Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
CN110311907A - A kind of cloud platform instead chain method and apparatus - Google Patents
[go: Go Back, main page]

CN110311907A - A kind of cloud platform instead chain method and apparatus - Google Patents

A kind of cloud platform instead chain method and apparatus Download PDF

Info

Publication number
CN110311907A
CN110311907A CN201910574531.4A CN201910574531A CN110311907A CN 110311907 A CN110311907 A CN 110311907A CN 201910574531 A CN201910574531 A CN 201910574531A CN 110311907 A CN110311907 A CN 110311907A
Authority
CN
China
Prior art keywords
type
page
cloud platform
information
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910574531.4A
Other languages
Chinese (zh)
Inventor
王发鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Wave Intelligent Technology Co Ltd
Original Assignee
Suzhou Wave Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Wave Intelligent Technology Co Ltd filed Critical Suzhou Wave Intelligent Technology Co Ltd
Priority to CN201910574531.4A priority Critical patent/CN110311907A/en
Publication of CN110311907A publication Critical patent/CN110311907A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of cloud platform instead chain method and apparatus, comprising: monitor client and the first kind Http for the first kind page of cloud platform server requested, and from first kind Http request in parse the first identifier information of client;The first kind page of cloud platform server feedback is intercepted, the first information abstract based on first identifier information is added in the Http hyperlink editor of direction the second class page into the first kind page, and sends client for the edited first kind page;It monitors client to request the second class Http for the second class page of cloud platform server, and parses the second identifier information and first information abstract of client from the second class Http request;It determines the second informative abstract based on second identifier information, and mismatches and intercept the second class page of cloud platform server feedback in response to first information abstract and the second informative abstract.The solution of the present invention can perform effectively instead chain protection, reduce server load, promote safety and availability.

Description

一种云平台反倒链方法与装置A method and device for reverse chaining on a cloud platform

技术领域technical field

本发明涉及计算机领域,更具体地,特别是指一种云平台反倒链方法与装置。The present invention relates to the field of computers, and more specifically, to a cloud platform anti-chain method and device.

背景技术Background technique

大量的网站部署到云服务中,网站盗链技术加重云服务器的负载。现有技术中,一个完整的页面并不是一次全部传送到客户端的。如果请求的是一个带有许多图片和其它信息的页面,那么最先的一个Http请求被传送回来的是这个页面的文本,然后通过客户端的浏览器对这段文本的解释执行,发现其中还有图片,客户端的浏览器再发送一条Http请求,当这个请求被处理后那么这个图片文件会被传送到客户端,然后浏览器会将图片安放到页面的正确位置。就这样,一个完整的页面也许要经过发送多条Http请求才能够被完整的显示。盗链问题基于这样的机制产生:一个网站中如果没有页面中所说的前述信息,例如图片信息,那么它完全可以将这个图片连接到其它网站,使用其它网站的资源为其网站提供流量。这样没有任何资源的网站利用其它网站的资源展示给浏览者,提高了自己的流量,而大部分浏览者又不会很容易地发现,这显然对于那个被利用的网站是不公平的。一些不良网站为了不增加成本地扩充内容,经常盗用其他网站的链接。这一方面损害了原网站的合法利益,另一方面又加重了服务器的负担。A large number of websites are deployed to cloud services, and website hotlinking technology increases the load on cloud servers. In the prior art, a complete page is not sent to the client all at once. If the request is for a page with many pictures and other information, the first Http request is sent back the text of this page, and then the client's browser interprets and executes the text, and finds that there are For the image, the client's browser sends another Http request. When the request is processed, the image file will be sent to the client, and the browser will place the image in the correct position on the page. In this way, a complete page may be completely displayed by sending multiple Http requests. The hotlink problem is based on such a mechanism: if a website does not have the aforementioned information mentioned in the page, such as picture information, then it can completely connect this picture to other websites and use the resources of other websites to provide traffic for its website. In this way, a website without any resources uses the resources of other websites to display to viewers, increasing its traffic, but most viewers will not easily find out, which is obviously unfair to the website being used. In order to expand content without increasing costs, some unscrupulous websites often steal links from other websites. On the one hand, this damages the legitimate interests of the original website, and on the other hand, it increases the burden on the server.

现有技术的反倒链实现原理如下:HTTP协议中的表头字段referer采用URL的格式来表示当前的网页或文件的链接来源。换句话说,网站可以通过referer检测访问目标网页的来源网页,或显示资源文件的网页地址。一旦检测到来源不是本站,即可阻止或者返回指定的页面。The implementation principle of the reverse link in the prior art is as follows: the header field referer in the HTTP protocol adopts the URL format to indicate the link source of the current web page or file. In other words, the website can detect the source webpage of the accessed target webpage through the referer, or display the webpage address of the resource file. Once it is detected that the source is not this site, it can block or return to the specified page.

针对检查referer的方式,可以在页面中间件内先进入目的地址的另外一个页面在转到目的页面来破解,这样页面的referer就是资源站点的。这方面可以使用的工具很多,尤其是成熟的web项目测试包,如HtmlUnit,甚至可以直接在请求中自由设置referer。For the method of checking the referer, you can first enter another page of the destination address in the page middleware and then go to the destination page to crack it, so that the referer of the page is the resource site. There are many tools that can be used in this regard, especially mature web project testing packages, such as HtmlUnit, which can even freely set the referer directly in the request.

