, obtain the target URL, and determine that the target URL meets the forwarding Condition of the URL according to a URL expression provided by the forwarding Condition of the URL, where the target URL is valid; and/or the verification unit is configured to determine that the application server variable in the target URL is the same as that in the serververvvariables after the target URL is obtained, and the target URL is valid.
Preferably, the setting unit is further configured to set a destination address of the URL, and establish a correspondence between the URL and the destination address;
and the interaction unit is used for forwarding the target address corresponding to the target URL to the peripheral application server.
Preferably, the reverse proxy server is installed with ARR components including RequestRouter, externaldisthche, Rewrite, and WebFarm for providing a programming framework for each unit in the reverse proxy server.
A reverse proxy system comprising: any one of the reverse proxy server, the at least one application server, and the at least one client; wherein,
the application server is interconnected with the reverse proxy server and is used for receiving a target URL sent by the reverse proxy server and returning result data corresponding to the target URL to the reverse proxy server;
the at least one client is interconnected with the reverse proxy server and used for sending a target access request to the reverse proxy server and receiving the result data sent by the reverse proxy server.
Preferably, the at least one application server is further configured to:
and when the reverse proxy server determines that the user name in the target URL is valid, judging whether the password corresponding to the user name in the target URL is correct, and if so, executing the result data corresponding to the returned target URL to the reverse proxy server.
A reverse proxy method, connect reverse proxy server with application server and customer end separately, and set up the interception rule of URL; further comprising:
the reverse proxy server receives a target access request sent by the client;
intercepting a target URL in the target access request according to the interception rule of the URL;
verifying the validity of the target URL, and if the target URL is verified to be valid, forwarding the target URL to the application server;
and receiving result data returned by the application server, and sending the returned result data to the client.
Preferably, the above method further comprises: setting a forwarding rule of the URL;
receiving a service request sent by a client;
intercepting a service target URL in the service request;
verifying whether the service target URL is related to the target URL or not, if so, forwarding the service target URL according to a forwarding rule of the URL address;
and receiving webpage information corresponding to the service target URL returned by the application server, and sending the webpage information corresponding to the service target URL to a client.
Preferably, the above method further comprises: determining all user name information in the application server;
the verifying the validity of the target URL comprises: and judging whether the user name in the target URL exists in all user name information, if so, the target URL is valid.
Preferably, the setting of the interception rule of the URL includes: setting any one or more of a style URLPattern of the URL, a forwarding Condition of the URL, and a variable ServerVariables of the application server in the URL, wherein,
the URLPattern includes: requestedURL, Using, and Pattern; wherein, the RequestedURL comprises two options of MatchesthePattern or DoesnotMatcheschepattern; the Using comprises three expression options of regular expressions, Wildcards and exact match; the Pattern provides a corresponding implementation scheme for any expression in the Using;
the Condition includes: the method comprises the following steps of (1) conditioning, checkifinputting and Pattern, wherein the conditioning comprises three variables of { QUERY _ STRING }, { HTTP _ HOST }, and { SERVER _ PORT } of all URLs in an application SERVER; the Checkifinputting comprises two options of MatchthePattern and DoesNotMatchthePattern, and the Pattern comprises a corresponding URL style in the Checkifinputting option;
the ServerVariables include: a variable of an application server of the peripheral;
intercepting a target URL in the target access request according to the interception rule of the URL, wherein the intercepting comprises the following steps: when the target URL meets the URL address style URLPattern, intercepting the target URL, determining that the target URL meets the forwarding Condition Condition of the URL according to a URL expression provided by the forwarding Condition Condition of the URL, and determining an application server of a peripheral; and/or intercepting a target URL in the target access request according to the interception rule of the URL, wherein the interception comprises the following steps: after the interception of the target URL is executed, determining that the application server variable in the target URL is the same as that in the ServerVariables, and determining an application server of the peripheral equipment according to the variable of the application server in the target URL.
Preferably, the above method further comprises: setting a target address of the URL and establishing a corresponding relation between the URL and the target address;
the forwarding the target URL to the application server includes: and forwarding the target address corresponding to the target URL to an application server of the peripheral equipment.
Preferably, the reverse proxy server installs ARR components including RequestRouter, ExternalDiskCache, Rewrite, and WebFarm.
The embodiment of the invention provides a reverse proxy server, a reverse proxy system and a method, wherein the proxy server is respectively connected with an application server of a peripheral and a client of the peripheral, and the method comprises the following steps: the device comprises a setting unit, an interaction unit and a verification unit, wherein the setting unit is used for setting the interception rule of the URL; the interaction unit is used for receiving a target access request sent by a peripheral client, forwarding a target URL in the target access request to an application server of the peripheral when the verification unit verifies that the target URL is valid, receiving result data returned by the application server of the peripheral and sending the result data to the client; the verification unit is used for acquiring the target URL in the target access request received by the interaction unit according to the URL interception rule set by the setting unit, verifying the validity of the target URL, verifying the validity of the URL through the reverse proxy server, and then sending the verified URL to the corresponding application server, so that a client can be prevented from passing a WEB network, the communication between the application server and an external network is avoided, and the possibility that the application server is attacked and damaged is reduced.
