CN107438058A - The filter method and filtration system of user's request - Google Patents
The filter method and filtration system of user's request Download PDFInfo
- Publication number
- CN107438058A CN107438058A CN201610366126.XA CN201610366126A CN107438058A CN 107438058 A CN107438058 A CN 107438058A CN 201610366126 A CN201610366126 A CN 201610366126A CN 107438058 A CN107438058 A CN 107438058A
- Authority
- CN
- China
- Prior art keywords
- user
- request
- verification data
- history
- legitimate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The filter method of user's request provided by the invention, verification data is obtained in being asked from user, and history verification data compares, and determines whether illegal user's request, and filter out illegal user's request, legal user's request is sent to web server after illegal request is filtered out.Filter method provided by the invention masks part subscriber requests, and all steps of this method perform on proxy server, helps to mitigate the performance pressures of follow-up web server and operation system.
Description
Technical field
The present invention relates to internet arena, and in particular to a kind of filter method and filtration system.
Background technology
Internet technology development is more and more faster, and network security technology there has also been good precipitation, and the anti-brush of operation layer is (i.e. logical
Cross the account of user, the operating process path of user, the visitation frequency of user, and other combine business characteristic, pass through business
The operation of anti-brush that data are done) there has also been bypass well (by non-main line flow reported data) solution.The solution
Dependent on sophisticated service data, but if the fewer situation of the business datum that can be reported, only some are simple
HTTP headers, anti-brush is realized can be relatively difficult, and input and output are not high.
The content of the invention
In view of this, the present invention provides a kind of filter method and filtration system of user's request, to solve the above problems.
According to the first aspect of the invention, the present invention provides a kind of filter method of user's request, comprises the following steps:Block
Cut the user request for being sent to web server;Verification data is obtained in being asked from the user;By the verification data and
History verification data compares, it is determined whether is legitimate request;And the legitimate request is distributed to the web server, its
In, the filter method performs in proxy server.
Preferably, it is described to compare the verification data and history verification data, it is determined whether for legitimate request include with
The combination of lower one or more of verification modes:The history verification data is retrieved by user agent, if the history is examined
The user agent in data be present, then user's request is the legitimate request;By being gone through described in User IP retrieval
History verification data, if the user request at the appointed time in section recorded in the history verification data is no more than first
Threshold value, then user's request is the legitimate request;If the cookie is legal, user's request is described legal
Request;And the history verification data is retrieved by the User IP and the user cookie, if the history verifies
The request number of times recorded in data is no more than Second Threshold, then user's request is the legitimate request.
Preferably, in addition to:If user cookie is not present, the identifying code of verification page verification input is provided a user
To determine whether user's request is the legitimate request.
Preferably, in addition to:The proxy server arrives the verification data storage caching of the proxy server
In.
Preferably, in addition to:The proxy server deletes the history verification data according to predetermined policy.
Preferably, user's request includes HTTP request, and the verification data that obtains is the head from the HTTP request
Verification data described in acquisition of information.
Preferably, the proxy server is Nginx servers, and the Nginx servers are deposited using the first algorithm management
Contain the caching of the history verification data.
According to the second aspect of the invention, the present invention provides a kind of filtration system of user's request, including:Client, use
Asked in sending the user;WEB server, receive the user and ask to carry out business processing;Proxy server, including:Block
Unit is cut, the user request of web server is sent to for intercepting;Resolution unit, for being obtained in being asked from the user
Take verification data;Determining unit, for the verification data and history verification data to be compared, determine in user's request
Legitimate request;Transmitting element, for the legitimate request to be sent into the web server.
Preferably, wherein the determining unit includes:The history verification data is retrieved by user agent, if described
The user agent in history inspection data be present, then user's request is the legitimate request;
The history verification data is retrieved by user agent, if user's generation in the history inspection data be present
Reason, then user's request is the legitimate request;
The history verification data is retrieved by the User IP, if what is recorded in the history verification data is specifying
User request in period is no more than first threshold, then user's request is the legitimate request;
If the cookie is legal, user's request is the legitimate request;And by the User IP and
The user cookie retrieves the history verification data, if the request number of times recorded in the history verification data is no more than
Second Threshold, then user's request is the legitimate request.
Preferably, the proxy server also includes:Authentication unit, for providing a user verification page verification input
Whether identifying code is the legitimate request to determine user's request.
Preferably, the proxy server also includes:Buffer unit, for caching the history verification data.
Preferably, the proxy server also includes:Unit is deleted, is verified for deleting the history according to predetermined policy
Data.