针对现有技术中referer检测已经无法反倒链的问题,目前尚未有有效的解决方案。There is no effective solution to the problem that the referer detection in the prior art can no longer reverse the link.

发明内容Contents of the invention

有鉴于此,本发明实施例的目的在于提出一种云平台反倒链方法与装置,能够针对云平台中的不同服务器或同一服务器的不同访问者执行反倒链保护,降低服务器负载,提升安全性与可用性。In view of this, the purpose of the embodiment of the present invention is to propose a method and device for reverse chaining on a cloud platform, which can perform reverse chaining protection for different servers in the cloud platform or different visitors of the same server, reduce server load, improve security and availability.

基于上述目的,本发明实施例的第一方面提供了一种云平台反倒链方法,包括将云平台反倒链模块加载到云平台服务器上以执行以下步骤:Based on the above purpose, the first aspect of the embodiment of the present invention provides a cloud platform anti-chain method, including loading the cloud platform anti-chain module on the cloud platform server to perform the following steps:

监听客户端对云平台服务器的针对第一类页面的第一类Http请求,并从第一类Http请求中解析出客户端的第一标识信息;Listening to the first type of Http request from the client to the cloud platform server for the first type of page, and parsing the first identification information of the client from the first type of Http request;

拦截云平台服务器反馈的第一类页面,向第一类页面中的指向第二类页面的Http超链接编辑加入基于第一标识信息的第一信息摘要,并将编辑过的第一类页面发送到客户端;Intercepting the first type of page fed back by the cloud platform server, adding the first information abstract based on the first identification information to the Http hyperlink editing pointing to the second type of page in the first type of page, and sending the edited first type of page to the client;

监听客户端对云平台服务器的针对第二类页面的第二类Http请求,并从第二类Http请求中解析出客户端的第二标识信息和第一信息摘要;Listening to the second type of Http request of the client to the cloud platform server for the second type of page, and parsing the second identification information and the first information summary of the client from the second type of Http request;

确定基于第二标识信息的第二信息摘要,并响应于验证第一信息摘要和第二信息摘要不匹配而拦截云平台服务器反馈的第二类页面。Determining the second information abstract based on the second identification information, and intercepting the second type of page fed back by the cloud platform server in response to verifying that the first information abstract and the second information abstract do not match.

在一些实施方式中,第一类页面包括不需要启用反倒链措施的引导页面;第二类页面包括需要启用反倒链措施的保护页面或保护页面元素。In some implementations, the first type of pages includes guide pages that do not need to enable anti-linkage measures; the second type of pages include protected pages or protected page elements that need to enable anti-linkage measures.

在一些实施方式中,第一标识信息和第二标识信息包括IP地址和预先约定的关键字。In some implementations, the first identification information and the second identification information include an IP address and a pre-agreed keyword.

在一些实施方式中,第一信息摘要和第二信息摘要包括哈希运算消息认证码。In some implementations, the first message digest and the second message digest include a hashed message authentication code.

在一些实施方式中,还包括:在监听客户端对云平台服务器的针对第一类页面的第一类Http请求之前,首先加载存储所有预先约定的关键字的关键字列表。In some embodiments, the method further includes: before listening to the first type of Http request from the client to the cloud platform server for the first type of page, first loading the keyword list storing all pre-agreed keywords.

在一些实施方式中,还包括:在从第二类Http请求中解析出客户端的第二标识信息和第一信息摘要的同时,还解析出客户端的引用来源信息;响应于确定引用来源信息不指向第一类页面或第二类页面而拦截云平台服务器反馈的第二类页面。In some embodiments, it also includes: while parsing out the second identification information of the client and the first information abstract from the second type of Http request, also parsing out the reference source information of the client; in response to determining that the reference source information does not point to The first type of page or the second type of page intercepts the second type of page fed back by the cloud platform server.

在一些实施方式中,第一标识信息和第二标识信息还包括基于时间变化的信息。In some embodiments, the first identification information and the second identification information further include time-based information.

在一些实施方式中,第二类页面包括预定在不同时间获取的多个分片数据;还包括:响应于在不同时间针对不同分片数据的数据请求而根据数据请求和基于基于时间变化的信息的信息摘要来确定是否拦截多个分片数据。In some implementations, the second type of page includes a plurality of pieces of data that are scheduled to be acquired at different times; it also includes: responding to data requests for different pieces of data at different times, according to the data request and based on time-based information information summary to determine whether to intercept multiple shard data.

本发明实施例的第二方面提供了一种云平台反倒链装置,设置在云平台服务器和客户端之间的连接上,包括:The second aspect of the embodiment of the present invention provides a cloud platform anti-chain device, which is set on the connection between the cloud platform server and the client, including:

第一采集模块,用于监听客户端对云平台服务器的针对第一类页面的第一类Http请求,并从第一类Http请求中解析出客户端的第一标识信息;The first collection module is used to listen to the first type of Http request of the client to the cloud platform server for the first type of page, and parse out the first identification information of the client from the first type of Http request;

挑战模块,用于拦截云平台服务器反馈的第一类页面,向第一类页面中的指向第二类页面的Http超链接编辑加入基于第一标识信息的第一信息摘要,并将编辑过的第一类页面发送到客户端;The challenge module is used to intercept the first type of page fed back by the cloud platform server, edit the Http hyperlinks pointing to the second type of page in the first type of page, add the first information summary based on the first identification information, and edit the The first type of page is sent to the client;