Drawings
Fig. 1 is a schematic structural diagram of a reverse proxy server according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a reverse proxy system according to an embodiment of the present invention;
fig. 3 is a flowchart of a reverse proxy method according to an embodiment of the present invention;
fig. 4 is a flowchart of a reverse proxy method according to another embodiment of the present invention;
fig. 5 is a timing diagram illustrating authentication of a username and password by the reverse proxy method provided in an embodiment of the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a reverse proxy server, where the reverse proxy server is connected to an application server of a peripheral device and a client of the peripheral device, respectively, and the reverse proxy server includes: a setting unit 101, an interaction unit 102 and a verification unit 103, wherein,
a setting unit 101, configured to set an interception rule of a URL;
the interaction unit 102 is configured to receive a target access request sent by a peripheral client, forward a target URL in the target access request to a peripheral application server when the verification unit 103 verifies that the target URL is valid, receive result data returned by the peripheral application server, and send the result data to the client;
the verifying unit 103 is configured to obtain a target URL in the target access request received by the interacting unit 102 according to the URL interception rule set by the setting unit 101, and verify the validity of the target URL.
In another embodiment of the present invention, for a service request related to a target URL that has been verified to pass, it is not necessary to verify again, so as to effectively improve access efficiency, and therefore, the reverse proxy server further includes: a forwarding unit (not shown in the figure) which, among other things,
a setting unit 101, further configured to set a forwarding rule of the URL;
the interaction unit 102 is further configured to receive a service request sent by a peripheral client, receive a service target URL sent by the forwarding unit, send the service target URL to a peripheral application server, receive web page information corresponding to the service target URL returned by the peripheral application server, and send the web page information corresponding to the service target URL to the peripheral client;
and the forwarding unit is configured to acquire a service target URL in the service request received by the interaction unit 102, verify whether the service target URL is related to a target URL verified by the verification unit 103 to be valid, and if so, send the service target URL to the interaction unit 102 according to a forwarding rule of the URL address set by the setting unit 101.
The forwarding unit can directly forward the service URL related to the target URL which is verified to pass, such as: for financial management, after a target URL is verified, namely a user logs in successfully, each service can be completed only by communicating with an application server through a reverse proxy server in the process of processing the service by the user, if the validity of each service needs to be verified, the workload of the reverse proxy server is greatly increased, and the service processing efficiency is low.
In another embodiment of the present invention, the reverse proxy server can verify the validity of the user name, and prevent an illegal user from attacking the application server through an invalid user name, and then the reverse proxy server further includes: a determination unit (not shown in the figures) in which,
the determining unit is used for determining all user name information in an application server of the peripheral equipment;
and the verification unit 103 is used for judging whether the user name in the target URL exists in all the user name information determined by the determination unit, and if so, the target URL is valid.
In enterprise management software such as an enterprise internal mail service, a collaborative office system, a financial management system and the like of an ERP class, login can be completed only by user name and password verification, if the user name is pushed to an application server for verification, a plurality of invalid user name application servers need to be verified one by one, load of an application server memory is increased undoubtedly, and then the user name can be verified in a reverse proxy server through the embodiment of the invention, so that the reverse proxy server intercepts the invalid user name and only sends the valid user name to the application server, memory load of the application server is reduced, and safety of the application server is further increased.
In another embodiment of the present invention, in order to enable the interception rule set by the setting unit, the setting unit 101 is configured to set any one or more of a style URLPattern of the URL, a forwarding Condition of the URL, and a variable serververvariables of the application server in the URL, wherein,
URLPattern includes: requestedURL, Using, and Pattern; wherein, the RequestedURL comprises two options of Matchestehotten or DoesnotMatchechestehotten; using contains three expression options, RegularExpressions, Wildcards, and exact match; pattern provides a corresponding implementation scheme for any expression in Using;
condition includes: conditionaining, checkifinputting and Pattern, wherein the conditionaining contains three variables, { QUERY _ STRING }, { HTTP _ HOST }, and { SERVER _ PORT } for all URLs in the application SERVER; the Checkifinputting comprises two options of Matchpattern and DoesNotMatchpattern, and the Pattern comprises a corresponding URL style in the Checkifinputting option;
ServerVariables include: a variable of an application server of the peripheral;
the conditionaining includes three variables, { QUERY _ STRING }, { HTTP _ HOST }, and { SERVER _ PORT } for all URLs in the application SERVER, such as: for this web site, http:// www.mysite.com/content/default. aspx? tabid ═ 2& subtabid ═ 3, QUERY _ STRING is tabid ═ 2& subtabid ═ 3; HTTP _ HOST is www.mysite.com; SERVER _ PORT is 80; this 80 represents the interface of the corresponding application server through which the application server can be accurately located. For Pattern, for example: written in the regular expression style, for if the filter suffix is 2& subtabid 3, Pattern may be written as ^ (2) ^ 3.
For the application server variables of the peripheral, all application server variables can be collected by enumerating values, such as http:// www.mysite.com/content/default. aspx? 2 and 3, the enumerated value may be SERVER _ PORT _ SECURE, i.e. 0and http _ scope off corresponding to the URL address, and the enumerated value may be REQUEST _ URI, i.e. content/default. aspx corresponding to the URL address? tabid 2& subtabid 3.
A verification unit 103, configured to, when a target URL meets a style URLPattern of a URL address set by the setting unit 101, obtain the target URL, and determine that the target URL meets a forwarding Condition of the URL according to a URL expression provided by the forwarding Condition of the URL, where the target URL is valid; and/or the verification unit 103 is configured to determine that the application server variable in the target URL is the same as that in serververvariables after the obtaining of the target URL is performed, and the target URL is valid.
In the verification process, if the set URLPattern represents that the Matchestepattern accords with the set URL pattern, intercepting, and neglecting if the Matchestepattern does not accord with the set URL pattern; if the set URLPattern is intercepted only if the representation of DoesnotMatchesthePattern does not conform to the set URL pattern, but neglects the representation of the set URL pattern, the verification of some unnecessary URLs can be avoided.
