CN107438058A - The filter method and filtration system of user's request - Google Patents

The filter method and filtration system of user's request Download PDF

Info

Publication number
CN107438058A
CN107438058A CN201610366126.XA CN201610366126A CN107438058A CN 107438058 A CN107438058 A CN 107438058A CN 201610366126 A CN201610366126 A CN 201610366126A CN 107438058 A CN107438058 A CN 107438058A
Authority
CN
China
Prior art keywords
user
request
verification data
history
legitimate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610366126.XA
Other languages
Chinese (zh)
Inventor
付煜昆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Jingdong Shangke Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Jingdong Shangke Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN201610366126.XA priority Critical patent/CN107438058A/en
Publication of CN107438058A publication Critical patent/CN107438058A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The filter method of user's request provided by the invention, verification data is obtained in being asked from user, and history verification data compares, and determines whether illegal user's request, and filter out illegal user's request, legal user's request is sent to web server after illegal request is filtered out.Filter method provided by the invention masks part subscriber requests, and all steps of this method perform on proxy server, helps to mitigate the performance pressures of follow-up web server and operation system.

Description

The filter method and filtration system of user's request
Technical field
The present invention relates to internet arena, and in particular to a kind of filter method and filtration system.
Background technology
Internet technology development is more and more faster, and network security technology there has also been good precipitation, and the anti-brush of operation layer is (i.e. logical Cross the account of user, the operating process path of user, the visitation frequency of user, and other combine business characteristic, pass through business The operation of anti-brush that data are done) there has also been bypass well (by non-main line flow reported data) solution.The solution Dependent on sophisticated service data, but if the fewer situation of the business datum that can be reported, only some are simple HTTP headers, anti-brush is realized can be relatively difficult, and input and output are not high.
The content of the invention
In view of this, the present invention provides a kind of filter method and filtration system of user's request, to solve the above problems.
According to the first aspect of the invention, the present invention provides a kind of filter method of user's request, comprises the following steps:Block Cut the user request for being sent to web server;Verification data is obtained in being asked from the user;By the verification data and History verification data compares, it is determined whether is legitimate request;And the legitimate request is distributed to the web server, its In, the filter method performs in proxy server.
Preferably, it is described to compare the verification data and history verification data, it is determined whether for legitimate request include with The combination of lower one or more of verification modes:The history verification data is retrieved by user agent, if the history is examined The user agent in data be present, then user's request is the legitimate request;By being gone through described in User IP retrieval History verification data, if the user request at the appointed time in section recorded in the history verification data is no more than first Threshold value, then user's request is the legitimate request;If the cookie is legal, user's request is described legal Request;And the history verification data is retrieved by the User IP and the user cookie, if the history verifies The request number of times recorded in data is no more than Second Threshold, then user's request is the legitimate request.
Preferably, in addition to:If user cookie is not present, the identifying code of verification page verification input is provided a user To determine whether user's request is the legitimate request.
Preferably, in addition to:The proxy server arrives the verification data storage caching of the proxy server In.
Preferably, in addition to:The proxy server deletes the history verification data according to predetermined policy.
Preferably, user's request includes HTTP request, and the verification data that obtains is the head from the HTTP request Verification data described in acquisition of information.
Preferably, the proxy server is Nginx servers, and the Nginx servers are deposited using the first algorithm management Contain the caching of the history verification data.
According to the second aspect of the invention, the present invention provides a kind of filtration system of user's request, including:Client, use Asked in sending the user;WEB server, receive the user and ask to carry out business processing;Proxy server, including:Block Unit is cut, the user request of web server is sent to for intercepting;Resolution unit, for being obtained in being asked from the user Take verification data;Determining unit, for the verification data and history verification data to be compared, determine in user's request Legitimate request;Transmitting element, for the legitimate request to be sent into the web server.
Preferably, wherein the determining unit includes:The history verification data is retrieved by user agent, if described The user agent in history inspection data be present, then user's request is the legitimate request;
The history verification data is retrieved by user agent, if user's generation in the history inspection data be present Reason, then user's request is the legitimate request;