第二采集模块,用于监听客户端对云平台服务器的针对第二类页面的第二类Http请求,并从第二类Http请求中解析出客户端的第二标识信息和第一信息摘要;The second acquisition module is used to listen to the second type of Http request of the client to the cloud platform server for the second type of page, and parse out the second identification information and the first information summary of the client from the second type of Http request;

验证模块,用于确定基于第二标识信息的第二信息摘要,并响应于第一信息摘要和第二信息摘要不匹配而拦截云平台服务器反馈的第二类页面。The verification module is configured to determine the second information abstract based on the second identification information, and intercept the second type of page fed back by the cloud platform server in response to the mismatch between the first information abstract and the second information abstract.

本发明实施例的第三方面提供了一种云计算管理平台,包括:A third aspect of the embodiments of the present invention provides a cloud computing management platform, including:

云平台服务器;Cloud platform server;

处理器;和processor; and

存储器,存储有处理器可运行的程序代码,程序代码在被运行时执上述的云平台反倒链方法。The memory stores the program code executable by the processor, and when the program code is executed, the above-mentioned reverse chaining method of the cloud platform is executed.

本发明具有以下有益技术效果:本发明实施例提供的云平台反倒链方法与装置,通过从第一类Http请求中解析出客户端的第一标识信息,向第一类页面中的指向第二类页面的Http超链接编辑加入基于第一标识信息的第一信息摘要,从第二类Http请求中解析出客户端的第二标识信息和第一信息摘要,响应于第一信息摘要和第二信息摘要不匹配而拦截云平台服务器反馈的第二类页面的技术方案,能够针对云平台中的不同服务器或同一服务器的不同访问者执行反倒链保护,降低服务器负载,提升安全性与可用性。The present invention has the following beneficial technical effects: the cloud platform anti-link method and device provided by the embodiment of the present invention, by parsing the first identification information of the client from the first type of Http request, to the second type in the first type of page The Http hyperlink editing of the page adds the first information abstract based on the first identification information, parses the second identification information and the first information abstract of the client from the second type of Http request, and responds to the first information abstract and the second information abstract The technical solution of intercepting the second type of pages fed back by the cloud platform server without matching can perform anti-link protection for different servers in the cloud platform or different visitors of the same server, reduce server load, and improve security and availability.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本发明提供的云平台反倒链方法的流程示意图;Fig. 1 is a schematic flow chart of the cloud platform reverse chain method provided by the present invention;

图2为本发明提供的云平台反倒链方法的实施例的详细流程示意图。Fig. 2 is a detailed flow diagram of an embodiment of the cloud platform anti-chain method provided by the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本发明实施例进一步详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the embodiments of the present invention will be further described in detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

需要说明的是,本发明实施例中所有使用“第一”和“第二”的表述均是为了区分两个相同名称非相同的实体或者非相同的参量,可见“第一”“第二”仅为了表述的方便,不应理解为对本发明实施例的限定,后续实施例对此不再一一说明。It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are to distinguish two entities with the same name but different parameters or parameters that are not the same, see "first" and "second" It is only for the convenience of expression, and should not be construed as a limitation on the embodiments of the present invention, which will not be described one by one in the subsequent embodiments.

基于上述目的,本发明实施例的第一个方面,提出了一种针对云平台中的不同服务器或同一服务器的不同访问者执行反倒链保护的方法的一个实施例。图1示出的是本发明提供的云平台反倒链方法的流程示意图。Based on the above purpose, the first aspect of the embodiments of the present invention proposes an embodiment of a method for performing reverse link protection for different servers in the cloud platform or different visitors of the same server. Fig. 1 shows a schematic flow chart of the cloud platform anti-chain method provided by the present invention.

所述云平台反倒链方法,如图1所示包括将云平台反倒链模块加载到云平台服务器上以执行以下步骤:Described cloud platform reverse chain method, as shown in Figure 1, comprises that cloud platform reverse chain module is loaded on the cloud platform server to perform the following steps:

步骤S101:监听客户端对云平台服务器的针对第一类页面的第一类Http请求,并从第一类Http请求中解析出客户端的第一标识信息;Step S101: Listening to the first type of Http request from the client to the cloud platform server for the first type of page, and parsing the first identification information of the client from the first type of Http request;

步骤S103:拦截云平台服务器反馈的第一类页面,向第一类页面中的指向第二类页面的Http超链接编辑加入基于第一标识信息的第一信息摘要,并将编辑过的第一类页面发送到客户端;Step S103: Intercept the first type of page fed back by the cloud platform server, edit and add the first information abstract based on the first identification information to the Http hyperlink pointing to the second type of page in the first type of page, and edit the first The class page is sent to the client;

步骤S105:监听客户端对云平台服务器的针对第二类页面的第二类Http请求,并从第二类Http请求中解析出客户端的第二标识信息和第一信息摘要;Step S105: Listening to the second type of Http request from the client to the cloud platform server for the second type of page, and parsing the second identification information and the first information summary of the client from the second type of Http request;

步骤S107:确定基于第二标识信息的第二信息摘要,并响应于第一信息摘要和第二信息摘要不匹配而拦截云平台服务器反馈的第二类页面。Step S107: Determine the second information abstract based on the second identification information, and intercept the second type of page fed back by the cloud platform server in response to the mismatch between the first information abstract and the second information abstract.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(ROM)或随机存储记忆体(RAM)等。所述计算机程序的实施例,可以达到与之对应的前述任意方法实施例相同或者相类似的效果。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct relevant hardware to complete. The program can be stored in a computer-readable storage medium, and the program can be executed when , may include the flow of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM) or a random access memory (RAM) and the like. The computer program embodiments can achieve the same or similar effects as any of the corresponding foregoing method embodiments.