It should be noted that, the verification unit may also set that the target URL is determined to be valid only if the MatchAll satisfies the forwarding Condition of the URL; or the target URL can be determined to be valid as long as MatchAny one of conditions is met, and the specific setting can be set according to the user requirements.
In another embodiment of the invention, in order to avoid that the URL in the access request or the service request is intercepted during the process of sending the access request or the service request to the reverse proxy server, so that information such as the user name or service data is leaked.
A setting unit 101, further configured to set a destination address of the URL, and establish a corresponding relationship between the URL and the destination address;
and the interaction unit is used for forwarding the target address corresponding to the target URL to the peripheral application server.
This process is mainly to avoid directly carrying target information in the URL, for example: only by this target address http:// www.mysite.com/content/default. aspx? If the client directly sends the target address and is intercepted, the information of the application server can be obtained from the information, and if the setting unit sets that the pseudo address http:// www.mysite.com/content/abc sent by the client corresponds to the target address, even if the pseudo address http:// www.mysite.com/content/abc is intercepted, the information of the application server cannot be leaked.
It should be noted that, not only for the URL in the access request, but also for the URL in the service request, a corresponding relationship between the pseudo service target URL and the actual service target URL may be established, and after receiving the pseudo service target URL, the direction proxy server may determine the actual service target URL corresponding to the pseudo service target URL, and send the actual service target URL to the application server, so that the user information may avoid the risk of being leaked, for example: if the user transacts and stores 10 ten thousand yuan RMB in the bank, the user can replace the 10 ten thousand yuan RMB with A in the pseudo URL, so that the real information cannot be analyzed even if the URL information is intercepted.
In another embodiment of the invention, the reverse proxy server is installed with ARR components including RequestRouter, ExternalDiskCache, Rewrite and WebFarm, which are used to provide a programming framework for each unit in the reverse proxy server.
As shown in fig. 2, an embodiment of the present invention provides a reverse proxy system, which includes: any one of the above reverse proxy server 201, application server 202 and client 203; wherein,
at least one application server 202 interconnected with the reverse proxy server 201, configured to receive a target URL sent by the reverse proxy server 202, and return result data corresponding to the target URL to the reverse proxy server 202;
at least one client 203 interconnected with reverse proxy server 201 for sending target access request to reverse proxy server 201 and receiving the result data sent by reverse proxy server 201.
In another embodiment of the present invention, the at least one application server 202 is further configured to: when reverse proxy server 201 determines that the user name in the target URL is valid, it determines whether the password corresponding to the user name in the target URL is correct, and if so, returns result data corresponding to the target URL to reverse proxy server 201. The process can avoid the verification of invalid user names by the application server, and reduce unnecessary expenses of the application server.
It is worth mentioning that the client and the reverse proxy server can be connected with each other through an external network or an internal network, and the application server is connected with the reverse proxy server only through the internal network, so that the safety of the application server can be ensured.
As shown in fig. 3, an embodiment of the present invention provides a reverse proxy method, where connecting a reverse proxy server to an application server and a client respectively is a basis for implementing the method, and the method may include the following steps:
step 301: setting an interception rule of the URL;
step 302: a reverse proxy server receives a target access request sent by a client;
step 303: intercepting a target URL in the target access request according to the interception rule of the URL;
step 304: verifying the validity of the target URL, and if the target URL is verified to be valid, forwarding the target URL to an application server;
step 305: and receiving result data returned by the application server and sending the result data to the client.
In one embodiment of the present invention, in order to reduce the verification load of the reverse proxy server and thereby speed up the rate of forwarding URLs by the reverse proxy server, the method further comprises: setting a forwarding rule of the URL; receiving a service request sent by a client; intercepting a service target URL in a service request; verifying whether the service target URL is related to the target URL or not, if so, forwarding the service target URL according to the forwarding rule of the URL address; and receiving and sending webpage information corresponding to the service target URL returned by the application server, and sending the webpage information corresponding to the service target URL to the client.
In an embodiment of the present invention, for a URL carrying a username and a password, the method further comprises: determining all user name information in the application server of the peripheral equipment; specific implementation of step 304: and judging whether the user name in the target URL exists in all the user name information determined by the determining unit, and if so, enabling the target URL to be valid.
In an embodiment of the present invention, in order to intercept the URL in a targeted manner, the specific implementation manner of step 301 is: setting any one or more of a style URLPattern of the URL, a forwarding Condition Condition of the URL and a variable ServerVariables of the application server in the URL, wherein the URLPattern comprises: requestedURL, Using, and Pattern; wherein, the RequestedURL comprises two options of Matchestehotten or DoesnotMatchechestehotten; using contains three expression options, RegularExpressions, Wildcards, and exact match; pattern provides a corresponding implementation scheme for any expression in Using; condition includes: conditionaining, checkifinputting and Pattern, wherein the conditionaining contains three variables, { QUERY _ STRING }, { HTTP _ HOST }, and { SERVER _ PORT } for all URLs in the application SERVER; the Checkifinputting comprises two options of MatchthePattern and DoesNotMatchthePattern, and the Pattern comprises a corresponding URL style in the Checkifinputting option; ServerVariables include: a variable of an application server of the peripheral; the specific implementation of step 303: when the target URL meets the URL address style URLPattern, intercepting the target URL, determining that the target URL meets the forwarding Condition Condition of the URL according to a URL expression provided by the forwarding Condition Condition of the URL, and determining an external application server according to the variable of the application server in the target URL; and/or after the interception of the target URL is executed, determining that the application server variable in the target URL is the same as that in the ServerVariables, and determining the application server of the peripheral equipment according to the application server variable in the target URL.