The history verification data is retrieved by the User IP, if what is recorded in the history verification data is specifying User request in period is no more than first threshold, then user's request is the legitimate request;
If the cookie is legal, user's request is the legitimate request;And by the User IP and The user cookie retrieves the history verification data, if the request number of times recorded in the history verification data is no more than Second Threshold, then user's request is the legitimate request.
Preferably, the proxy server also includes:Authentication unit, for providing a user verification page verification input Whether identifying code is the legitimate request to determine user's request.
Preferably, the proxy server also includes:Buffer unit, for caching the history verification data.
Preferably, the proxy server also includes:Unit is deleted, is verified for deleting the history according to predetermined policy Data.
The filter method of user's request provided by the invention, verification data, and history check number are obtained in being asked from user According to comparison, illegal user's request is determined whether, and illegal user's request is filtered out, will be closed after illegal request is filtered User's request of method is sent to web server.Filter method provided by the invention masks part subscriber requests, and this method All steps perform on proxy server, help to mitigate the performance pressures of follow-up web server and operation system.This Filtration system corresponding to invention while offer.
Brief description of the drawings
By referring to description of the following drawings to the embodiment of the present invention, above-mentioned and other purpose of the invention, feature and Advantage will be apparent from, in the accompanying drawings:
Fig. 1 is the flow chart of the filter method of user's request according to embodiments of the present invention;
Fig. 2 is the flow chart of the determination method of illegal request according to embodiments of the present invention;
Fig. 3 is the structure chart of filtration system according to embodiments of the present invention;
Fig. 4 is the schematic diagram of verification data storage according to embodiments of the present invention;
Fig. 5 is the building-block of logic of proxy server according to embodiments of the present invention.
Embodiment
Below based on embodiment, present invention is described, but the present invention is not restricted to these embodiments.Under It is detailed to describe some specific detail sections in the literary detailed description to the present invention.Do not have for a person skilled in the art The description of these detail sections can also understand the present invention completely.In order to avoid obscuring the essence of the present invention, known method, mistake Journey, flow do not describe in detail.What other accompanying drawing was not necessarily drawn to scale.
Flow chart, block diagram in accompanying drawing illustrate the possible system frame of the system of the embodiment of the present invention, method, apparatus Frame, function and operation, the square frame on flow chart and block diagram can represent a module, program segment or only one section of code, institute It is all the executable instruction for realizing regulation logic function to state module, program segment and code.It should also be noted that described realize rule Determining the executable instruction of logic function can reconfigure, so as to generate new module and program segment.Therefore accompanying drawing square frame with And square frame order is used only to the process and step of preferably diagram embodiment, without should be in this, as the limit to invention itself System.
Fig. 1 is the flow chart of the filter method of user's request according to embodiments of the present invention.The filter method includes step Rapid 101- steps 105.
In a step 101, the user's request for being sent to web server is intercepted.
In a step 102, verification data is obtained in being asked from user.
In a step 102, verification data and history verification data are compared, determines legitimate request in user's request and non- Method is asked.
At step 104, illegal request is filtered.
In step 105, legitimate request is sent to web server.
The step of Fig. 1 filter method, performs in proxy server, is obtained by proxy server and is sent to web services User's request of device, extracts verification data, according to history verification data and the verification currently extracted in being asked from each user Comparing, determine whether as illegal request, and legal user's request is sent to web after illegal request is filtered Server.By the filtering function of proxy server, user's request of part is masked, helps to mitigate follow-up web services The performance pressures of device and operation system.
Fig. 2 is the flow chart of the determination method of illegal request according to embodiments of the present invention.Method of calibration described in Fig. 3 is led to Cross tri- UserAgent, User IP, user cookie dimensions and determine whether user's request is illegal request, and it includes step Rapid 201-211.
In step 201, history verification data is retrieved by UserAgent.
In step 202, judge that UserAgent whether there is.
UserAgent (user agent) is a kind of to data packing, creation packets headers, and addressing, the portion for transmitting message Part, it is generally used for stating the HTTP request request header of browser.In this step, check in history verification data whether have phase With UserAgent, be then legitimate request if there is identical UserAgent, if there is no identical UserAgent, Then continue verification request, perform step 203.
