CN112600801A - Flow access control method, equipment and storage medium - Google Patents
Flow access control method, equipment and storage medium Download PDFInfo
- Publication number
- CN112600801A CN112600801A CN202011397762.1A CN202011397762A CN112600801A CN 112600801 A CN112600801 A CN 112600801A CN 202011397762 A CN202011397762 A CN 202011397762A CN 112600801 A CN112600801 A CN 112600801A
- Authority
- CN
- China
- Prior art keywords
- flow
- script file
- access
- current
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a flow access control method, a flow access control device and a flow control rule storage service capable of storing an executable script file are configured through a flow limiting control platform, wherein the script file comprises a flow limiting rule configured by the flow limiting control platform according to actual conditions, and a current limiter can call the latest script file from the flow control rule storage service at any time and control flow according to the flow limiting rule. The invention uses script language to realize flow control, and the script file can be dynamically configured and updated by the flow limiting control platform, so that the flow control of the scene is more accurate; the invention does not need to maintain various fluid controls sdk, and can greatly reduce the pressure of developers.
Description
Technical Field
The present invention relates to the field of traffic access control technologies, and in particular, to a traffic access control method, device, and storage medium.
Background
In the flow access control technology, currently, the early-source software Sentinel of the Alibara is mainly used, and the technical ecology is mainly focused on the Java language ecology. If Sentinel is migrated to a micro service system with a multi-language structure, there are several difficulties to be solved:
firstly, Sentinel needs to be translated into multiple implementation languages, so that the difficulty is great, errors are easy to occur, the maintenance cost is increased, and the pressure of technical developers is increased; secondly, technical service personnel control interface access flow in a mode of introducing sdk packets, once sdk is modified, services need to be packaged, compiled and issued again, communication cost between technical personnel and service personnel is increased, and under the condition that services are not changed, tests still need to be issued, so that inconvenience is brought, and errors are easily introduced.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention provides a flow access control method, flow access control equipment and a storage medium. The flow control can be realized by using the script language, and the script file can be dynamically configured and updated by the flow-limiting control platform, so that the flow control of the scene is more accurate, a plurality of flow controls sdk are not required to be maintained, and the pressure of developers is reduced.
In a first aspect of the present invention, there is provided a flow access control method for a flow restrictor, comprising the steps of:
receiving access flow with an access request, wherein the access flow is sent by a service calling terminal and hijacked and forwarded by a flow agent;
judging whether the access request is available according to a current limiting rule in a current script file, and if the access request is unavailable, returning an unavailable result to the flow agent; if the flow agent is available, returning an available result to the flow agent; the current script file is the latest script file called by the current limiter from a flow control rule storage service, the flow control rule storage service is configured by a current limiting control platform and is used for storing an executable script file configured by the current limiting control platform, and the script file contains corresponding current limiting rules.
According to the embodiment of the invention, at least the following technical effects are achieved:
in the method, the current limiter can call the latest script file from the flow control rule storage service at any time, and flow control is carried out according to the current limiting rule, wherein the flow control rule storage service is configured by the current limiting control platform and is used for storing the executable script file configured by the current limiting control platform according to the actual situation, and the script file contains the current limiting rule configured by the current limiting control platform according to the actual situation. The method uses the script language to realize the flow control, does not need to be translated into various realization languages, reduces the maintenance cost, and can dynamically configure and update the script file by the flow limiting control platform, so that the flow control of the scene is more accurate; the method does not need to maintain various fluid controllers sdk, and can greatly reduce the pressure of developers.
According to some embodiments of the invention, further comprising the step of: and calling the latest script file stored in the flow control rule storage service at regular time, if the latest script file is different from the current script file, taking the latest script file as the current script file of the flow restrictor, and controlling the flow through the flow limit rule in the current script file.
According to some embodiments of the invention, the script file is a Lua script file.