In an embodiment of the present invention, in order to avoid that a real URL directly sent by a client is intercepted, the URL sent by the client may be set not to directly access to an application server, but a target address is mapped to the URL sent by the client in a reverse proxy server, and the application server is accessed through the target address, so the method further includes: setting a target address of the URL and establishing a corresponding relation between the URL and the target address; specific embodiments of forwarding the target URL to the application server in step 304: and forwarding the target address corresponding to the target URL to an application server of the peripheral equipment.
In one embodiment of the invention, in order to make the programming process simpler and more widely applicable, ARR components are installed in the reverse proxy server, wherein the ARR components comprise a requestRouter, an ExternalDiskCache, a Rewrite and a WebFarm, and the ARR components provide a framework for programming.
As shown in fig. 4, another embodiment of the present invention takes a client sending an access request carrying a user name and a password as an example to develop a reverse proxy method, where connecting a reverse proxy server with an application server and the client respectively is a basis for implementing the method, and the method may include the following steps:
step 400: determining all user name information in an application server, setting a target address of a URL (uniform resource locator), and establishing a corresponding relation between the URL and the target address;
the purpose of this step is mainly to verify the username in the reverse proxy server and avoid the user name or password leakage caused by the interception of the URL carried in the access request sent by the client, but by establishing the correspondence between the URL and the target address, the reverse proxy server can access the application server according to the URL after receiving the URL, and the application server cannot be accessed by the URL directly sent by the client.
Step 401: setting an interception rule and a forwarding rule of the URL;
in this step, setting the interception rule is mainly implemented by setting any one or more of a style URLPattern of the URL, a forwarding Condition of the URL, and a variable serververvariables of the application server in the URL, wherein,
URLPattern includes: requestedURL, Using, and Pattern; wherein, the RequestedURL comprises two options of Matchestehotten or DoesnotMatchechestehotten; using contains three expression options, RegularExpressions, Wildcards, and exact match; pattern provides a corresponding implementation scheme for any expression in Using;
condition includes: conditionaining, checkifinputting and Pattern, wherein the conditionaining contains three variables, { QUERY _ STRING }, { HTTP _ HOST }, and { SERVER _ PORT } for all URLs in the application SERVER; the Checkifinputting comprises two options of Matchpattern and DoesNotMatchpattern, and the Pattern comprises a corresponding URL style in the Checkifinputting option;
the conditionaining includes three variables, { QUERY _ STRING }, { HTTP _ HOST }, and { SERVER _ PORT } for all URLs in the application SERVER, such as: for this web site, http:// www.mysite.com/content/default. aspx? tabid 2& subtabid 3,
QUERY _ STRING is tabid ═ 2& subtabid ═ 3; HTTP _ HOST is www.mysite.com; SERVER _ PORT is 80; this 80 represents the interface of the corresponding application server through which the application server can be accurately located. For Pattern, for example: written in the regular expression style, for if the filter suffix is 2& subtabid 3, Pattern may be written as ^ (2) ^ 3.
ServerVariables include: a variable of the application server; for application server variables, all application server variables can be collected by enumerating values, such as http:// www.mysite.com/content/default. aspx? 2 and 3, the enumerated value may be SERVER _ PORT _ SECURE, i.e. 0and http _ scope off corresponding to the URL address, and the enumerated value may be REQUEST _ URI, i.e. content/default. aspx corresponding to the URL address? tabid 2& subtabid 3.
For an access request needing to verify a username and a password, the set interception rule may further include a format of the username existing in the URL, which is actually a style of the URL.
Step 402: a reverse proxy server receives a target access request sent by a client;
in the process, the reverse proxy server can provide a login interface for inputting a user name and a password for the client, and when the client receives the user name and the password input by the user and triggers login, the reverse proxy server can receive a target access request sent by the client.
Step 403: judging whether the target URL in the target access request meets the requirement of the style URLPattern of the URL address in the setting rule, if so, executing a step 404; otherwise, go to step 405;
for example: when the user name is required to be only letters, the URL address pattern URLPattern has a certain rule, and the user name which does not meet the rule does not exist, and the unqualified user name can be directly ignored without a verification process. In addition, when the user name is required to not include Chinese characters, the URL style URLPattern of the URL corresponding to the user name including the Chinese characters has a certain rule, and then the URL meeting the rule can be specified to be ignored, that is, the user name meeting the rule does not exist, and the user name which does not meet the requirement can be directly ignored without a verification process. In the rule of the login request, the Pattern defined is: a, ConditionInput: { QUERY _ STRING }, ConditionPattern: and selecting RewriteURL in Action, wherein RewriteURL is http:// localhost:8083/checkuser.
Step 404: intercepting the target URL, judging whether a user name in the target URL exists, if so, judging that the target URL is valid, and executing step 406; otherwise, the target URL is invalid, go to step 407;
the process of judging whether the user name exists is that the user name is a URL expression provided according to the forwarding Condition of the URL, the target URL is determined to meet the forwarding Condition of the URL, the peripheral application server is determined, all conditions can be set to be met in the forwarding Condition and then sent to the application server, and the user name can be set to be sent to the application server only when one Condition is met. In addition, in the process of verifying the validity of the target URL, the application server of the peripheral device can be determined by determining that the application server variable in the target URL is the same as that in serververvariables and according to the application server variable in the target URL.