In step 203, User IP retrieves the history verification data.
In step 204, the historical requests in specified time section exceed first threshold.
The user for being not determined as illegal request is asked to continue to be judged according to User IP, history is retrieved using the User IP Verification data, judges whether the User IP (such as five minutes) request amount within a period of time exceedes threshold values, if not above if It is considered legitimate request, is then legitimate request, threshold values there are two kinds of possibility if more than, and a kind of is the public affairs that the IP is a region Net outlet, one kind is that the IP is risk IP, then further checking.
In step 205, judge that cookie whether there is.
Cookie is stored in user local terminal for some websites in order to distinguish user identity, carry out session tracking On data (generally going through encryption).If cookie is present, further verified by step 207 and 208, if do not deposited Performing step 206 and requiring that input validation code is verified.
In step 206, judge whether identifying code is correct.
There is provided identifying code input page, it is desirable to user's input validation code, if the identifying code of input is correct, be judged to closing Method is asked, otherwise illegal request.
In step 207, judge whether cookie is legal.
In a step 208, User IP and user cookie retrieval history verification datas.
In step 209, judge whether request number of times exceedes Second Threshold.
If current cookie is legal, and user's request number of times that User IP+cookie is retrieved is not above threshold values, Then think legitimate request, directly let off, if user cookie is illegal or the request number of times of IP+cookie retrieval exceedes Threshold values, then it is illegal request.
In step 210, it is determined that current user's request is legitimate request.
In step 211, it is determined that current user's request is illegal request.
Method of calibration according to Fig. 2, most illegal request is can determine, and due to UserAgent, user IP and cookie are maintained in the information header of HTTP request, therefore need not parse whole html file, you can get foot Enough verification datas are verified, and are verified with respect to business datum, and faster, treatment effeciency is higher for verification speed.Separately Outside, because described method of calibration performs at proxy server end, so as to alleviate follow-up WEB server and business service The pressure of device.
Fig. 3 is the structure chart of filtration system according to embodiments of the present invention.In fig. 2, the filtering being made up of the above method System includes client, proxy server, web server and service server.Client receives user's request, request method bag Include HTTP request, HTTPS request, FTP requests etc..Proxy server end is filtered by user's request.Web server end receives After being asked to user, service server processing is given, generates business datum.As can be seen here, and traditional client->Web services Device->The framework of service server is compared, and user's request is tentatively filtered on increased proxy server, alleviates web clothes The performance pressures of business device and service server.In addition, proxy server can be managed concentratedly multiple as the server of load balancing The load balance of web server.
In the present invention, acted on behalf of to ensure that user's request can reach service server in time, it is necessary to be lifted as much as possible The treatment effeciency of server, it is therefore preferred that using Nginx framework establishment proxy servers.Nginx is a lightweight Server, it can be used as Web server, Reverse Proxy or Email (IMAP/POP3) proxy server.Due to Nginx is write using C, and whether system resource overhead or CPU service efficiencies are all of a relatively high.It is highly preferred that pass through Nginx frameworks build the caching of storage verification data on proxy server, and are managed to data cached.Certainly, other Mode, such as redis or memcache, it can also meet the storage demand of verification data, but need to establish and arrive by Transmission Control Protocol Redis or memcache connection, and data are transmitted by connecting, consumption resource is relatively more, through practice, in local service Stored in caching on device and management verification data relative efficacy is preferable.
In a preferred mode, verification data is realized by the first algorithm (lru algorithm) in Nginx servers Caching and management.LRU (Least Recently Used, at least using algorithm in the recent period) algorithm is according to service efficiency managing internal memory In data.Current existing plug-in unit lua-nginx-module modules of increasing income realize LRU cache scheme.The module provides one Set can reclaim the scheme of internal memory automatically, redistribute sluggish internal memory by LRU principles, avoid internal memory from being depleted, will Internal memory is supplied to most active module to use.But the shared drive of current lua-nginx-module modules only supports set, Get etc. is operated, and does not have Memory recycle strategy, it is therefore desirable to increases the generation of Memory recycle on the basis of lua-nginx-module Code, periodically by without using internal memory destroy.The data structure of verification data refers to Fig. 4 on Nginx servers.