如图2所示,本发明以模块形式安装到网站服务器端,读入配置的关键字列表,当用户请求到包含超链接等内容的页面时,专利模块会对该页面的超链接后面加上形如hmac=2FAB3C4E5242的字段,字段内容是根据提前设置好的关键字和客户端ip加密获得的。当用户点击超链接进行访问时,在服务端会解析这个链接是否带有hmac字段,并对关键字和ip进行加密,对比hmac加密的内容,如果相等则允许访问,否则拒绝。As shown in Figure 2, the present invention is installed on the server side of the website in the form of a module, and the configured keyword list is read in. When a user requests a page containing hyperlinks and other content, the patent module will add A field in the form of hmac=2FAB3C4E5242, the content of the field is encrypted according to the keywords set in advance and the client ip. When the user clicks a hyperlink to access, the server will analyze whether the link has an hmac field, and encrypt the keyword and ip, compare the encrypted content of hmac, if they are equal, the access is allowed, otherwise it is rejected.

在一些实施方式中,第一类页面包括不需要启用反倒链措施的引导页面;第二类页面包括需要启用反倒链措施的保护页面或保护页面元素。In some implementations, the first type of pages includes guide pages that do not need to enable anti-linkage measures; the second type of pages include protected pages or protected page elements that need to enable anti-linkage measures.

显然客户端的信息不可能天生地就被服务器知晓,因此需要有不需要启用反倒链措施的页面作为访问需要保护页面的引导。另一方面,也的确不是每一个页面都需要反倒链措施的保护,如主页,通常来说倒链主页是没有任何意义的。Obviously, the client's information cannot be inherently known by the server, so it is necessary to have pages that do not need anti-backlink measures as a guide for accessing pages that need to be protected. On the other hand, it is true that not every page needs the protection of anti-backlink measures, such as the homepage. Generally speaking, backlink homepage is meaningless.

在一些实施方式中,第一标识信息和第二标识信息包括IP地址和预先约定的关键字。In some implementations, the first identification information and the second identification information include an IP address and a pre-agreed keyword.

IP地址用于确定访问第一类页面和第二类页面的是否是同一客户端。倒链者盗取第二类页面使用的IP显然与客户端的IP不同。The IP address is used to determine whether the same client accesses the first type of page and the second type of page. The IP used by the link-backer to steal the second type of page is obviously different from the IP of the client.

在一些实施方式中,第一信息摘要和第二信息摘要包括哈希运算消息认证码。In some implementations, the first message digest and the second message digest include a hashed message authentication code.

消息摘要是不可逆的加密方式,有效防止倒链者使用逆向工程修改处有意义的信息摘要以欺骗服务器。The message digest is an irreversible encryption method, which effectively prevents the backlinker from using reverse engineering to modify meaningful information digests to deceive the server.

在一些实施方式中,在监听客户端对云平台服务器的针对第一类页面的第一类Http请求之前,首先加载存储所有预先约定的关键字的关键字列表。In some implementations, before listening to the client's first type of Http request to the cloud platform server for the first type of page, the keyword list storing all pre-agreed keywords is first loaded.

在一些实施方式中,在从第二类Http请求中解析出客户端的第二标识信息和第一信息摘要的同时,还解析出客户端的引用来源信息;响应于确定引用来源信息不指向第一类页面或第二类页面而拦截云平台服务器反馈的第二类页面。In some implementations, while parsing out the second identification information of the client and the first information summary from the second type of Http request, the reference source information of the client is also parsed out; in response to determining that the reference source information does not point to the first type Pages or second-type pages that intercept the second-type pages fed back by the cloud platform server.

服务器可以在使用本发明实施例的云平台反倒链方法的同时还启用传统的referer检测方式。referer检测可以设置在云平台反倒链方法之前,因为referer检测易于实施,这种手段不能提高反倒链效果,但可以进一步降低资源占用,在低水平倒链频发的情况下达到与反倒链相同的效果。The server can enable the traditional referer detection mode while using the cloud platform anti-chain method of the embodiment of the present invention. The referer detection can be set before the reverse link method of the cloud platform, because the referer detection is easy to implement, this method can not improve the reverse link effect, but can further reduce resource consumption, and achieve the same effect as the reverse link in the case of low-level frequent link reverse Effect.

在一些实施方式中,第一标识信息和第二标识信息还包括基于时间变化的信息。In some embodiments, the first identification information and the second identification information further include time-based information.

在一些实施方式中,第二类页面包括预定在不同时间获取的多个分片数据;响应于在不同时间针对不同分片数据的数据请求而根据数据请求和基于基于时间变化的信息的信息摘要来确定是否拦截多个分片数据。In some embodiments, the second type of page includes a plurality of pieces of data scheduled to be acquired at different times; in response to data requests for different pieces of data at different times, according to the data request and based on the information summary based on time-varying information To determine whether to intercept multiple fragmented data.