The filter method of user's request provided by the invention, verification data, and history check number are obtained in being asked from user
According to comparison, illegal user's request is determined whether, and illegal user's request is filtered out, will be closed after illegal request is filtered
User's request of method is sent to web server.Filter method provided by the invention masks part subscriber requests, and this method
All steps perform on proxy server, help to mitigate the performance pressures of follow-up web server and operation system.This
Filtration system corresponding to invention while offer.
Brief description of the drawings
By referring to description of the following drawings to the embodiment of the present invention, above-mentioned and other purpose of the invention, feature and
Advantage will be apparent from, in the accompanying drawings:
Fig. 1 is the flow chart of the filter method of user's request according to embodiments of the present invention;
Fig. 2 is the flow chart of the determination method of illegal request according to embodiments of the present invention;
Fig. 3 is the structure chart of filtration system according to embodiments of the present invention;
Fig. 4 is the schematic diagram of verification data storage according to embodiments of the present invention;
Fig. 5 is the building-block of logic of proxy server according to embodiments of the present invention.
Embodiment
Below based on embodiment, present invention is described, but the present invention is not restricted to these embodiments.Under
It is detailed to describe some specific detail sections in the literary detailed description to the present invention.Do not have for a person skilled in the art
The description of these detail sections can also understand the present invention completely.In order to avoid obscuring the essence of the present invention, known method, mistake
Journey, flow do not describe in detail.What other accompanying drawing was not necessarily drawn to scale.
Flow chart, block diagram in accompanying drawing illustrate the possible system frame of the system of the embodiment of the present invention, method, apparatus
Frame, function and operation, the square frame on flow chart and block diagram can represent a module, program segment or only one section of code, institute
It is all the executable instruction for realizing regulation logic function to state module, program segment and code.It should also be noted that described realize rule
Determining the executable instruction of logic function can reconfigure, so as to generate new module and program segment.Therefore accompanying drawing square frame with
And square frame order is used only to the process and step of preferably diagram embodiment, without should be in this, as the limit to invention itself
System.
Fig. 1 is the flow chart of the filter method of user's request according to embodiments of the present invention.The filter method includes step
Rapid 101- steps 105.
In a step 101, the user's request for being sent to web server is intercepted.
In a step 102, verification data is obtained in being asked from user.
In a step 102, verification data and history verification data are compared, determines legitimate request in user's request and non-
Method is asked.
At step 104, illegal request is filtered.
In step 105, legitimate request is sent to web server.
The step of Fig. 1 filter method, performs in proxy server, is obtained by proxy server and is sent to web services
User's request of device, extracts verification data, according to history verification data and the verification currently extracted in being asked from each user
Comparing, determine whether as illegal request, and legal user's request is sent to web after illegal request is filtered
Server.By the filtering function of proxy server, user's request of part is masked, helps to mitigate follow-up web services
The performance pressures of device and operation system.
Fig. 2 is the flow chart of the determination method of illegal request according to embodiments of the present invention.Method of calibration described in Fig. 3 is led to
Cross tri- UserAgent, User IP, user cookie dimensions and determine whether user's request is illegal request, and it includes step
Rapid 201-211.
In step 201, history verification data is retrieved by UserAgent.
In step 202, judge that UserAgent whether there is.
UserAgent (user agent) is a kind of to data packing, creation packets headers, and addressing, the portion for transmitting message
Part, it is generally used for stating the HTTP request request header of browser.In this step, check in history verification data whether have phase
With UserAgent, be then legitimate request if there is identical UserAgent, if there is no identical UserAgent,
Then continue verification request, perform step 203.
In step 203, User IP retrieves the history verification data.
In step 204, the historical requests in specified time section exceed first threshold.
The user for being not determined as illegal request is asked to continue to be judged according to User IP, history is retrieved using the User IP
Verification data, judges whether the User IP (such as five minutes) request amount within a period of time exceedes threshold values, if not above if
It is considered legitimate request, is then legitimate request, threshold values there are two kinds of possibility if more than, and a kind of is the public affairs that the IP is a region
Net outlet, one kind is that the IP is risk IP, then further checking.
In step 205, judge that cookie whether there is.
Cookie is stored in user local terminal for some websites in order to distinguish user identity, carry out session tracking
On data (generally going through encryption).If cookie is present, further verified by step 207 and 208, if do not deposited
Performing step 206 and requiring that input validation code is verified.
In step 206, judge whether identifying code is correct.
