The invention belongs to the technical field of computer networks, and provides a method for detecting HTTP tunnel data based on a conversation and the HTTP protocol standard. A system captures a data packet of an HTTP port and establishes a conversation linked list according to the IP address and the port. When the data packet arrives at a detection system, firstly, the system examines and maintains the conversation linked list, a record is added if not record exists, and the record is deleted from the conversation linked list if the RST data packet or the FIN data packet exists; secondly, the system examines the content of the data packet and judges whether the conversation connection meets the standard HTTP protocol, such as a client-side command GET, a client-side command POST, a server-side response HTTP / 1.0 and a server-side response HTTP / 1.1, or not, if the conversation connection meets the standard HTTP protocol, the conversation is marked as HTTP protocol data, and if the conversation connection does not meet the standard HTTP protocol, the conversation is marked as HTTP tunnel data. By means of the method, the HTTP tunnel data can be recognized, differential service can be conducted on the HTTP tunnel data, or data which are not the HTTP protocol data can be prevented from penetrating through the HTTP port.