Step 405: ignoring the target URL and ending the current process;
step 406: forwarding the target address corresponding to the target URL to the application server, and executing step 408;
for example: the target URL sent by the client is A, and when the reverse proxy server receives A, the reverse proxy server can send the real target address corresponding to A to the application server, so that the application server can be accessed. Whereas if a is sent directly to the application server, no return data will be obtained.
Step 407: returning the user name verification error information to the client and ending the current process;
after the user name is verified to be wrong, the reverse proxy server does not send the target address corresponding to the target URL corresponding to the wrong user name to the application server any more, and the workload of the application server is reduced.
Step 408: receiving result data returned by the application server, and sending the returned result data to the client;
when the application server receives an access request with successful user name verification, the application server verifies the password, and if the password verification is successful, returned result data is information of a webpage corresponding to the access request; if the password authentication fails, returning result data as the information of the password authentication failure.
Step 409: receiving a service request sent by a client;
for enterprise business software of ERP class, the login request is only the basis of business process, and after the login is successful, the client sends the business request when the business process is carried out, so that if the user name and the password are verified for all the business requests, the workload of the reverse proxy server and the application server is increased undoubtedly. In the embodiment of the present invention, the processing procedure for the service request is as shown in step 409 to step 412.
Step 410: intercepting a service target URL in a service request;
step 411: verifying whether the service target URL is related to the target URL, and if so, executing step 412; otherwise, go to step 413;
in this process, it is first ensured that the service target URL meets the URL style requirements, and then it is verified whether the service target URL is related to the target URL.
Step 412: forwarding the service target URL according to the forwarding rule of the URL address, and executing step 414;
the forwarding rule here refers to changing the service target URL to meet the requirements of the application server.
Step 413: ignoring the service target URL and ending the current process;
step 414: and receiving webpage information corresponding to the service target URL returned by the application server, and sending the webpage information corresponding to the service target URL to the client.
It should be noted that, in the forwarding rule mentioned in the embodiment of the present invention, the forwarding rule further includes: and modifying the URL, wherein the modification mode can be divided into: five types, Rewrite, None, Redirect, CustomResponse, and AbortRequest, where Rewrite is rewriting a URL after it is received, and provides two variables { C: N } and { R: N }, where N represents 0-9, such as www.foo.com/index. aspx, and if a regular expression is selected in the defined MatchedURL, Pattern is defined as ^ (w \.) ($) with the following defined variable meanings: { C:0} -www.foo.com; { C:1} -www; com, 2} -C; aspx, 1R.
It is worth mentioning that the ARR components including RequestRouter, externaldistkcache, Rewrite and WebFarm are installed for the reverse proxy server, and these components are used as a framework to make the method of the reverse proxy reliable. Because ARR is based on the application layer, the ARR can be based on HOSTNAME or HTTPHEADER and other information when defining URL, so that the usability and expansibility of the ERR system can be better enhanced, the resource of the server can be better utilized, the application program can be deployed more quickly, the management cost of the whole ERP is reduced, and the deployment of a shared host becomes possible.
In order to make the process and sequence of the user name and password verification by the reverse proxy method clearer, as shown in fig. 5, a sequence chart of the user name and password verification applied in an ERP application server is provided, and it can be seen from the figure that, as can be seen from the figure, a client sends a login request to a reverse proxy server (represented by a proxy server in the figure), where the login request is sent by means of HTTPS, in this process, a firewall in the reverse proxy server intercepts a part of known malicious attack objects; the reverse proxy server provides a login interface for the client, when the client inputs a user name and a password in the login interface, the client can send the access request to the reverse proxy server by clicking the login, the proxy server intercepts the URL in the access request and verifies the validity of the user name (here, the validity mainly refers to whether the user name meets the requirement or not), if the user name is verified, the URL is returned to the client, the user name is failed to be verified, if the user name is verified, the URL is sent to the ERP application server, the ERP application server verifies the password, if the user name is verified, the system main page in the ERP application server is returned to the client through the reverse proxy server, after the client receives the main page, the client sends a service request through the main page, and the reverse proxy server further intercepts and verifies whether the service request is related to the system main page which is, and if the business request is relevant, the business request is sent to the ERP application server, the ERP application server processes the business according to the business request, and a processing result is returned to the client through the reverse proxy server, namely the whole business process from login to business processing is completed. In addition to setting a firewall in the reverse proxy server to directly isolate known dangerous objects, the ERP application server also sets a firewall to further enhance the safety of the ERP application server in the whole process.
The scheme provided by the embodiment of the invention at least can achieve the following beneficial effects:
1. the proxy server is respectively connected with the application server of the peripheral and the client of the peripheral, and comprises: the device comprises a setting unit, an interaction unit and a verification unit, wherein the setting unit is used for setting the interception rule of the URL; the interaction unit is used for receiving a target access request sent by a peripheral client, forwarding a target URL in the target access request to an application server of the peripheral when the verification unit verifies that the target URL is valid, receiving result data returned by the application server of the peripheral and sending the result data to the client; the verification unit is used for acquiring the target URL in the target access request received by the interaction unit according to the URL interception rule set by the setting unit, verifying the validity of the target URL, verifying the validity of the URL through the reverse proxy server, and then sending the verified URL to the corresponding application server, so that a client can be prevented from passing a WEB network, the communication between the application server and an external network is avoided, and the possibility that the application server is attacked and damaged is reduced.