There is provided identifying code input page, it is desirable to user's input validation code, if the identifying code of input is correct, be judged to closing
Method is asked, otherwise illegal request.
In step 207, judge whether cookie is legal.
In a step 208, User IP and user cookie retrieval history verification datas.
In step 209, judge whether request number of times exceedes Second Threshold.
If current cookie is legal, and user's request number of times that User IP+cookie is retrieved is not above threshold values,
Then think legitimate request, directly let off, if user cookie is illegal or the request number of times of IP+cookie retrieval exceedes
Threshold values, then it is illegal request.
In step 210, it is determined that current user's request is legitimate request.
In step 211, it is determined that current user's request is illegal request.
Method of calibration according to Fig. 2, most illegal request is can determine, and due to UserAgent, user
IP and cookie are maintained in the information header of HTTP request, therefore need not parse whole html file, you can get foot
Enough verification datas are verified, and are verified with respect to business datum, and faster, treatment effeciency is higher for verification speed.Separately
Outside, because described method of calibration performs at proxy server end, so as to alleviate follow-up WEB server and business service
The pressure of device.
Fig. 3 is the structure chart of filtration system according to embodiments of the present invention.In fig. 2, the filtering being made up of the above method
System includes client, proxy server, web server and service server.Client receives user's request, request method bag
Include HTTP request, HTTPS request, FTP requests etc..Proxy server end is filtered by user's request.Web server end receives
After being asked to user, service server processing is given, generates business datum.As can be seen here, and traditional client->Web services
Device->The framework of service server is compared, and user's request is tentatively filtered on increased proxy server, alleviates web clothes
The performance pressures of business device and service server.In addition, proxy server can be managed concentratedly multiple as the server of load balancing
The load balance of web server.
In the present invention, acted on behalf of to ensure that user's request can reach service server in time, it is necessary to be lifted as much as possible
The treatment effeciency of server, it is therefore preferred that using Nginx framework establishment proxy servers.Nginx is a lightweight
Server, it can be used as Web server, Reverse Proxy or Email (IMAP/POP3) proxy server.Due to
Nginx is write using C, and whether system resource overhead or CPU service efficiencies are all of a relatively high.It is highly preferred that pass through
Nginx frameworks build the caching of storage verification data on proxy server, and are managed to data cached.Certainly, other
Mode, such as redis or memcache, it can also meet the storage demand of verification data, but need to establish and arrive by Transmission Control Protocol
Redis or memcache connection, and data are transmitted by connecting, consumption resource is relatively more, through practice, in local service
Stored in caching on device and management verification data relative efficacy is preferable.
In a preferred mode, verification data is realized by the first algorithm (lru algorithm) in Nginx servers
Caching and management.LRU (Least Recently Used, at least using algorithm in the recent period) algorithm is according to service efficiency managing internal memory
In data.Current existing plug-in unit lua-nginx-module modules of increasing income realize LRU cache scheme.The module provides one
Set can reclaim the scheme of internal memory automatically, redistribute sluggish internal memory by LRU principles, avoid internal memory from being depleted, will
Internal memory is supplied to most active module to use.But the shared drive of current lua-nginx-module modules only supports set,
Get etc. is operated, and does not have Memory recycle strategy, it is therefore desirable to increases the generation of Memory recycle on the basis of lua-nginx-module
Code, periodically by without using internal memory destroy.The data structure of verification data refers to Fig. 4 on Nginx servers.
In Fig. 4, each node data includes data data, prev pointer, pnext pointers, and each data please for user
The map asked, the verification datas such as User IP, UserAgent and the cookie of each user's request are stored, and pass through pointer pnext
Next map is pointed to, pointer prev points to a upper map, while stores the access times of verification data.Verification data is according to making
It is ranked up with number, when map reaches maximum, it is possible to one map is deleted from the afterbody of chained list, increases new map.
Lua-nginx-module modules are realized after above-mentioned map algorithms, it is necessary to recompilate lua-nginx-module.Such a mode can
To ensure that some map data being of little use are replaced, so Buffer Utilization can be higher.Certainly, above-mentioned verification data
Caching method is an exemplary illustration, and one of ordinary skill in the art also can realize data by other cache algorithms
Caching.
Fig. 5 is the building-block of logic of proxy server according to embodiments of the present invention, including:Interception unit 401, parsing are single
Member 402, determining unit 403 and transmitting element 404.
Interception unit 401 receives user's request of multiple users' transmissions from client.User's request includes a variety of shapes
Formula, for example, HTTP request or FTP requests.