In a second aspect of the present invention, a traffic access control method is provided, which is used for a current-limiting control platform, and includes the following steps:
configuring a flow control rule storage service, wherein the flow control rule storage service is used for storing an executable script file configured by the flow limiting control platform, and the script file comprises a corresponding flow limiting rule; the latest script file in the flow control rule storage service is called by the flow restrictor, and the flow restriction rule in the latest script file is used for flow control by the flow restrictor.
According to the embodiment of the invention, at least the following technical effects are achieved:
in the method, a flow control rule storage service capable of storing executable script files is configured through a flow limiting control platform, wherein the script files contain flow limiting rules configured by the flow limiting control platform according to actual conditions, and a current limiter can call the latest script file from the flow control rule storage service at any time and control flow according to the flow limiting rules. The method uses the script language to realize the flow control, does not need to be translated into various realization languages, reduces the maintenance cost, and can dynamically configure and update the script file by the flow limiting control platform, so that the flow control of the scene is more accurate; the method does not need to maintain various fluid controllers sdk, and can greatly reduce the pressure of developers.
According to some embodiments of the invention, further comprising the step of: and acquiring corresponding current limiting information from the current limiter and displaying the current limiting information.
According to some embodiments of the invention, the script file is a Lua script file.
In a third aspect of the present invention, there is provided a traffic access control method, which is used for a traffic broker, and includes the following steps:
the hijacking service calling end sends access flow with an access request and forwards the access flow to the current limiter;
receiving results returned by the current limiter; the current limiter is used for judging whether the access request is available according to a current limiting rule in the current script file, and if the access request is unavailable, an unavailable result is returned; if the current time is available, returning an available result; the current script file is the latest script file called by the current limiter from a flow control rule storage service, the flow control rule storage service is configured by a current limiting control platform and is used for storing an executable script file configured by the current limiting control platform, and the script file contains corresponding current limiting rules;
if the unavailable result returned by the current limiter is received, returning the unavailable result to the service calling end, and ending the access process; and if an available result returned by the current limiter is received, forwarding the access flow to the multi-tenant management service.
According to the embodiment of the invention, at least the following technical effects are achieved:
in the method, the flow is firstly hijacked by the agent to access the flow and sent to the flow limiter; secondly, a result returned by the current limiter is received, and an unavailable result is returned to the service calling end or access flow is forwarded to the multi-tenant management service according to the returned result; the flow control platform is provided with a flow control rule storage service capable of storing executable script files, the script files comprise flow limiting rules configured by the flow control platform according to actual conditions, and the flow restrictor can call the latest script file from the flow control rule storage service at any time and control flow according to the flow limiting rules. The method uses the script language to realize the flow control, does not need to be translated into various realization languages, reduces the maintenance cost, and can dynamically configure and update the script file by the flow limiting control platform, so that the flow control of the scene is more accurate; the method does not need to maintain various fluid controllers sdk, and can greatly reduce the pressure of developers.
According to some embodiments of the invention, further comprising the step of:
receiving an access result returned by the multi-tenant management service;
sending the access result to the service calling end, and ending the access process
In a fourth aspect of the present invention, there is provided a traffic access control device, including: at least one control processor and a memory for communicative connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform a traffic access control method according to the first aspect of the invention, or to perform a traffic access control method according to the second aspect of the invention, or to perform a traffic access control method according to the third aspect of the invention.
In a fifth aspect of the present invention, there is provided a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the traffic access control method according to the first aspect of the present invention, or perform the traffic access control method according to the second aspect of the present invention, or perform the traffic access control method according to the third aspect of the present invention.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a schematic flow chart of a traffic access control method according to a first embodiment of the present invention;
FIG. 2 is a diagram illustrating several sets of flow restriction rules according to a first embodiment of the present invention;
FIG. 3 is a diagram illustrating state information of several sets of script files according to a first embodiment of the present invention;
fig. 4 is a flowchart illustrating a traffic access control method according to a second embodiment of the present invention;
fig. 5 is a flowchart illustrating a traffic access control method according to a third embodiment of the present invention;
fig. 6 is a flowchart illustrating a traffic access control method according to a third embodiment of the present invention;
fig. 7 is a flowchart illustrating a traffic access control method according to a fourth embodiment of the present invention;
fig. 8 is a schematic diagram of a deployment of SAAS multi-tenant access flow control according to a fourth embodiment of the present invention;
fig. 9 is a schematic structural diagram of a traffic access control device according to a fourth embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
Before describing the embodiments of the present application, the related terms referred to in the present application will be explained.