加入基于时间变化的信息,如时间戳等,使得每个超链接具有限定的生命周期,可以进一步提高反倒链效果,尤其是应对视频流倒链。Adding information based on time changes, such as timestamps, makes each hyperlink have a limited life cycle, which can further improve the effect of backlinks, especially for video streaming backlinks.

根据本发明实施例公开的方法还可以被实现为由CPU执行的计算机程序,该计算机程序可以存储在计算机可读存储介质中。在该计算机程序被CPU执行时,执行本发明实施例公开的方法中限定的上述功能。上述方法步骤以及系统单元也可以利用控制器以及用于存储使得控制器实现上述步骤或单元功能的计算机程序的计算机可读存储介质实现。The method disclosed according to the embodiment of the present invention can also be implemented as a computer program executed by a CPU, and the computer program can be stored in a computer-readable storage medium. When the computer program is executed by the CPU, the above functions defined in the methods disclosed in the embodiments of the present invention are executed. The above method steps and system units can also be implemented by using a controller and a computer-readable storage medium for storing a computer program that enables the controller to realize the functions of the above steps or units.

从上述实施例可以看出,本发明实施例提供的云平台反倒链方法,通过从第一类Http请求中解析出客户端的第一标识信息,向第一类页面中的指向第二类页面的Http超链接编辑加入基于第一标识信息的第一信息摘要,从第二类Http请求中解析出客户端的第二标识信息和第一信息摘要,响应于验证第一信息摘要和第二信息摘要不匹配而拦截云平台服务器反馈的第二类页面的技术方案,能够针对云平台中的不同服务器或同一服务器的不同访问者执行反倒链保护,降低服务器负载,提升安全性与可用性。As can be seen from the foregoing embodiments, the cloud platform anti-linking method provided by the embodiment of the present invention, by parsing the first identification information of the client from the first type of Http request, sends the first identification information to the second type of page in the first type of page The Http hyperlink editor adds the first information abstract based on the first identification information, parses out the second identification information and the first information abstract of the client from the second type of Http request, and responds to verifying that the first information abstract and the second information abstract are not The technical solution of matching and intercepting the second type of page fed back by the cloud platform server can perform backlink protection for different servers in the cloud platform or different visitors of the same server, reduce server load, and improve security and availability.

需要特别指出的是,上述云平台反倒链方法的各个实施例中的各个步骤均可以相互交叉、替换、增加、删减,因此,这些合理的排列组合变换之于云平台反倒链方法也应当属于本发明的保护范围,并且不应将本发明的保护范围局限在所述实施例之上。It should be pointed out that each step in each embodiment of the above-mentioned cloud platform anti-chain method can be crossed, replaced, added, and deleted. Therefore, these reasonable permutations and combinations should also belong to the cloud platform anti-chain method. protection scope of the invention and should not be limited to the examples described.

基于上述目的,本发明实施例的第二个方面,提出了一种针对云平台中的不同服务器或同一服务器的不同访问者执行反倒链保护的装置的一个实施例。云平台反倒链装置设置在云平台服务器和客户端之间的连接上,包括:Based on the above purpose, the second aspect of the embodiments of the present invention proposes an embodiment of an apparatus for implementing anti-link protection for different servers in the cloud platform or different visitors of the same server. The cloud platform anti-chain device is set on the connection between the cloud platform server and the client, including:

第一采集模块,用于监听客户端对云平台服务器的针对第一类页面的第一类Http请求,并从第一类Http请求中解析出客户端的第一标识信息;The first collection module is used to listen to the first type of Http request of the client to the cloud platform server for the first type of page, and parse out the first identification information of the client from the first type of Http request;

挑战模块,用于拦截云平台服务器反馈的第一类页面,向第一类页面中的指向第二类页面的Http超链接编辑加入基于第一标识信息的第一信息摘要,并将编辑过的第一类页面发送到客户端;The challenge module is used to intercept the first type of page fed back by the cloud platform server, edit the Http hyperlinks pointing to the second type of page in the first type of page, add the first information summary based on the first identification information, and edit the The first type of page is sent to the client;

第二采集模块,用于监听客户端对云平台服务器的针对第二类页面的第二类Http请求,并从第二类Http请求中解析出客户端的第二标识信息和第一信息摘要;The second acquisition module is used to listen to the second type of Http request of the client to the cloud platform server for the second type of page, and parse out the second identification information and the first information summary of the client from the second type of Http request;

验证模块,用于确定基于第二标识信息的第二信息摘要,并响应于第一信息摘要和第二信息摘要不匹配而拦截云平台服务器反馈的第二类页面。The verification module is configured to determine the second information abstract based on the second identification information, and intercept the second type of page fed back by the cloud platform server in response to the mismatch between the first information abstract and the second information abstract.

结合这里的公开所描述的各种示例性逻辑块、模块、电路和算法步骤可以被实现为电子硬件、计算机软件或两者的组合。为了清楚地说明硬件和软件的这种可互换性,已经就各种示意性组件、方块、模块、电路和步骤的功能对其进行了一般性的描述。这种功能是被实现为软件还是被实现为硬件取决于具体应用以及施加给整个系统的设计约束。本领域技术人员可以针对每种具体应用以各种方式来实现所述的功能,但是这种实现决定不应被解释为导致脱离本发明实施例公开的范围。The various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described generally in terms of their functionality. Whether such functionality is implemented as software or as hardware depends upon the particular application and design constraints imposed on the overall system. Those skilled in the art can implement the described functions in various ways for each specific application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.