Resolution unit 402 parses verification data in being asked from user be that follow-up data check is prepared.If HTTP
Request, then the information such as UserAgent, cookie are obtained directly from the information header of HTTP request.
Determining unit 403 determines which user's request is legitimate request and illegal request according to verification data.The side of determination
Formula and same as before, is not just being repeated here.
Transmitting element 404 sends legitimate request to web server after being filtered during illegal request is asked from user.Web takes
Operation system is transferred to carry out business processing after business device processing.
In a preferred embodiment, determining unit 403 comprises the following steps:
The history verification data is retrieved by user agent, if user's generation in the history inspection data be present
Reason, then user's request is the legitimate request;
The history verification data is retrieved by user agent, if user's generation in the history inspection data be present
Reason, then user's request is the legitimate request;
The history verification data is retrieved by the User IP, if recorded at the appointed time in history verification data
User request in section is no more than first threshold, then user's request is legitimate request;
If the cookie is legal, user's request is the legitimate request;
The history verification data is retrieved by the User IP and the user cookie, if in history verification data
The request number of times of record is no more than Second Threshold, then user's request is the legitimate request.
In a preferred embodiment, proxy server also includes:Authentication unit, for providing a user verification page verification
Whether the identifying code of input is illegal request to determine user's request.
In a preferred embodiment, proxy server also includes:Buffer unit, for caching verification data.
In a preferred embodiment, proxy server also includes:Unit is deleted, for according to predetermined policy deleting history school
Test data.Here predetermined policy is LRU policy as described above, and the earliest verification data of usage time is deleted, certainly,
Other strategies can be used, for example, being ranked up according to service efficiency, rarely needed caching is deleted.
The filtration system for user's request that the present invention is built, data check and filtering are carried out by proxy server, and will
User's request after filtering is sent to web server, and so as to mitigate the performance pressures of web server, it is whole to be advantageous to lifting system
The efficiency of body.Further, verification data, and the history check number for comparing can be extracted from the information header of HTTP request
According to also being stored in the caching of proxy server, therefore comparison efficiency is higher, and the checking treatment on proxy server will not be sexual
Energy bottleneck, meets the needs of business real-time.
The modules or unit of system can be realized by hardware, firmware or software.Software for example including using JAVA,
The coded program that the various programming languages such as C/C++/C#, SQL are formed.Although provided in method and method legend of the invention real
The step of applying and the order of step, but the step realize as defined in the executable instruction of logic function can group again
Close, so as to generate new step.The order of the step also should not be restricted solely in methods described and method legend
Sequence of steps, it can need to be adjusted at any time according to function.Such as by some steps therein parallel or according to opposite suitable
Sequence performs.
System and a method according to the invention can be deployed on single or multiple servers.For example, can will be different
Module is disposed on a different server respectively, forms private server.Or can the distributed deployment on multiple servers
Identical functional unit, module or system, to mitigate load pressure.The server includes but is not limited in same LAN
And pass through multiple PCs of Internet connections, PC server, rolling reamer machine, supercomputer etc..
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for those skilled in the art
For, the present invention can have various changes and change.All any modifications made within spirit and principles of the present invention, it is equal
Replace, improve etc., it should be included in the scope of the protection.
Claims (12)
1. a kind of filter method of user's request, comprises the following steps:
Intercept the user request for being sent to web server;
Verification data is obtained in being asked from the user;
The verification data and history verification data are compared, it is determined whether be legitimate request;And
The legitimate request is distributed to the web server, wherein, the filter method performs in proxy server.
2. filter method according to claim 1, wherein, it is described to compare the verification data and history verification data,
Determine whether the combination for including following one or more of verification modes for legitimate request:
The history verification data is retrieved by user agent, if the user agent be present in the history inspection data,
Then user's request is the legitimate request;
The history verification data is retrieved by the User IP, if recorded at the appointed time in the history verification data
User request in section is no more than first threshold, then user's request is the legitimate request;
If the cookie is legal, user's request is the legitimate request;And
The history verification data is retrieved by the User IP and the user cookie, if in the history verification data
The request number of times of record is no more than Second Threshold, then user's request is the legitimate request.
3. filter method according to claim 2, in addition to:If user cookie is not present, verification is provided a user
Whether the identifying code of page verification input is the legitimate request to determine user's request.
4. filter method according to claim 1, in addition to:Verification data storage is arrived institute by the proxy server
In the caching for stating proxy server.