And the service calling end is a source of the multi-tenant access flow.
The current limiter loads a current limiting rule, records the upper limit of the allowed access times per second of a certain interface in a log printing mode; and recording the number of allowed accesses, the number of denied accesses and other detailed information at the current moment in real time, and calculating whether a certain access is allowed or denied in real time through the information.
And the multi-tenant management service is used for responding to the access flow and feeding back the access result.
And the flow agent is used for accessing the flow of the multi-tenant, intercepting the access flow, forwarding the access flow to the flow restrictor for flow control, sending the access flow to the multi-tenant management service after the flow restrictor passes the access flow, and sending the feedback access result of the multi-tenant management service to the service calling end.
And the flow limiting control platform is used for configuring a flow control rule storage service, configuring a flow limiting rule according to the flow condition in the actual production process, storing the configured flow limiting rule in the flow control rule storage service, and waiting for the call of the flow limiter.
And the flow control rule storage service is configured by the current limiting control platform and is used for storing the current limiting rule configured by the current limiting control platform and waiting for the call of the current limiter.
In order to solve the technical problems described in the background art, the present invention provides the following groups of embodiments:
a first embodiment;
referring to fig. 1, there is provided a traffic access control method for a scenario of SAAS multi-tenant traffic access control, the method including the steps of:
s101, the flow restrictor receives access flow with an access request, the access flow is sent by a service calling end, hijacked by a flow agent and forwarded to the flow restrictor.
In this step, firstly, the service calling end initiates an access request to the multi-tenant management service, the flow proxy hijacks the access flow and forwards the access flow to the current limiter, and the current limiter judges whether to allow the access flow to access or not according to the current limiting rule.
S102, the current limiter judges whether the access request is available according to a current limiting rule in the current script file, and if the access request is unavailable, an unavailable result is returned to the flow proxy; if the flow agent is available, returning an available result to the flow agent; the current script file is the latest script file called by the current limiter from the flow control rule storage service, the flow control rule storage service is configured for the flow limiting control platform and is used for storing executable script files configured for the flow limiting control platform, and the script files contain corresponding flow limiting rules.
In this step, the current limiter judges the access request according to the current limiting rule in the current script file, and returns an unavailable result to the flow proxy if the current limiting rule does not allow the access request to pass; if the current flow limiting rule allows the access request to pass through, an available result is returned to the flow agent.
Referring to fig. 2, several sets of flow limiting rules are shown below:
the first one is: and matching the POST request of the/v 1/ratelimiit/test 2 interface under the http path, wherein the header of the http contains X-H3-Engineer code and the http request with the value of C000157 (tenant number) is matched, and a token bucket algorithm is adopted for limiting the correct matching, and the access frequency is limited to 2 times per second.
A second bar: and matching the HTTP requests of the/v 1/ratelimit/test3 interface under the http path, wherein the header of the http contains X-H3-Engineer code and the value of the HTTP requests needs to be C000175 (tenant number), and if the HTTP requests are matched correctly, limiting the access times to 1 time per second by adopting a sliding window algorithm.
And a third: and matching all the requests of the/v 1/ratelimit interface under the http path, and adopting a token bucket algorithm to limit the access times to 1 time per second if the requests are matched correctly.
In this implementation, the unavailable result is marked on the returned http status code, e.g., the returned 429 status code indicates that the request was denied. If no 429 status code is returned, the request is allowed.
In this embodiment, the traffic broker uses *** open source component isio implementation, and within the isio, it uses Envoy (Envoy is an open source traffic control component and provides plug-in development) component to perform traffic brokering. The following provides a set of examples of the process of hijacking access traffic from the traffic broker to the restrictor until the processing restrictor returns the access result:
(1) the traffic broker hijacks the http request using the envoyFilter (the plug-in is loaded by the Envoy to realize hijacking the access traffic to the restrictor), wherein the EnvoyFilter internally configures the IP address and the port number of the restrictor.
