Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for implementing secure website access

A technology for website access and secure access, applied in the network field, can solve the problems of low degree of automation and cannot be dynamically added, and achieve the effect of ensuring safe access, improving flexibility and degree of automation

Active Publication Date: 2019-01-18
新浪技术(中国)有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although certain remote ip access can be restricted or blocked (block) through configuration files, blocking (block) rules cannot be added dynamically. Every time a block rule is modified, the nginx self-promotion process needs to be restarted, and the degree of automation is not high, so it cannot be integrated with the backend The log analysis module cooperates with the dynamic block access of certain ip

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for implementing secure website access
  • Method and device for implementing secure website access
  • Method and device for implementing secure website access

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] Embodiment 1 of the present invention provides a method for implementing secure website access, the process of which is as follows figure 1 shown, including the following steps:

[0052] Step S101: Receive a website access request sent by a user.

[0053]When a user wants to visit a website, a website access request will be sent, and the website access request at least includes the IP address information of the user who sent the request.

[0054] Step S102: According to the IP address included in the website access request and the blocking rules set according to the access log file, it is judged whether the IP address is an attacking IP address.

[0055] Wherein, the blocking rule is a blocking rule set for IP addresses with attacks and IP addresses with possible attacks according to the access log files. Access log files can be obtained in real time or periodically, and the blocking rules can be updated when attacking IP addresses and possible attacking IP addresses ...

Embodiment 2

[0071] Embodiment 2 of the present invention provides a method for implementing secure website access. Before the access security verification described in Embodiment 1, it also includes the process of setting blocking rules. The method flow of this embodiment is as follows figure 2 shown, including the following steps:

[0072] Step S201: Obtain the access log files of the website in real time or periodically.

[0073] The Nginx system pushes the access log files to the kafka queue of the storm system in real time through the flume system, so as to obtain the access log files of the website in real time. You can also set the acquisition period to periodically acquire access log files.

[0074] Among them, Flume is a highly available, highly reliable, and distributed massive log collection, aggregation, and transmission system. Flume supports customizing various data senders in the log system to collect data; at the same time, Flume provides Ability to perform simple proces...

Embodiment 3

[0097] Embodiment 3 of the present invention provides a method for implementing secure website access. On the basis of the methods in Embodiment 1 and Embodiment 2, some blocking rule setting operations are added after inputting the verification code for IP addresses that are judged to be likely to be attacked. , the process is as image 3 shown, including the following steps:

[0098] Step S301: Obtain a verification code from the user for security verification.

[0099] For the IP address that may be attacked, at this time, it can be reverse-proxyed to a verification code webpage, allowing the user to enter the verification code through the client. If a verification code is entered, security verification is performed after obtaining the verification code.

[0100] Step S302: Whether the verification code is verified or not.

[0101] When the verification code is verified, step S303 is executed; when the verification code is not verified, step S304 is executed.

[0102] S...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiments of the invention provide a website secure access realization method and apparatus. The method comprises the following steps: receiving a website access request sent by a user; according to an IP address included in the request and according to prevention rules set by an access log file, determining whether the IP address is an attacking IP address or a possible attacking IP address; when it is determined that the IP address is neither an attacking IP address nor a possible attacking IP address, allowing access to a website; when it is determined that the IP address is an attacking IP address, rejecting the access to the website; when it is determined that the IP address is a possible attacking IP address, obtaining a verification code from a user for security verification, and in case of successful verification, allowing the access to the website; and in case of verification failure, rejecting the access to the website. The method provided by the invention can dynamically adjust access restriction rules according to a dynamical access log, realizes dynamic adjustment of network security access, and accordingly improves the flexibility and the automation degree of arrangement of network security access rules.

Description

technical field [0001] The invention relates to the field of network technology, in particular to an nginx-based method and device for implementing secure website access. Background technique [0002] Nginx is a high-performance hypertext transfer protocol (HyperText Transfer Protocol, HTTP) and reverse proxy server, but also an interactive mail access protocol (Internet Mail Access Protocol, IMAP) / Post Office Protocol 3 (PostOfficeProtocol3, POP3) / simple Mail Transfer Protocol (Simple MailTransfer Protocol, SMTP) proxy server. [0003] It is very important to implement secure website access in the Nginx system, and its implementation scheme to prevent Challenge Collapsar (CC) attacks has attracted much attention. In the Nginx system, the security access control and management of the website is realized through the nginx http function module (ngx_http_limit_ip_module), and non-secure access is restricted. [0004] The existing limit request (limit_req) module of nginx ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/10H04L63/1458
Inventor 李文强
Owner 新浪技术(中国)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products