5. filter method according to claim 4, in addition to:The proxy server is gone through according to being deleted predetermined policy
History verification data.
6. filter method according to claim 1, wherein, user's request includes HTTP request, described to obtain verification
Data are to obtain the verification data from the header of the HTTP request.
7. filter method according to claim 1, wherein, the proxy server is Nginx servers, the Nginx
Server is stored with the caching of the history verification data using the first algorithm management.
8. a kind of filtration system of user's request, including:
Client, for sending user's request;
WEB server, receive the user and ask to carry out business processing;
Proxy server, including:
Interception unit, the user request of web server is sent to for intercepting;
Resolution unit, for obtaining verification data in being asked from the user;
Determining unit, for by the verification data and the comparison of history verification data, determine in user request it is legal please
Ask;
Transmitting element, for the legitimate request to be sent into the web server.
9. filtration system according to claim 8, wherein the determining unit includes:
The history verification data is retrieved by user agent, if the user agent be present in the history inspection data,
Then user's request is the legitimate request;
The history verification data is retrieved by user agent, if the user agent be present in the history inspection data,
Then user's request is the legitimate request;
The history verification data is retrieved by the User IP, if recorded at the appointed time in the history verification data
User request in section is no more than first threshold, then user's request is the legitimate request;
If the cookie is legal, user's request is the legitimate request;And
The history verification data is retrieved by the User IP and the user cookie, if in the history verification data
The request number of times of record is no more than Second Threshold, then user's request is the legitimate request.
10. filtration system according to claim 9, the proxy server also includes:Authentication unit, for being carried to user
The identifying code inputted is verified for the verification page to determine whether user's request is the legitimate request.
11. filtration system according to claim 8, the proxy server also includes:Buffer unit, it is described for caching
History verification data.
12. filtration system according to claim 8, the proxy server also includes:Unit is deleted, for according to predetermined
Strategy deletes the history verification data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610366126.XA CN107438058A (en) | 2016-05-27 | 2016-05-27 | The filter method and filtration system of user's request |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610366126.XA CN107438058A (en) | 2016-05-27 | 2016-05-27 | The filter method and filtration system of user's request |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107438058A true CN107438058A (en) | 2017-12-05 |
Family
ID=60454542
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610366126.XA Pending CN107438058A (en) | 2016-05-27 | 2016-05-27 | The filter method and filtration system of user's request |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107438058A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108111634A (en) * | 2018-02-28 | 2018-06-01 | 北京焦点新干线信息技术有限公司 | A kind of instant data transmission method and system based on websocket protocol Yu http agreements |
CN108156144A (en) * | 2017-12-18 | 2018-06-12 | 北京信安世纪科技股份有限公司 | A kind of access authentication method and corresponding intrument |
CN109587140A (en) * | 2018-12-06 | 2019-04-05 | 四川长虹电器股份有限公司 | Implementation method based on openresty dynamic password proxy gateway |
CN110619071A (en) * | 2019-08-06 | 2019-12-27 | 微梦创科网络科技(中国)有限公司 | Account access security monitoring and processing method and device |
CN114614996A (en) * | 2022-05-12 | 2022-06-10 | 深圳市华曦达科技股份有限公司 | Terminal request processing method, device and system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101175013A (en) * | 2006-11-03 | 2008-05-07 | 飞塔信息科技(北京)有限公司 | Method, network system and proxy server for preventing denial of service attack |
CN103107948A (en) * | 2011-11-15 | 2013-05-15 | 阿里巴巴集团控股有限公司 | Flow control method and flow control device |
CN103118035A (en) * | 2013-03-07 | 2013-05-22 | 星云融创(北京)信息技术有限公司 | Website access request parameter legal range analysis method and device |
CN103248472A (en) * | 2013-04-16 | 2013-08-14 | 华为技术有限公司 | Operation request processing method and system and attack identification device |
CN103354546A (en) * | 2013-06-25 | 2013-10-16 | 亿赞普(北京)科技有限公司 | Message filtering method and message filtering apparatus |
CN105426415A (en) * | 2015-10-30 | 2016-03-23 | Tcl集团股份有限公司 | Management method, device and system of website access request |