2. In the embodiment of the invention, the reverse proxy server does not store the real data of any web page, and all static web pages or dynamic network application programs are stored on the application server in the internal network. Therefore, the attack on the reverse proxy server can not damage the webpage information, and the safety of the internal application server is enhanced.
3. The reverse proxy server provided by the embodiment of the invention is provided with the ARR component, and because the ARR is based on the application layer, the ARR can be based on the HOSTNAME or HTTPHEADER and other information when the URL is defined, so that the usability and expansibility of an ERR system can be better enhanced, the resources of the server can be better utilized, the deployment of an application program is quicker, the management cost of the whole application server is reduced, and the deployment of a shared host becomes possible.
4. In the embodiment of the invention, the reverse proxy server only needs to verify whether the service target URL is related to the target URL which is verified to be valid or not for the service request related to the target URL which is verified to be passed, and does not need to verify the user name and the password again, thereby effectively improving the access efficiency.
5. In the embodiment of the invention, the URL sent by the client can be fictitious by the reverse proxy server as the client, only the reverse proxy server can analyze the corresponding target address according to the URL and send the target address to the application server, so that the information leakage of the information such as the user name or the service data caused by the interception of the URL in the access request or the service request in the process of sending the access request or the service request to the reverse proxy server by the client is avoided.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A reverse proxy server, respectively coupled to an application server of a peripheral device and a client of the peripheral device, comprising: a setting unit, an interaction unit and a verification unit, wherein,
the setting unit is used for setting the interception rule of the URL;
the interaction unit is used for receiving a target access request sent by a peripheral client, forwarding a target URL in the target access request to an application server of the peripheral when the verification unit verifies that the target URL is valid, receiving result data returned by the application server of the peripheral and sending the result data to the peripheral client;
the verification unit is used for acquiring the target URL in the target access request received by the interaction unit according to the URL interception rule set by the setting unit and verifying the validity of the target URL.
2. The reverse proxy server of claim 1, further comprising: a forwarding unit for forwarding, among other things,
the setting unit is further used for setting a forwarding rule of the URL;
the interaction unit is further configured to receive a service request sent by the peripheral client, receive a service target URL sent by the forwarding unit, send the service target URL to the peripheral application server, receive web page information corresponding to the service target URL returned by the peripheral application server, and send the web page information corresponding to the service target URL to the peripheral client;
the forwarding unit is configured to obtain a service target URL in the service request received by the interaction unit, verify whether the service target URL is related to a target URL verified by the verification unit to be valid, and if so, send the service target URL to the interaction unit according to a forwarding rule of a URL address set by the setting unit.
3. The reverse proxy server of claim 1, further comprising: a determination unit for determining, wherein,
the determining unit is used for determining all user name information in the application server of the peripheral equipment;
the verification unit is configured to determine whether the user name in the target URL exists in all the user name information determined by the determination unit, and if yes, the target URL is valid.
4. The reverse proxy server of claim 1,
the setting unit is used for setting any one or more of a style URLPattern of the URL, a forwarding Condition Condition of the URL and a variable ServerVariables of the application server in the URL,
the URLPattern includes: requestedURL, Using, and Pattern; wherein, the RequestedURL comprises two options of MatchesthePattern or DoesnotMatcheschepattern; the Using comprises three expression options of regular expressions, Wildcards and exact match; the Pattern provides a corresponding implementation scheme for any expression in the Using;
the Condition includes: the method comprises the following steps of (1) conditioning, checkifinputting and Pattern, wherein the conditioning comprises three variables of { QUERY _ STRING }, { HTTP _ HOST }, and { SERVER _ PORT } of all URLs in an application SERVER; the Checkifinputting comprises two options of MatchthePattern and DoesNotMatchthePattern, and the Pattern comprises a corresponding URL style in the Checkifinputting option;
the ServerVariables include: a variable of an application server of the peripheral;
the verification unit is configured to, when the target URL meets the style URLPattern of the URL address set by the setting unit, obtain the target URL, and determine that the target URL meets the forwarding Condition of the URL according to a URL expression provided by the forwarding Condition of the URL, where the target URL is valid; and/or the verification unit is configured to determine that the application server variable in the target URL is the same as that in the serververvvariables after the target URL is obtained, and the target URL is valid.
5. The reverse proxy server according to any one of claims 1 to 4,
the setting unit is further used for setting a target address of the URL and establishing a corresponding relation between the URL and the target address;
the interaction unit is used for forwarding the target address corresponding to the target URL to the peripheral application server;
and/or the presence of a gas in the gas,
the reverse proxy server is provided with ARR components, wherein the ARR components comprise a RequestRouter, an ExternalDiskCache, a Rewrite and a WebFarm and are used for providing a programming framework for each unit in the reverse proxy server.
6. A reverse proxy system, comprising: the reverse proxy server of any of claims 1 to 5, at least one application server, and at least one client; wherein,
the application server is interconnected with the reverse proxy server and is used for receiving a target URL sent by the reverse proxy server and returning result data corresponding to the target URL to the reverse proxy server;
the at least one client is interconnected with the reverse proxy server and used for sending a target access request to the reverse proxy server and receiving the result data sent by the reverse proxy server.
7. The reverse proxy system of claim 6, wherein the at least one application server is further configured to:
and when the reverse proxy server determines that the user name in the target URL is valid, judging whether the password corresponding to the user name in the target URL is correct, and if so, executing the result data corresponding to the returned target URL to the reverse proxy server.