(2) For a hijacked http request, it is forwarded to the restrictor.
(3) And obtaining a result returned by the current limiter, if the returned result is equal to 429, indicating that the request is rejected, directly returning 429 an error code to the service calling terminal, and not sending the request to the multi-tenant management service, otherwise, allowing the request, and enabling the access flow to enter the multi-tenant management service.
In this embodiment, the current script file in the current limiter is the latest script file stored in the called flow control rule storage service, and the current script file includes the corresponding current limiting rule. The flow control platform configures a flow control rule storage service first, and the flow control rule storage service is used for storing executable script files. As an optional implementation manner, the flow-limiting control platform converts a flow-limiting rule pre-configured according to an actual flow situation into a script file with a corresponding script language through a Freemarker, then stores the converted script file in a flow-control rule storage service, and waits for the invocation of a flow limiter; wherein freemaker is a tool that is based on template files and current limiting rules and used to generate output text (HTML, email, configuration files, source code, etc.). The current limiter calls the latest script file stored by the flow control rule storage service, and then the current limiting rule in the script file is used as the current limiting rule of the current limiter based on the language interpreter of the current limiter, so that the current flow control is realized.
In the method, a flow control platform first configures a flow control rule storage service capable of storing an executable script file, where the script file includes a flow limit rule configured by the flow control platform according to an actual situation, and a flow restrictor can call a latest script file from the flow control rule storage service at any time and perform flow control according to the flow limit rule. The method uses the script language to realize the flow control, does not need to be translated into various realization languages, reduces the maintenance cost, and can dynamically configure and update the script file by the flow limiting control platform, so that the flow control of the scene is more accurate; the method does not need to maintain various fluid controllers sdk, and can greatly reduce the pressure of developers.
It should be noted that, in the present embodiment and the subsequent embodiments, a scenario of SAAS multi-tenant traffic access control is taken as an example, but the method of the present embodiment is not only applicable to SAAS multi-tenant flow control management, but also applicable to flow control management of general services. Therefore, taking the scenario of SAAS multi-tenant traffic access control as an example, the scope of protection of the present application cannot be limited.
As an optional implementation, the method further comprises the following steps:
and the current limiter periodically calls the latest script file stored in the flow control rule storage service, and if the latest script file is different from the current script file, the latest script file is used as the current script file of the current limiter, and flow control is performed through the flow limiting rule in the current script file.
In this embodiment, the current limiter is a latest script file stored in the flow control rule storage service by timing calling, and a specific time is not set here and can be selected according to actual conditions. Referring to fig. 3, in this embodiment, each script file has a corresponding version number as an identification, and the current limiter locally records the version number of the current script file. The current limiter can compare the current script file with the latest version number of the script file in the called flow control rule storage service, and when the two version numbers are consistent, the current limiter does not need to be replaced; and when the two version numbers are not consistent, the current limiter takes the current limiting rule in the latest script file stored in the flow control rule storage service as the current limiting rule of the current limiter.
As an alternative embodiment, the script file is a Lua script file. And the current limiting control platform generates a Lua script file by using a preset template file and a corresponding current limiting rule through a Freemarker. Of course, the script file may also be a python script file, etc.
A second embodiment;
referring to fig. 4, a traffic access control method is provided, which is used in a scenario of SAAS multi-tenant traffic access control, and includes the following steps:
s201, configuring a flow control rule storage service by a flow control platform, wherein the flow control rule storage service is used for storing an executable script file configured by the flow control platform, and the script file comprises a corresponding flow control rule; the latest script file in the flow control rule storage service is called by the flow restrictor, and the flow restriction rule in the latest script file is used for flow control by the flow restrictor.