In Fig. 4, each node data includes data data, prev pointer, pnext pointers, and each data please for user The map asked, the verification datas such as User IP, UserAgent and the cookie of each user's request are stored, and pass through pointer pnext Next map is pointed to, pointer prev points to a upper map, while stores the access times of verification data.Verification data is according to making It is ranked up with number, when map reaches maximum, it is possible to one map is deleted from the afterbody of chained list, increases new map. Lua-nginx-module modules are realized after above-mentioned map algorithms, it is necessary to recompilate lua-nginx-module.Such a mode can To ensure that some map data being of little use are replaced, so Buffer Utilization can be higher.Certainly, above-mentioned verification data Caching method is an exemplary illustration, and one of ordinary skill in the art also can realize data by other cache algorithms Caching.
Fig. 5 is the building-block of logic of proxy server according to embodiments of the present invention, including:Interception unit 401, parsing are single Member 402, determining unit 403 and transmitting element 404.
Interception unit 401 receives user's request of multiple users' transmissions from client.User's request includes a variety of shapes Formula, for example, HTTP request or FTP requests.
Resolution unit 402 parses verification data in being asked from user be that follow-up data check is prepared.If HTTP Request, then the information such as UserAgent, cookie are obtained directly from the information header of HTTP request.
Determining unit 403 determines which user's request is legitimate request and illegal request according to verification data.The side of determination Formula and same as before, is not just being repeated here.
Transmitting element 404 sends legitimate request to web server after being filtered during illegal request is asked from user.Web takes Operation system is transferred to carry out business processing after business device processing.
In a preferred embodiment, determining unit 403 comprises the following steps:
The history verification data is retrieved by user agent, if user's generation in the history inspection data be present Reason, then user's request is the legitimate request;
The history verification data is retrieved by user agent, if user's generation in the history inspection data be present Reason, then user's request is the legitimate request;
The history verification data is retrieved by the User IP, if recorded at the appointed time in history verification data User request in section is no more than first threshold, then user's request is legitimate request;
If the cookie is legal, user's request is the legitimate request;
The history verification data is retrieved by the User IP and the user cookie, if in history verification data The request number of times of record is no more than Second Threshold, then user's request is the legitimate request.
In a preferred embodiment, proxy server also includes:Authentication unit, for providing a user verification page verification Whether the identifying code of input is illegal request to determine user's request.
In a preferred embodiment, proxy server also includes:Buffer unit, for caching verification data.
In a preferred embodiment, proxy server also includes:Unit is deleted, for according to predetermined policy deleting history school Test data.Here predetermined policy is LRU policy as described above, and the earliest verification data of usage time is deleted, certainly, Other strategies can be used, for example, being ranked up according to service efficiency, rarely needed caching is deleted.
The filtration system for user's request that the present invention is built, data check and filtering are carried out by proxy server, and will User's request after filtering is sent to web server, and so as to mitigate the performance pressures of web server, it is whole to be advantageous to lifting system The efficiency of body.Further, verification data, and the history check number for comparing can be extracted from the information header of HTTP request According to also being stored in the caching of proxy server, therefore comparison efficiency is higher, and the checking treatment on proxy server will not be sexual Energy bottleneck, meets the needs of business real-time.
The modules or unit of system can be realized by hardware, firmware or software.Software for example including using JAVA, The coded program that the various programming languages such as C/C++/C#, SQL are formed.Although provided in method and method legend of the invention real The step of applying and the order of step, but the step realize as defined in the executable instruction of logic function can group again Close, so as to generate new step.The order of the step also should not be restricted solely in methods described and method legend Sequence of steps, it can need to be adjusted at any time according to function.Such as by some steps therein parallel or according to opposite suitable Sequence performs.
System and a method according to the invention can be deployed on single or multiple servers.For example, can will be different Module is disposed on a different server respectively, forms private server.Or can the distributed deployment on multiple servers Identical functional unit, module or system, to mitigate load pressure.The server includes but is not limited in same LAN And pass through multiple PCs of Internet connections, PC server, rolling reamer machine, supercomputer etc..
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for those skilled in the art For, the present invention can have various changes and change.All any modifications made within spirit and principles of the present invention, it is equal Replace, improve etc., it should be included in the scope of the protection.