8. A reverse proxy method is characterized in that a reverse proxy server is respectively connected with an application server and a client, and an interception rule of a URL is set; further comprising:
the reverse proxy server receives a target access request sent by the client;
intercepting a target URL in the target access request according to the interception rule of the URL;
verifying the validity of the target URL, and if the target URL is verified to be valid, forwarding the target URL to the application server;
and receiving result data returned by the application server, and sending the returned result data to the client.
9. The method of claim 8,
further comprising: setting a forwarding rule of the URL;
receiving a service request sent by a client;
intercepting a service target URL in the service request;
verifying whether the service target URL is related to the target URL or not, if so, forwarding the service target URL according to a forwarding rule of the URL address;
receiving webpage information corresponding to the service target URL returned by the application server, and sending the webpage information corresponding to the service target URL to a client;
and/or the presence of a gas in the gas,
further comprising: determining all user name information in the application server;
the verifying the validity of the target URL comprises: judging whether the user name in the target URL exists in all user name information, if so, the target URL is valid;
and/or the presence of a gas in the gas,
the setting of the interception rule of the URL includes: setting any one or more of a style URLPattern of the URL, a forwarding Condition of the URL, and a variable ServerVariables of the application server in the URL, wherein,
the URLPattern includes: requestedURL, Using, and Pattern; wherein, the RequestedURL comprises two options of MatchesthePattern or DoesnotMatcheschepattern; the Using comprises three expression options of regular expressions, Wildcards and exact match; the Pattern provides a corresponding implementation scheme for any expression in the Using;
the Condition includes: the method comprises the following steps of (1) conditioning, checkifinputting and Pattern, wherein the conditioning comprises three variables of { QUERY _ STRING }, { HTTP _ HOST }, and { SERVER _ PORT } of all URLs in an application SERVER; the Checkifinputting comprises two options of MatchthePattern and DoesNotMatchthePattern, and the Pattern comprises a corresponding URL style in the Checkifinputting option;
the ServerVariables include: a variable of an application server of the peripheral;
intercepting a target URL in the target access request according to the interception rule of the URL, wherein the intercepting comprises the following steps: when the target URL meets the URL address style URLPattern, intercepting the target URL, determining that the target URL meets the forwarding Condition Condition of the URL according to a URL expression provided by the forwarding Condition Condition of the URL, and determining an application server of a peripheral; and/or intercepting a target URL in the target access request according to the interception rule of the URL, wherein the interception comprises the following steps: after the interception of the target URL is executed, determining that the application server variable in the target URL is the same as that in the ServerVariables, and determining an application server of the peripheral equipment according to the variable of the application server in the target URL.
10. The method according to any one of claims 8 or 9,
further comprising: setting a target address of the URL and establishing a corresponding relation between the URL and the target address;
the forwarding the target URL to the application server includes: forwarding the target address corresponding to the target URL to an application server of the peripheral equipment;
and/or the presence of a gas in the gas,
the reverse proxy server installs ARR components including RequestRouter, ExternalDiskCache, Rewrite, and WebFarm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595368.1A CN105187430A (en) | 2015-09-18 | 2015-09-18 | Reverse proxy server, reverse proxy system and reverse proxy method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595368.1A CN105187430A (en) | 2015-09-18 | 2015-09-18 | Reverse proxy server, reverse proxy system and reverse proxy method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105187430A true CN105187430A (en) | 2015-12-23 |
Family
ID=54909274
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510595368.1A Pending CN105187430A (en) | 2015-09-18 | 2015-09-18 | Reverse proxy server, reverse proxy system and reverse proxy method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105187430A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161451A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | The method of defence CC attack, Apparatus and system |
| CN106161617A (en) * | 2016-07-04 | 2016-11-23 | 微梦创科网络科技(中国)有限公司 | Reverse proxy method based on NODEJS, Reverse Proxy and system |
| CN107277026A (en) * | 2017-06-29 | 2017-10-20 | 福建天泉教育科技有限公司 | A kind of Intranet access method and terminal |
| CN107454055A (en) * | 2017-05-17 | 2017-12-08 | 中云网安科技(北京)有限公司 | A kind of methods, devices and systems by learning guarding website safely |
| CN107454050A (en) * | 2016-06-01 | 2017-12-08 | 腾讯科技(深圳)有限公司 | A kind of method and device for accessing Internet resources |
| CN107770189A (en) * | 2017-10-30 | 2018-03-06 | 湖北三新文化传媒有限公司 | Reverse proxy method, system, proxy server and storage medium |
| CN107911219A (en) * | 2017-11-09 | 2018-04-13 | 成都知道创宇信息技术有限公司 | A kind of anti-CC methods of API based on key signature |
| CN110049119A (en) * | 2019-04-12 | 2019-07-23 | 苏州浪潮智能科技有限公司 | A kind of service request processing method, device and relevant device |
| CN111460460A (en) * | 2020-04-02 | 2020-07-28 | 北京金山云网络技术有限公司 | Task access method, device, proxy server and machine-readable storage medium |
| CN112073374A (en) * | 2020-08-05 | 2020-12-11 | 长沙市到家悠享网络科技有限公司 | Information interception method, device and equipment |