In this step, the flow limiting control platform first configures a flow control rule storage service, then converts the flow limiting rules actively configured according to the actual conditions of the current flow into corresponding executable script files, and stores the executable script files in the flow control rule storage service, and the flow limiter calls the latest script file stored in the flow control rule storage service, and uses the current flow limiting rules in the current script file for flow control by using the latest script file as the current script file.
Since the process of calling the latest script file by the current limiter is described in the first embodiment, it is not described herein.
In the method, a flow control platform first configures a flow control rule storage service capable of storing an executable script file, where the script file includes a flow limit rule configured by the flow control platform according to an actual situation, and a flow restrictor can call a latest script file from the flow control rule storage service at any time and perform flow control according to the flow limit rule. The method uses the script language to realize the flow control, does not need to be translated into various realization languages, reduces the maintenance cost, and can dynamically configure and update the script file by the flow limiting control platform, so that the flow control of the scene is more accurate; the method does not need to maintain various fluid controllers sdk, and can greatly reduce the pressure of developers.
As an optional implementation manner, the method further comprises the step that the current limiting control platform acquires corresponding current limiting information from the current limiter and displays the current limiting information.
Generally, the current limiter records current limiting information such as an upper limit of the number of allowed accesses per second, the number of allowed accesses at the present time, the number of denied accesses, and the like of a certain interface by means of a printed log. In this embodiment, the current limit control platform checks and displays the current limit information of the service through the log system. Therefore, real-time monitoring of service personnel can be facilitated.
As an optional implementation manner, the script file generates a Lua script file for a FreeMarker according to a preset template file and a corresponding current limiting rule. Of course, the script file may also be a python script file, etc.
A third embodiment;
referring to fig. 5, there is provided a traffic access control method for a scenario of SAAS multi-tenant traffic access control, including the following steps:
s301, the flow agent hijacking service calling end sends access flow with an access request, and forwards the access flow to the flow limiter.
S302, the flow agent receives a result returned by the current limiter; the current limiter is used for judging whether the access request is available according to a current limiting rule in the current script file, and if the access request is unavailable, an unavailable result is returned; if the current time is available, returning an available result; the current script file is the latest script file called by the current limiter from the flow control rule storage service, the flow control rule storage service is configured for the flow limiting control platform and is used for storing executable script files configured for the flow limiting control platform, and the script files contain corresponding flow limiting rules.
S303, if an unavailable result returned by the current limiter is received, returning the unavailable result to the service calling end, and ending the access process; and if an available result returned by the current limiter is received, forwarding the access flow to the multi-tenant management service.
The traffic broker uses the Envoy component for traffic brokering, which will not be described in detail here since the first embodiment has been described in detail.
In the method, a flow agent first hijacks access flow to a current limiter; and secondly, receiving a result returned by the current limiter, and selecting to return an unavailable result to the service calling end or forward the access flow to the multi-tenant management service according to the returned result. The flow control platform is provided with a flow control rule storage service capable of storing executable script files, the script files comprise flow limiting rules configured by the flow control platform according to actual conditions, and the flow restrictor can call the latest script file from the flow control rule storage service at any time and control flow according to the flow limiting rules. The method uses the script language to realize the flow control, does not need to be translated into various realization languages, reduces the maintenance cost, and can dynamically configure and update the script file by the flow limiting control platform, so that the flow control of the scene is more accurate; the method does not need to maintain various fluid controllers sdk, and can greatly reduce the pressure of developers.
Referring to fig. 6, as an alternative embodiment, the method further includes the steps of:
s304, the flow agent receives the access result returned by the multi-tenant management service.
S305, the flow agent sends the access result to the service calling end, and the access flow is finished.
A fourth embodiment;
referring to fig. 7 and 8, a traffic access control method is provided, which is used in a scenario of SAAS multi-tenant traffic access control, and includes the steps of:
s401, configuring a flow control rule storage service by the flow control platform, wherein the flow control rule storage service is used for storing an executable Lua script file configured by the flow control platform, and the Lua script file comprises corresponding flow limit rules.
Wherein each Lua script file has a corresponding version number. And the current limiting control platform generates a Lua script file by using a preset template file and a corresponding current limiting rule through a Freemarker.