Claims (12)

1. a kind of filter method of user's request, comprises the following steps:
Intercept the user request for being sent to web server;
Verification data is obtained in being asked from the user;
The verification data and history verification data are compared, it is determined whether be legitimate request;And
The legitimate request is distributed to the web server, wherein, the filter method performs in proxy server.
2. filter method according to claim 1, wherein, it is described to compare the verification data and history verification data, Determine whether the combination for including following one or more of verification modes for legitimate request:
The history verification data is retrieved by user agent, if the user agent be present in the history inspection data, Then user's request is the legitimate request;
The history verification data is retrieved by the User IP, if recorded at the appointed time in the history verification data User request in section is no more than first threshold, then user's request is the legitimate request;
If the cookie is legal, user's request is the legitimate request;And
The history verification data is retrieved by the User IP and the user cookie, if in the history verification data The request number of times of record is no more than Second Threshold, then user's request is the legitimate request.
3. filter method according to claim 2, in addition to:If user cookie is not present, verification is provided a user Whether the identifying code of page verification input is the legitimate request to determine user's request.
4. filter method according to claim 1, in addition to:Verification data storage is arrived institute by the proxy server In the caching for stating proxy server.
5. filter method according to claim 4, in addition to:The proxy server is gone through according to being deleted predetermined policy History verification data.
6. filter method according to claim 1, wherein, user's request includes HTTP request, described to obtain verification Data are to obtain the verification data from the header of the HTTP request.
7. filter method according to claim 1, wherein, the proxy server is Nginx servers, the Nginx Server is stored with the caching of the history verification data using the first algorithm management.
8. a kind of filtration system of user's request, including:
Client, for sending user's request;
WEB server, receive the user and ask to carry out business processing;
Proxy server, including:
Interception unit, the user request of web server is sent to for intercepting;
Resolution unit, for obtaining verification data in being asked from the user;
Determining unit, for by the verification data and the comparison of history verification data, determine in user request it is legal please Ask;
Transmitting element, for the legitimate request to be sent into the web server.
9. filtration system according to claim 8, wherein the determining unit includes:
The history verification data is retrieved by user agent, if the user agent be present in the history inspection data, Then user's request is the legitimate request;
The history verification data is retrieved by user agent, if the user agent be present in the history inspection data, Then user's request is the legitimate request;
The history verification data is retrieved by the User IP, if recorded at the appointed time in the history verification data User request in section is no more than first threshold, then user's request is the legitimate request;
If the cookie is legal, user's request is the legitimate request;And
The history verification data is retrieved by the User IP and the user cookie, if in the history verification data The request number of times of record is no more than Second Threshold, then user's request is the legitimate request.
10. filtration system according to claim 9, the proxy server also includes:Authentication unit, for being carried to user The identifying code inputted is verified for the verification page to determine whether user's request is the legitimate request.
11. filtration system according to claim 8, the proxy server also includes:Buffer unit, it is described for caching History verification data.
12. filtration system according to claim 8, the proxy server also includes:Unit is deleted, for according to predetermined Strategy deletes the history verification data.
CN201610366126.XA 2016-05-27 2016-05-27 The filter method and filtration system of user's request Pending CN107438058A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610366126.XA CN107438058A (en) 2016-05-27 2016-05-27 The filter method and filtration system of user's request

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610366126.XA CN107438058A (en) 2016-05-27 2016-05-27 The filter method and filtration system of user's request

Publications (1)

Publication Number Publication Date
CN107438058A true CN107438058A (en) 2017-12-05

Family

ID=60454542

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610366126.XA Pending CN107438058A (en) 2016-05-27 2016-05-27 The filter method and filtration system of user's request

Country Status (1)

Country Link
CN (1) CN107438058A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108111634A (en) * 2018-02-28 2018-06-01 北京焦点新干线信息技术有限公司 A kind of instant data transmission method and system based on websocket protocol Yu http agreements
CN108156144A (en) * 2017-12-18 2018-06-12 北京信安世纪科技股份有限公司 A kind of access authentication method and corresponding intrument
CN109587140A (en) * 2018-12-06 2019-04-05 四川长虹电器股份有限公司 Implementation method based on openresty dynamic password proxy gateway
CN110619071A (en) * 2019-08-06 2019-12-27 微梦创科网络科技(中国)有限公司 Account access security monitoring and processing method and device
CN114614996A (en) * 2022-05-12 2022-06-10 深圳市华曦达科技股份有限公司 Terminal request processing method, device and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101175013A (en) * 2006-11-03 2008-05-07 飞塔信息科技(北京)有限公司 Method, network system and proxy server for preventing denial of service attack
CN103107948A (en) * 2011-11-15 2013-05-15 阿里巴巴集团控股有限公司 Flow control method and flow control device
CN103118035A (en) * 2013-03-07 2013-05-22 星云融创(北京)信息技术有限公司 Website access request parameter legal range analysis method and device
CN103248472A (en) * 2013-04-16 2013-08-14 华为技术有限公司 Operation request processing method and system and attack identification device
CN103354546A (en) * 2013-06-25 2013-10-16 亿赞普(北京)科技有限公司 Message filtering method and message filtering apparatus
CN105426415A (en) * 2015-10-30 2016-03-23 Tcl集团股份有限公司 Management method, device and system of website access request
CN105530218A (en) * 2014-09-28 2016-04-27 北京奇虎科技有限公司 Link security detection method and client