| CN112995180A (en) * | 2021-03-02 | 2021-06-18 | 吕静贤 | Enterprise WeChat application proxy system for reducing unauthorized vulnerability risk |
| CN115065726A (en) * | 2022-06-10 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Protocol format control method, device, controller, server and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030065711A1 (en) * | 2001-10-01 | 2003-04-03 | International Business Machines Corporation | Method and apparatus for content-aware web switching |
| CN102487376A (en) * | 2010-12-01 | 2012-06-06 | 金蝶软件(中国)有限公司 | Enterprise resource planning system login method, device and system |
| CN104184774A (en) * | 2013-05-24 | 2014-12-03 | 阿里巴巴集团控股有限公司 | Information processing method based on sandbox environment and system thereof |
-
2015
- 2015-09-18 CN CN201510595368.1A patent/CN105187430A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030065711A1 (en) * | 2001-10-01 | 2003-04-03 | International Business Machines Corporation | Method and apparatus for content-aware web switching |
| CN102487376A (en) * | 2010-12-01 | 2012-06-06 | 金蝶软件(中国)有限公司 | Enterprise resource planning system login method, device and system |
| CN104184774A (en) * | 2013-05-24 | 2014-12-03 | 阿里巴巴集团控股有限公司 | Information processing method based on sandbox environment and system thereof |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107454050A (en) * | 2016-06-01 | 2017-12-08 | 腾讯科技(深圳)有限公司 | A kind of method and device for accessing Internet resources |
| CN107454050B (en) * | 2016-06-01 | 2020-03-03 | 腾讯科技(深圳)有限公司 | Method and device for accessing network resources |
| CN106161617A (en) * | 2016-07-04 | 2016-11-23 | 微梦创科网络科技(中国)有限公司 | Reverse proxy method based on NODEJS, Reverse Proxy and system |
| CN106161451B (en) * | 2016-07-19 | 2019-09-17 | 青松智慧(北京)科技有限公司 | Defend the method, apparatus and system of CC attack |
| CN106161451A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | The method of defence CC attack, Apparatus and system |
| CN107454055A (en) * | 2017-05-17 | 2017-12-08 | 中云网安科技(北京)有限公司 | A kind of methods, devices and systems by learning guarding website safely |
| CN107454055B (en) * | 2017-05-17 | 2020-08-28 | 中云网安科技(北京)有限公司 | Method, device and system for protecting website through safe learning |
| CN107277026A (en) * | 2017-06-29 | 2017-10-20 | 福建天泉教育科技有限公司 | A kind of Intranet access method and terminal |
| CN107770189A (en) * | 2017-10-30 | 2018-03-06 | 湖北三新文化传媒有限公司 | Reverse proxy method, system, proxy server and storage medium |
| CN107911219A (en) * | 2017-11-09 | 2018-04-13 | 成都知道创宇信息技术有限公司 | A kind of anti-CC methods of API based on key signature |
| CN110049119A (en) * | 2019-04-12 | 2019-07-23 | 苏州浪潮智能科技有限公司 | A kind of service request processing method, device and relevant device |
| CN111460460A (en) * | 2020-04-02 | 2020-07-28 | 北京金山云网络技术有限公司 | Task access method, device, proxy server and machine-readable storage medium |
| CN111460460B (en) * | 2020-04-02 | 2023-12-05 | 北京金山云网络技术有限公司 | Task access method, device, proxy server and machine-readable storage medium |
| CN112073374A (en) * | 2020-08-05 | 2020-12-11 | 长沙市到家悠享网络科技有限公司 | Information interception method, device and equipment |
| CN112995180A (en) * | 2021-03-02 | 2021-06-18 | 吕静贤 | Enterprise WeChat application proxy system for reducing unauthorized vulnerability risk |
| CN115065726A (en) * | 2022-06-10 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Protocol format control method, device, controller, server and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105187430A (en) | Reverse proxy server, reverse proxy system and reverse proxy method | |
| WO2022057000A1 (en) | Data proxy method and system and proxy server | |
| EP3424178B1 (en) | Deterministic reproduction of client/server computer state or output sent to one or more client computers | |
| Wurzinger et al. | SWAP: Mitigating XSS attacks using a reverse proxy | |
| US20230283635A1 (en) | Deceiving attackers accessing network data | |
| Li et al. | Analysing the Security of Google’s implementation of OpenID Connect | |
| KR101001132B1 (en) | Method and System for Determining Vulnerability of Web Application | |
| RU2755675C2 (en) | Identification of security vulnerabilities in application program interfaces | |
| CN107634967B (en) | CSRFtoken defense system and method for CSRF attack | |
| CN107046544B (en) | Method and device for identifying illegal access request to website | |
| CN108989355B (en) | Vulnerability detection method and device | |
| US8555365B2 (en) | Directory authentication method for policy driven web filtering | |
| CN102546576A (en) | Webpagehanging trojan detecting and protecting method and system as well as method for extracting corresponding code | |
| CN106998335B (en) | Vulnerability detection method, gateway equipment, browser and system | |
| CN111866124B (en) | Method, device, server and machine-readable storage medium for accessing webpage | |
| CN105635064B (en) | CSRF attack detection method and device | |
| US20210083881A1 (en) | Dynamically analyzing third-party application website certificates across users to detect malicious activity | |
| CN114745145B (en) | Business data access method, device and equipment and computer storage medium | |
| CN106209907B (en) | Method and device for detecting malicious attack | |
| RU2638779C1 (en) | Method and server for executing authorization of application on electronic device | |
| Praitheeshan et al. | Attainable hacks on Keystore files in Ethereum wallets—A systematic analysis | |
| Yassin et al. | SQLIIDaaS: A SQL injection intrusion detection framework as a service for SaaS providers | |
| CN107623693B (en) | Domain name resolution protection method, device, system, computing equipment and storage medium | |
| CN110602134B (en) | Method, device and system for identifying illegal terminal access based on session label | |
| Dresen et al. | Corsica: Cross-origin web service identification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151223 |
|
| WD01 | Invention patent application deemed withdrawn after publication |