基于上述目的,本发明实施例的第三个方面,提出了一种针对云平台中的不同服务器或同一服务器的不同访问者执行反倒链保护的云计算管理平台的一个实施例。云计算管理平台包括:Based on the above purpose, the third aspect of the embodiments of the present invention proposes an embodiment of a cloud computing management platform that implements backlink protection for different servers in the cloud platform or different visitors of the same server. The cloud computing management platform includes:

云平台服务器;Cloud platform server;

处理器;和processor; and

存储器,存储有处理器可运行的程序代码,程序代码在被运行时执上述的云平台反倒链方法。The memory stores the program code executable by the processor, and when the program code is executed, the above-mentioned reverse chaining method of the cloud platform is executed.

从上述实施例可以看出,本发明实施例提供的云平台反倒链装置和云计算管理平台,通过从第一类Http请求中解析出客户端的第一标识信息,向第一类页面中的指向第二类页面的Http超链接编辑加入基于第一标识信息的第一信息摘要,从第二类Http请求中解析出客户端的第二标识信息和第一信息摘要,响应于第一信息摘要和第二信息摘要不匹配而拦截云平台服务器反馈的第二类页面的技术方案,能够针对云平台中的不同服务器或同一服务器的不同访问者执行反倒链保护,降低服务器负载,提升安全性与可用性。As can be seen from the foregoing embodiments, the cloud platform anti-chaining device and the cloud computing management platform provided by the embodiments of the present invention, by parsing the first identification information of the client from the first type of Http request, to the pointing information in the first type of page The Http hyperlink editing of the second type of page adds the first information abstract based on the first identification information, parses the second identification information and the first information abstract of the client from the second type of Http request, and responds to the first information abstract and the first information abstract The technical solution of intercepting the second type of page fed back by the server of the cloud platform because the two information summaries do not match can perform backlink protection for different servers in the cloud platform or different visitors of the same server, reduce server load, and improve security and usability.

需要特别指出的是,上述云平台反倒链装置和云计算管理平台的实施例采用了所述云平台反倒链方法的实施例来具体说明各模块的工作过程,本领域技术人员能够很容易想到,将这些模块应用到所述云平台反倒链方法的其他实施例中。当然,由于所述云平台反倒链方法实施例中的各个步骤均可以相互交叉、替换、增加、删减,因此,这些合理的排列组合变换之于所述云平台反倒链装置和云计算管理平台也应当属于本发明的保护范围,并且不应将本发明的保护范围局限在所述实施例之上。It should be pointed out that the above-mentioned embodiment of the cloud platform anti-chain device and cloud computing management platform adopts the embodiment of the cloud platform anti-chain method to specifically illustrate the working process of each module. Those skilled in the art can easily think, These modules are applied to other embodiments of the cloud platform anti-chain method. Of course, since each step in the embodiment of the cloud platform anti-chain method can intersect, replace, increase, and delete each other, these reasonable permutations and combinations are different from the cloud platform anti-chain device and cloud computing management platform. It should also belong to the protection scope of the present invention, and the protection scope of the present invention should not be limited to the embodiments.

以上是本发明公开的示例性实施例,但是应当注意,在不背离权利要求限定的本发明实施例公开的范围的前提下,可以进行多种改变和修改。根据这里描述的公开实施例的方法权利要求的功能、步骤和/或动作不需以任何特定顺序执行。此外,尽管本发明实施例公开的元素可以以个体形式描述或要求,但除非明确限制为单数,也可以理解为多个。The above are the exemplary embodiments disclosed in the present invention, but it should be noted that various changes and modifications can be made without departing from the scope of the disclosed embodiments of the present invention defined in the claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. In addition, although the elements disclosed in the embodiments of the present invention may be described or required in an individual form, they may also be understood as a plurality unless explicitly limited to a singular number.

应当理解的是,在本文中使用的,除非上下文清楚地支持例外情况,单数形式“一个”旨在也包括复数形式。还应当理解的是,在本文中使用的“和/或”是指包括一个或者一个以上相关联地列出的项目的任意和所有可能组合。上述本发明实施例公开实施例序号仅仅为了描述,不代表实施例的优劣。It should be understood that as used herein, the singular form "a" and "an" are intended to include the plural forms as well, unless the context clearly supports an exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items. The serial numbers of the embodiments disclosed in the above-mentioned embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.

本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps for implementing the above embodiments can be completed by hardware, and can also be completed by instructing related hardware through a program. The program can be stored in a computer-readable storage medium. The above-mentioned The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, and the like.