S402, the service calling terminal sends access flow with the access request.
And S403, hijacking the access flow by the flow agent, and sending the access flow to the flow limiter.
S404, the current limiter judges whether the access request is available according to the current limiting rule in the current script file, if the access request is unavailable, an unavailable result is returned to the flow proxy, and the step S405 is executed; if the access request is available, the available result is returned to the traffic broker, and the process proceeds to step S406.
The current limiter calls the latest script file stored by the flow control rule storage service at regular time, and then the current limiting rule in the script file is used as the current limiting rule of the current limiter for flow control.
In this step, if the access request is not available, then a 429 status code is returned to indicate that the request is denied; if an access request is available, then no 429 status code is returned and the request is allowed. The current limiter regularly calls the latest script file stored in the flow control rule storage service, compares the version number of the current script file with the version number of the latest script file in the called flow control rule storage service, and does not need to be replaced when the two version numbers are consistent; and when the two version numbers are not consistent, the current limiter takes the current limiting rule in the latest script file stored in the flow control rule storage service as the current limiting rule of the current limiter.
And S405, the flow agent returns the unavailable result to the service calling end according to the unavailable result, and the access flow is finished.
S406, the flow agent transmits the access flow to the management server according to the available result.
And S407, the management server returns an access result to the flow agent according to the access request.
S408, the flow agent returns the access result to the service calling end, and the access flow is finished.
The present embodiment has the following advantages:
the method has wide application range, is not only suitable for SAAS multi-tenant flow control management, but also suitable for flow control management of general services.
The method realizes complete separation from the service, and the flow control can be realized without any perception of service personnel, so that the service personnel can have more energy to concentrate on service development.
The flow control is realized by using the Lua script language, the configuration can be dynamically updated, the service is not perceived, and the flow control is more accurate.
And the multiple fluid controls sdk are not required to be maintained, so that the psychological burden of the middle station developer is reduced.
A fifth embodiment;
referring to fig. 9, a traffic access control device is provided, which may be any type of smart terminal, such as a cell phone, a tablet, a personal computer, etc. Specifically, the apparatus includes: one or more control processors and memory, here exemplified by a control processor. The control processor and the memory may be connected by a bus or other means, here exemplified by a connection via a bus.
The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the traffic access control device in the embodiments of the present invention. The control processor implements the traffic access control method of the above method embodiments by running non-transitory software programs, instructions, and modules stored in memory.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the control processor, and these remote memories may be connected to the traffic access control device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory and, when executed by the one or more control processors, perform the traffic access control methods of the first to fourth embodiments described above.
An embodiment of the present invention further provides a computer-readable storage medium, where computer-executable instructions are stored in the computer-readable storage medium, and the computer-executable instructions are executed by one or more control processors to perform the traffic access control methods in the first to fourth embodiments.
Through the above description of the embodiments, those skilled in the art can clearly understand that the embodiments can be implemented by software plus a general hardware platform. Those skilled in the art will appreciate that all or part of the processes in the methods for implementing the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes in the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an illustrative embodiment," "an example," "a specific example," or "some examples" or the like mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
Claims (10)
1. A method for flow access control, for use with a flow restrictor, comprising the steps of:
receiving access flow with an access request, wherein the access flow is sent by a service calling terminal and hijacked and forwarded by a flow agent;
judging whether the access request is available according to a current limiting rule in a current script file, and if the access request is unavailable, returning an unavailable result to the flow agent; if the flow agent is available, returning an available result to the flow agent; the current script file is the latest script file called by the current limiter from a flow control rule storage service, the flow control rule storage service is configured by a current limiting control platform and is used for storing an executable script file configured by the current limiting control platform, and the script file contains corresponding current limiting rules.
2. The traffic access control method according to claim 1, further comprising the steps of: and calling the latest script file stored in the flow control rule storage service at regular time, if the latest script file is different from the current script file, taking the latest script file as the current script file of the flow restrictor, and controlling the flow through the flow limit rule in the current script file.