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101175013A (en) * 2006-11-03 2008-05-07 飞塔信息科技(北京)有限公司 Method, network system and proxy server for preventing denial of service attack
CN103107948A (en) * 2011-11-15 2013-05-15 阿里巴巴集团控股有限公司 Flow control method and flow control device
CN103118035A (en) * 2013-03-07 2013-05-22 星云融创(北京)信息技术有限公司 Website access request parameter legal range analysis method and device
CN103248472A (en) * 2013-04-16 2013-08-14 华为技术有限公司 Operation request processing method and system and attack identification device
CN103354546A (en) * 2013-06-25 2013-10-16 亿赞普(北京)科技有限公司 Message filtering method and message filtering apparatus
CN105530218A (en) * 2014-09-28 2016-04-27 北京奇虎科技有限公司 Link security detection method and client
CN105426415A (en) * 2015-10-30 2016-03-23 Tcl集团股份有限公司 Management method, device and system of website access request

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156144A (en) * 2017-12-18 2018-06-12 北京信安世纪科技股份有限公司 A kind of access authentication method and corresponding intrument
CN108156144B (en) * 2017-12-18 2021-04-06 北京信安世纪科技股份有限公司 Access authentication method and corresponding device
CN108111634A (en) * 2018-02-28 2018-06-01 北京焦点新干线信息技术有限公司 A kind of instant data transmission method and system based on websocket protocol Yu http agreements
CN108111634B (en) * 2018-02-28 2020-11-20 北京焦点新干线信息技术有限公司 Instant data transmission method and system based on websocket protocol and http protocol
CN109587140A (en) * 2018-12-06 2019-04-05 四川长虹电器股份有限公司 Implementation method based on openresty dynamic password proxy gateway
CN109587140B (en) * 2018-12-06 2021-11-30 四川长虹电器股份有限公司 Implementation method of dynamic password proxy gateway based on openness
CN110619071A (en) * 2019-08-06 2019-12-27 微梦创科网络科技(中国)有限公司 Account access security monitoring and processing method and device
CN114614996A (en) * 2022-05-12 2022-06-10 深圳市华曦达科技股份有限公司 Terminal request processing method, device and system

Similar Documents

Publication Publication Date Title
US11122067B2 (en) Methods for detecting and mitigating malicious network behavior and devices thereof
CN107438058A (en) The filter method and filtration system of user's request
CN104219316B (en) A kind of call request processing method and processing device in distributed system
US10095993B1 (en) Methods and apparatus for configuring granularity of key performance indicators provided by a monitored component
CN106656959B (en) Access request regulation and control method and device
CN110380986A (en) Flow limitation method, device, equipment and storage medium based on Zuul
US7965637B1 (en) Network proxy with asymmetric connection connectivity
CN103369601B (en) For cell-phone customer terminal provides the method for large concurrent processing and flow control
CN103179132B (en) A kind of method and device detecting and defend CC attack
US11645144B2 (en) Methods and systems securing an application based on auto-learning and auto-mapping of application services and APIs
CN104333567B (en) It is the web cachings serviced using safety
CN108306877A (en) Verification method, device and the storage medium of subscriber identity information based on NODE JS
CN104092756B (en) A kind of resource dynamic distributing method of the cloud storage system based on DHT mechanism
US10097616B2 (en) Methods for optimizing service of content requests and devices thereof
CN108200158B (en) Request Transmission system, method, apparatus and storage medium
US20150040221A1 (en) Server with mechanism for changing treatment of client connections determined to be related to attacks
JP2017509074A (en) Dynamic cache allocation and network management
CN103888539B (en) Bootstrap technique, device and the P2P caching systems of P2P cachings
CN110417729A (en) A kind of service and application class method and system encrypting flow
CN113163406B (en) Threat detection system for mobile communication system, central device and local device thereof
EP3767916B1 (en) Tls fingerprinting for process identification
CN105893413A (en) Service extension method and extension system for server
CN106104550A (en) Site information extraction element, system, site information extracting method and site information extraction procedure
CN104113599B (en) A kind of caching method, device and proxy server
CN104320488A (en) Proxy server system and proxy service method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171205

RJ01 Rejection of invention patent application after publication