所属领域的普通技术人员应当理解:以上任何实施例的讨论仅为示例性的,并非旨在暗示本发明实施例公开的范围(包括权利要求)被限于这些例子;在本发明实施例的思路下,以上实施例或者不同实施例中的技术特征之间也可以进行组合,并存在如上所述的本发明实施例的不同方面的许多其它变化,为了简明它们没有在细节中提供。因此,凡在本发明实施例的精神和原则之内,所做的任何省略、修改、等同替换、改进等,均应包含在本发明实施例的保护范围之内。Those of ordinary skill in the art should understand that: the discussion of any of the above embodiments is exemplary only, and is not intended to imply that the scope (including claims) disclosed by the embodiments of the present invention is limited to these examples; under the idea of the embodiments of the present invention , technical features in the above embodiments or in different embodiments can also be combined, and there are many other changes in different aspects of the embodiments of the present invention as described above, which are not provided in details for the sake of brevity. Therefore, within the spirit and principle of the embodiments of the present invention, any omissions, modifications, equivalent replacements, improvements, etc., shall be included in the protection scope of the embodiments of the present invention.

Claims (10)

1.一种云平台反倒链方法,其特征在于,包括将云平台反倒链模块加载到云平台服务器上以执行以下步骤:1. a cloud platform anti-chain method, is characterized in that, comprises the cloud platform anti-chain module loaded on the cloud platform server to perform the following steps: 监听客户端对云平台服务器的针对第一类页面的第一类Http请求,并从所述第一类Http请求中解析出客户端的第一标识信息;Listening to the first type of Http request of the client to the cloud platform server for the first type of page, and parsing the first identification information of the client from the first type of Http request; 拦截云平台服务器反馈的所述第一类页面,向所述第一类页面中的指向第二类页面的Http超链接编辑加入基于所述第一标识信息的第一信息摘要,并将编辑过的所述第一类页面发送到客户端;Intercepting the first type of page fed back by the cloud platform server, adding the first information abstract based on the first identification information to the Http hyperlink editing pointing to the second type of page in the first type of page, and editing the edited The first type of page is sent to the client; 监听客户端对云平台服务器的针对第二类页面的第二类Http请求,并从所述第二类Http请求中解析出客户端的第二标识信息和所述第一信息摘要;Listening to the second type of Http request of the client to the cloud platform server for the second type of page, and parsing the second identification information of the client and the first information abstract from the second type of Http request; 确定基于所述第二标识信息的第二信息摘要,并响应于所述第一信息摘要和所述第二信息摘要不匹配而拦截云平台服务器反馈的所述第二类页面。Determining a second information abstract based on the second identification information, and intercepting the second type of page fed back by the cloud platform server in response to a mismatch between the first information abstract and the second information abstract. 2.根据权利要求1所述的方法,其特征在于,所述第一类页面包括不需要启用反倒链措施的引导页面;所述第二类页面包括需要启用反倒链措施的保护页面或保护页面元素。2. The method according to claim 1, wherein the first type of pages includes guide pages that do not need to enable anti-linking measures; the second type of pages includes protection pages or protected pages that need to enable anti-linking measures element. 3.根据权利要求1所述的方法,其特征在于,所述第一标识信息和所述第二标识信息包括IP地址和预先约定的关键字。3. The method according to claim 1, wherein the first identification information and the second identification information include an IP address and a pre-agreed keyword. 4.根据权利要求3所述的方法,其特征在于,所述第一信息摘要和所述第二信息摘要包括哈希运算消息认证码。4. The method according to claim 3, wherein the first message digest and the second message digest comprise hashed message authentication codes. 5.根据权利要求3所述的方法,其特征在于,还包括:在监听客户端对云平台服务器的针对所述第一类页面的所述第一类Http请求之前,首先加载存储所有预先约定的所述关键字的关键字列表。5. The method according to claim 3, further comprising: before listening to the first type Http request of the client to the cloud platform server for the first type of page, first loading and storing all pre-agreed A keyword list of said keywords for . 6.根据权利要求1所述的方法,其特征在于,还包括:6. The method according to claim 1, further comprising: 在从所述第二类Http请求中解析出客户端的所述第二标识信息和所述第一信息摘要的同时,还解析出客户端的引用来源信息;While parsing out the second identification information and the first information abstract of the client from the second type of Http request, also parse out the reference source information of the client; 响应于确定所述引用来源信息不指向所述第一类页面或所述第二类页面而拦截云平台服务器反馈的所述第二类页面。In response to determining that the reference source information does not point to the first type of page or the second type of page, intercept the second type of page fed back by the cloud platform server. 7.根据权利要求3所述的方法,其特征在于,所述第一标识信息和所述第二标识信息还包括基于时间变化的信息。7. The method according to claim 3, wherein the first identification information and the second identification information further include time-based information. 8.根据权利要求7所述的方法,其特征在于,所述第二类页面包括预定在不同时间获取的多个分片数据;8. The method according to claim 7, wherein the second type of page includes multiple pieces of data scheduled to be acquired at different times; 还包括:响应于在不同时间针对不同分片数据的数据请求而根据所述数据请求和基于所述基于时间变化的信息的信息摘要来确定是否拦截所述多个分片数据。It also includes determining whether to intercept the plurality of pieces of data in response to data requests for different pieces of data at different times according to the data requests and the information digest based on the time-varying information. 9.一种云平台反倒链装置,其特征在于,设置在云平台服务器和客户端之间的连接上,包括:9. A cloud platform anti-chain device, characterized in that it is set on the connection between the cloud platform server and the client, including: 第一采集模块,用于监听客户端对云平台服务器的针对第一类页面的第一类Http请求,并从所述第一类Http请求中解析出客户端的第一标识信息;The first collection module is used to listen to the first type of Http request of the client to the cloud platform server for the first type of page, and parse out the first identification information of the client from the first type of Http request; 挑战模块,用于拦截云平台服务器反馈的所述第一类页面,向所述第一类页面中的指向第二类页面的Http超链接编辑加入基于所述第一标识信息的第一信息摘要,并将编辑过的所述第一类页面发送到客户端;The challenge module is used to intercept the first type of page fed back by the cloud platform server, and edit and add the first information abstract based on the first identification information to the Http hyperlink editing pointing to the second type of page in the first type of page , and send the edited first type of page to the client; 第二采集模块,用于监听客户端对云平台服务器的针对第二类页面的第二类Http请求,并从所述第二类Http请求中解析出客户端的第二标识信息和所述第一信息摘要;The second collection module is used to listen to the second type of Http request of the client to the cloud platform server for the second type of page, and parse out the second identification information of the client and the first type from the second type of Http request. information summary; 验证模块,用于确定基于所述第二标识信息的第二信息摘要,并响应于所述第一信息摘要和所述第二信息摘要不匹配而拦截云平台服务器反馈的所述第二类页面。A verification module, configured to determine a second information summary based on the second identification information, and intercept the second type of page fed back by the cloud platform server in response to a mismatch between the first information summary and the second information summary . 10.一种云计算管理平台,其特征在于,包括:10. A cloud computing management platform, characterized in that, comprising: 云平台服务器;Cloud platform server; 处理器;和processor; and 存储器,存储有处理器可运行的程序代码,所述程序代码在被运行时执行如权利要求1-8中任意一项所述的云平台反倒链方法。The memory stores program code executable by the processor, and when the program code is executed, the cloud platform reverse chaining method according to any one of claims 1-8 is executed.
CN201910574531.4A 2019-06-28 2019-06-28 A kind of cloud platform instead chain method and apparatus Pending CN110311907A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910574531.4A CN110311907A (en) 2019-06-28 2019-06-28 A kind of cloud platform instead chain method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910574531.4A CN110311907A (en) 2019-06-28 2019-06-28 A kind of cloud platform instead chain method and apparatus

