Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for forwarding hyper text transport protocol (HTTP) request

A unique and token technology, which is applied in the field of network security, can solve problems such as difficult to implement and reduce the performance of web security gateways, and achieve the effects of reducing computing pressure, easy deployment, and reducing computing overhead

Inactive Publication Date: 2012-07-11
BEIJING VENUS INFORMATION TECH +1
View PDF6 Cites 37 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0019] The above-mentioned first two traditional CSRF defense methods implemented on the Web security gateway can effectively defend against CSRF attacks, but they all require the Web security gateway to modify the Web form in the Web page returned to the Web client by the Web application system in real time.
To modify the Web form in the Web page, the complete Web gateway must perform a series of complex operations such as DOM (Document Object Model, Document Object Model) tree analysis, Web form location, and Web form modification on the Web page, which will greatly reduce Web security. Gateway performance
What's more complicated is that the Web forms in some Web pages are generated by client-side scripts (such as Javascript). To realize the correct positioning and modification of this type of Web forms requires the Web security gateway to support client-side script interpretation. Difficult to achieve
The third Referer verification method has the risk of being bypassed by the attacker forging the Referer value, so it can only be used as an auxiliary verification method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for forwarding hyper text transport protocol (HTTP) request
  • Method and device for forwarding hyper text transport protocol (HTTP) request
  • Method and device for forwarding hyper text transport protocol (HTTP) request

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0071] Embodiment 1, a method for forwarding an HTTP request, which can be applied to a web security gateway, includes:

[0072] Determine whether the URL of the HTTP request of the Web client is a Web form request URL or a Web form data submission URL;

[0073] When the URL of the HTTP request is a Web form request URL, if a valid token is carried in the URL parameter of the HTTP request, the HTTP request is forwarded; if the token is not carried, a unique token is randomly generated, and the The URL of the HTTP request and the generated token are spliced ​​into a new URL, discarding the HTTP request and sending a request redirection to the HTTP response message of the new URL to the Web client;

[0074] When the URL of the HTTP request is a Web form data submission URL, if the HTTP request has a Referer value and a valid token can be extracted from the Referer, the HTTP request is forwarded.

[0075] In this embodiment, the method may also include:

[0076] When the URL of...

Embodiment 2

[0154] Embodiment 2, a device for forwarding HTTP requests, can be applied on the Web security gateway, such as Figure 4 shown, including:

[0155] The HTTP request classification module is used to judge whether the URL of the HTTP request of the Web client is a Web form request URL or a Web form data submission URL;

[0156] Web form request processing module, for when the URL of described HTTP request is Web form request URL, if carry effective token in the URL parameter of this HTTP request, then forward this HTTP request; If not carrying token then random Generate a unique token, splicing the URL of the HTTP request and the generated token into a new URL, discarding the HTTP request and sending a request to the Web client to redirect to the HTTP of the new URL response message;

[0157] The Web form data submission processing module is used for forwarding the HTTP request if the HTTP request has a Referer value and a valid token can be extracted from the Referer when th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method and a device for forwarding a hyper text transport protocol (HTTP) request. The method comprises the steps of: judging whether a uniform resource locator (URL) of the HTTP request of a Web client is a URL requested by a Web form or a URL submitted by Web form data or not; forwarding the HTTP request when the URL of the HTTP request is the URL requested by the Web form and effective tokens are carried in parameters of the URL of the HTTP request; randomly generating a unique token if the token is not carried, splicing the URL of the HTTP request and the generated token into a new URL, discarding the HTTP request, and sending an HTTP response message requesting the redirection to the new URL to the Web client; and forwarding the HTTP request when the URL of the HTTP request is the URL submitted by Web form data, the HTTP request has the referrer value and the effective token can be extracted from the referrer. The method and the device have the advantages that the effective defense on cross site request forgery (CSRF) attack can be realized, and the computation overhead on a Web security gateway is greatly reduced.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and device for forwarding HTTP requests. Background technique [0002] After nearly two decades of development, the current scale of the Internet has become very large, especially the Web business, which is one of the main services of the Internet, has achieved rapid development, which has brought great convenience for people to obtain information. At the same time, the security status of those Web sites that provide people with Web services is worrying. Common security issues include SQL (Structured Query Language, Structured Query Language) injection attacks, cross-site scripting attacks, and cross-site request forgery. SQL injection attacks and cross-site scripting attacks are caused by the fact that web applications do not perform strict filtering when using data submitted by users. Therefore, these two types of web security attacks are less and less. CSRF (Cross S...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L29/06
Inventor 叶润国胡振宇
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products