CN105530218A (en) * | 2014-09-28 | 2016-04-27 | 北京奇虎科技有限公司 | Link security detection method and client |
-
2016
- 2016-05-27 CN CN201610366126.XA patent/CN107438058A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101175013A (en) * | 2006-11-03 | 2008-05-07 | 飞塔信息科技(北京)有限公司 | Method, network system and proxy server for preventing denial of service attack |
CN103107948A (en) * | 2011-11-15 | 2013-05-15 | 阿里巴巴集团控股有限公司 | Flow control method and flow control device |
CN103118035A (en) * | 2013-03-07 | 2013-05-22 | 星云融创(北京)信息技术有限公司 | Website access request parameter legal range analysis method and device |
CN103248472A (en) * | 2013-04-16 | 2013-08-14 | 华为技术有限公司 | Operation request processing method and system and attack identification device |
CN103354546A (en) * | 2013-06-25 | 2013-10-16 | 亿赞普(北京)科技有限公司 | Message filtering method and message filtering apparatus |
CN105530218A (en) * | 2014-09-28 | 2016-04-27 | 北京奇虎科技有限公司 | Link security detection method and client |
CN105426415A (en) * | 2015-10-30 | 2016-03-23 | Tcl集团股份有限公司 | Management method, device and system of website access request |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108156144A (en) * | 2017-12-18 | 2018-06-12 | 北京信安世纪科技股份有限公司 | A kind of access authentication method and corresponding intrument |
CN108156144B (en) * | 2017-12-18 | 2021-04-06 | 北京信安世纪科技股份有限公司 | Access authentication method and corresponding device |
CN108111634A (en) * | 2018-02-28 | 2018-06-01 | 北京焦点新干线信息技术有限公司 | A kind of instant data transmission method and system based on websocket protocol Yu http agreements |
CN108111634B (en) * | 2018-02-28 | 2020-11-20 | 北京焦点新干线信息技术有限公司 | Instant data transmission method and system based on websocket protocol and http protocol |
CN109587140A (en) * | 2018-12-06 | 2019-04-05 | 四川长虹电器股份有限公司 | Implementation method based on openresty dynamic password proxy gateway |
CN109587140B (en) * | 2018-12-06 | 2021-11-30 | 四川长虹电器股份有限公司 | Implementation method of dynamic password proxy gateway based on openness |
CN110619071A (en) * | 2019-08-06 | 2019-12-27 | 微梦创科网络科技(中国)有限公司 | Account access security monitoring and processing method and device |
CN114614996A (en) * | 2022-05-12 | 2022-06-10 | 深圳市华曦达科技股份有限公司 | Terminal request processing method, device and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11122067B2 (en) | Methods for detecting and mitigating malicious network behavior and devices thereof | |
CN107438058A (en) | The filter method and filtration system of user's request | |
CN104219316B (en) | A kind of call request processing method and processing device in distributed system | |
US10095993B1 (en) | Methods and apparatus for configuring granularity of key performance indicators provided by a monitored component | |
CN106656959B (en) | Access request regulation and control method and device | |
CN110380986A (en) | Flow limitation method, device, equipment and storage medium based on Zuul | |
US7965637B1 (en) | Network proxy with asymmetric connection connectivity | |
CN103369601B (en) | For cell-phone customer terminal provides the method for large concurrent processing and flow control | |
CN103179132B (en) | A kind of method and device detecting and defend CC attack | |
US11645144B2 (en) | Methods and systems securing an application based on auto-learning and auto-mapping of application services and APIs | |
CN104333567B (en) | It is the web cachings serviced using safety | |
CN108306877A (en) | Verification method, device and the storage medium of subscriber identity information based on NODE JS | |
CN104092756B (en) | A kind of resource dynamic distributing method of the cloud storage system based on DHT mechanism | |
US10097616B2 (en) | Methods for optimizing service of content requests and devices thereof | |
CN108200158B (en) | Request Transmission system, method, apparatus and storage medium | |
US20150040221A1 (en) | Server with mechanism for changing treatment of client connections determined to be related to attacks | |
JP2017509074A (en) | Dynamic cache allocation and network management | |
CN103888539B (en) | Bootstrap technique, device and the P2P caching systems of P2P cachings | |
CN110417729A (en) | A kind of service and application class method and system encrypting flow | |
CN113163406B (en) | Threat detection system for mobile communication system, central device and local device thereof | |
EP3767916B1 (en) | Tls fingerprinting for process identification | |
CN105893413A (en) | Service extension method and extension system for server | |
CN106104550A (en) | Site information extraction element, system, site information extracting method and site information extraction procedure | |
CN104113599B (en) | A kind of caching method, device and proxy server | |
CN104320488A (en) | Proxy server system and proxy service method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171205 |
|
RJ01 | Rejection of invention patent application after publication |