Publications (1)

Publication Number Publication Date
CN110311907A true CN110311907A (en) 2019-10-08

Family

ID=68078593

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910574531.4A Pending CN110311907A (en) 2019-06-28 2019-06-28 A kind of cloud platform instead chain method and apparatus

Country Status (1)

Country Link
CN (1) CN110311907A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701796A (en) * 2013-12-23 2014-04-02 山东中创软件商用中间件股份有限公司 Hotlink protection system and method on basis of HASH technology
CN105307052A (en) * 2015-10-27 2016-02-03 无锡天脉聚源传媒科技有限公司 Video request processing method and device
CN107911336A (en) * 2017-10-09 2018-04-13 西安交大捷普网络科技有限公司 A kind of WEB steals chain means of defence
US20180165319A1 (en) * 2016-12-14 2018-06-14 International Business Machines Corporation Atomically Moving Data Elements Between Or Within Linked Data Structures Having No Support For Atomic Moves

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701796A (en) * 2013-12-23 2014-04-02 山东中创软件商用中间件股份有限公司 Hotlink protection system and method on basis of HASH technology
CN105307052A (en) * 2015-10-27 2016-02-03 无锡天脉聚源传媒科技有限公司 Video request processing method and device
US20180165319A1 (en) * 2016-12-14 2018-06-14 International Business Machines Corporation Atomically Moving Data Elements Between Or Within Linked Data Structures Having No Support For Atomic Moves
CN107911336A (en) * 2017-10-09 2018-04-13 西安交大捷普网络科技有限公司 A kind of WEB steals chain means of defence

Similar Documents

Publication Publication Date Title
US8898765B2 (en) Signing off from multiple domains accessible using single sign-on
US8850219B2 (en) Secure communications
CN103023710B (en) A kind of safety test system and method
US9979717B2 (en) Algorithm hardening in background context and external from the browser to prevent malicious intervention with the browser
CN103067409B (en) A kind of WEB steals chain means of defence and gateway system thereof
US12476940B1 (en) Transparent web browsing recorder
CN107046544B (en) Method and device for identifying illegal access request to website
US12224981B2 (en) Techniques for onboarding web applications in a zero trust environment
CN104468592B (en) Login method and login system
WO2017028804A1 (en) Web real-time communication platform authentication and access method and device
CN103634399B (en) Method and device for realizing cross-domain data transmission
CN104967604A (en) Login method and system
US10778718B2 (en) Phishing detection and prevention
JP6450022B2 (en) Analysis device, analysis method, and analysis program
US20180205705A1 (en) Network request proxy system and method
US20230421544A1 (en) Preventing fraud in aggregated network measurements
US12335410B2 (en) Preventing data manipulation and protecting user privacy in telecommunication network measurements
CN111770072B (en) Method and device for accessing function page through single sign-on
CN107026828B (en) Anti-stealing-link method based on Internet cache and Internet cache
Wedman et al. An analytical study of web application session management mechanisms and HTTP session hijacking attacks
CN110311907A (en) A kind of cloud platform instead chain method and apparatus
JP6007149B2 (en) Web browsing history acquisition apparatus, method, and program
Kısa et al. Analysis of http security headers in turkey
CN106130996A (en) A kind of website attack protection checking system and method
Borders et al. Towards Quantification of Network-Based Information Leaks via HTTP.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191008