3. The traffic access control method according to claim 1, wherein the script file is a Lua script file.
4. A flow access control method is used for a flow limiting control platform and comprises the following steps:
configuring a flow control rule storage service, wherein the flow control rule storage service is used for storing an executable script file configured by the flow limiting control platform, and the script file comprises a corresponding flow limiting rule; the latest script file in the flow control rule storage service is called by the flow restrictor, and the flow restriction rule in the latest script file is used for flow control by the flow restrictor.
5. The traffic access control method according to claim 4, further comprising the steps of: and acquiring corresponding current limiting information from the current limiter and displaying the current limiting information.
6. The traffic access control method of claim 4, wherein the script file is a Lua script file.
7. A traffic access control method, for a traffic broker, comprising the steps of:
the hijacking service calling end sends access flow with an access request and forwards the access flow to the current limiter;
receiving results returned by the current limiter; the current limiter is used for judging whether the access request is available according to a current limiting rule in the current script file, and if the access request is unavailable, an unavailable result is returned; if the current time is available, returning an available result; the current script file is the latest script file called by the current limiter from a flow control rule storage service, the flow control rule storage service is configured by a current limiting control platform and is used for storing an executable script file configured by the current limiting control platform, and the script file contains corresponding current limiting rules;
if the unavailable result returned by the current limiter is received, returning the unavailable result to the service calling end, and ending the access process; and if an available result returned by the current limiter is received, forwarding the access flow to the multi-tenant management service.
8. The traffic access control method according to claim 7, further comprising the steps of:
receiving an access result returned by the multi-tenant management service;
and sending the access result to the service calling end, and ending the access process.
9. A traffic access control device, comprising: at least one control processor and a memory for communicative connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform the traffic access control method of any of claims 1 to 3, or to perform the traffic access control method of any of claims 4 to 6, or to perform the traffic access control method of any of claims 7 to 8.
10. A computer-readable storage medium storing computer-executable instructions for causing a computer to perform the traffic access control method according to any one of claims 1 to 3, or to perform the traffic access control method according to any one of claims 4 to 6, or to perform the traffic access control method according to any one of claims 7 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011397762.1A CN112600801A (en) | 2020-12-03 | 2020-12-03 | Flow access control method, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011397762.1A CN112600801A (en) | 2020-12-03 | 2020-12-03 | Flow access control method, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112600801A true CN112600801A (en) | 2021-04-02 |
Family
ID=75188105
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011397762.1A Pending CN112600801A (en) | 2020-12-03 | 2020-12-03 | Flow access control method, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112600801A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113220482A (en) * | 2021-04-30 | 2021-08-06 | 北京达佳互联信息技术有限公司 | Call request processing method and device, electronic equipment and storage medium |
| CN114244624A (en) * | 2021-12-31 | 2022-03-25 | 北京市商汤科技开发有限公司 | Flow control method and device, equipment and storage medium |
| CN114553784A (en) * | 2022-01-25 | 2022-05-27 | 阿里巴巴(中国)有限公司 | Current limiting processing method and device |
| CN115190177A (en) * | 2022-07-29 | 2022-10-14 | 中国工商银行股份有限公司 | Request processing method, apparatus, computer device, storage medium, and program product |
| CN117556452A (en) * | 2024-01-10 | 2024-02-13 | 支付宝(杭州)信息技术有限公司 | Access control method for database and related equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150142948A1 (en) * | 2013-11-15 | 2015-05-21 | F5 Networks, Inc. | Extending policy rulesets with scripting |
| CN110300124A (en) * | 2019-02-02 | 2019-10-01 | 奇安信科技集团股份有限公司 | Access control method, system, electronic device and readable medium |
| CN110413416A (en) * | 2019-07-31 | 2019-11-05 | 中国工商银行股份有限公司 | A kind of current-limiting method and device of distributed server |
| CN110545269A (en) * | 2019-08-22 | 2019-12-06 | 西安四叶草信息技术有限公司 | Access control method, device and storage medium |
| CN111510478A (en) * | 2020-04-07 | 2020-08-07 | 支付宝(杭州)信息技术有限公司 | Request processing method, device and system and electronic equipment |
-
2020
- 2020-12-03 CN CN202011397762.1A patent/CN112600801A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150142948A1 (en) * | 2013-11-15 | 2015-05-21 | F5 Networks, Inc. | Extending policy rulesets with scripting |
| CN110300124A (en) * | 2019-02-02 | 2019-10-01 | 奇安信科技集团股份有限公司 | Access control method, system, electronic device and readable medium |
| CN110413416A (en) * | 2019-07-31 | 2019-11-05 | 中国工商银行股份有限公司 | A kind of current-limiting method and device of distributed server |
| CN110545269A (en) * | 2019-08-22 | 2019-12-06 | 西安四叶草信息技术有限公司 | Access control method, device and storage medium |
| CN111510478A (en) * | 2020-04-07 | 2020-08-07 | 支付宝(杭州)信息技术有限公司 | Request processing method, device and system and electronic equipment |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113220482A (en) * | 2021-04-30 | 2021-08-06 | 北京达佳互联信息技术有限公司 | Call request processing method and device, electronic equipment and storage medium |
| CN114244624A (en) * | 2021-12-31 | 2022-03-25 | 北京市商汤科技开发有限公司 | Flow control method and device, equipment and storage medium |
| CN114553784A (en) * | 2022-01-25 | 2022-05-27 | 阿里巴巴(中国)有限公司 | Current limiting processing method and device |
| CN115190177A (en) * | 2022-07-29 | 2022-10-14 | 中国工商银行股份有限公司 | Request processing method, apparatus, computer device, storage medium, and program product |
| CN115190177B (en) * | 2022-07-29 | 2024-06-04 | 中国工商银行股份有限公司 | Request processing method, apparatus, computer device, storage medium, and program product |
| CN117556452A (en) * | 2024-01-10 | 2024-02-13 | 支付宝(杭州)信息技术有限公司 | Access control method for database and related equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112600801A (en) | Flow access control method, equipment and storage medium | |
| CN108200146B (en) | Method for realizing lightweight microservice architecture | |
| CN111935276B (en) | Remote host access method, device and equipment | |
| EP3782061B1 (en) | System and method to securely execute datacenter management operations remotely | |
| EP4343585A1 (en) | Resource acquisition method and system, webvpn proxy server and server | |
| US20150237027A1 (en) | Apparatus, method and system for context-aware security control in cloud environment | |
| CN112910692A (en) | Method, system and medium for controlling service grid flow based on micro service gateway | |
| CN112565439B (en) | Internet of things communication method and system | |
| CN103514395B (en) | Plug-in right control method and system | |
| CN107635010A (en) | Traffic scheduling method, device, computer-readable recording medium and electronic equipment | |
| CN110677336A (en) | Station opening method and device, computer equipment and storage medium | |
| CN113132293B (en) | Attack detection method and device and public honeypot system | |
| CN110995829B (en) | Instance calling method and device and computer storage medium | |
| CN112269622B (en) | Page management method, device, equipment and medium | |
| CN112799970B (en) | Test data processing method, device, electronic equipment and medium | |
| CN110381149A (en) | Data distributing method, device and method of data synchronization, device | |
| EP2385726A1 (en) | Apparatus and method for controlling amount of concurrent calls | |
| US7536280B2 (en) | Multisided synchronization of execution in a wireless test environment | |
| CN106961529B (en) | Work order processing method and communication service equipment | |
| US11804986B2 (en) | Method for the remote management of a device connected to a residential gateway | |
| CN106230878A (en) | A kind of equipment service calling method based on AllJoyn framework and device | |
| CN113746851A (en) | Agent system and method for supporting real-time analysis of GRPC request | |
| EP4300306A1 (en) | Streaming media processing method and apparatus based on inference service and electronic device | |
| CN115103423B (en) | Service information determining method, device, electronic equipment and storage medium | |
| CN117155890B (en) | Method and device for processing applet message and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210402 |
|
| RJ01 | Rejection of invention patent application after publication |