[go: up one dir, main page]

CN105991615B - Means of defence and device based on CSRF attack - Google Patents

Means of defence and device based on CSRF attack Download PDF

Info

Publication number
CN105991615B
CN105991615B CN201510096263.1A CN201510096263A CN105991615B CN 105991615 B CN105991615 B CN 105991615B CN 201510096263 A CN201510096263 A CN 201510096263A CN 105991615 B CN105991615 B CN 105991615B
Authority
CN
China
Prior art keywords
http message
network address
preset
address
http
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510096263.1A
Other languages
Chinese (zh)
Other versions
CN105991615A (en
Inventor
郑言
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201510096263.1A priority Critical patent/CN105991615B/en
Publication of CN105991615A publication Critical patent/CN105991615A/en
Application granted granted Critical
Publication of CN105991615B publication Critical patent/CN105991615B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of means of defence and device based on CSRF attack, this method comprises: receiving HTTP message, and judges whether HTTP message needs to protect;If HTTP message is protected, and in HTTP message include source website address when, judge whether source website address is safe network address;If source website address is safe network address, the parameter of HTTP message is obtained;When the aggressive mode string of Non-precondition in the parameter of HTTP message, or have and only preset aggressive mode string when, it is determined that there is not exception in HTTP message, and is forwarded processing to HTTP message;When being had and when only preset aggressive mode string, it is determined that HTTP message occurs abnormal, and carries out packet loss processing to HTTP message.Therefore the protection for carrying out attacking based on CSRF to HTTP message may be implemented in the present invention, and protection efficiency is higher, is not likely to produce protection mistake, protection efficiency is also greatly improved.

Description

Means of defence and device based on CSRF attack
Technical field
The present invention relates to network communication technology fields, more particularly to means of defence and device based on CSRF attack.
Background technique
With the development of network communication technology, there is a kind of attack method that permission is falsely used, i.e., is forged across station request (Cross Site Request Forgery, CSRF) attack.CSRF attack is a kind of network attack form, which can be with Request is forged with victim's name in the case where victim knows nothing and is sent under fire website, thus in the feelings of unauthorized The operation under protection of usage right is executed under condition, and there is very big harmfulness.
In the prior art, the means of defence based on CSRF attack can be using verifying hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP) Referer field realize.Wherein, according to http protocol, in HTTP There is a field Referer, it has recorded the source address of the HTTP request.But using above-mentioned means of defence safety It is not high, it is very low to the protection effect of CSRF attack.
Summary of the invention
The present invention is provided based on the CSRF means of defence attacked and device, to solve to use existing protection in the prior art Method security is not high, the problem very low to the protection effect of CSRF attack.
According to a first aspect of the embodiments of the present invention, a kind of means of defence based on CSRF attack, the method packet are provided It includes:
HTTP message is received, and judges the protection whether HTTP message needs to attack based on CSRF;
If the HTTP message needs to carry out the protection, and includes the source of the HTTP message in the HTTP message When network address, judge whether the source website address of the HTTP message is safe network address;
If the source website address is safe network address, the parameter of the HTTP message is obtained, when the ginseng of the HTTP message Have in the aggressive mode string of Non-precondition or the parameter of the HTTP message in number and only preset aggressive mode string when, It then determines that exception does not occur in the HTTP message, and processing is forwarded to the HTTP message;When the HTTP message Be not in parameter have and only preset aggressive mode string when, it is determined that the HTTP message occur it is abnormal, and to the HTTP Message carries out packet loss processing.
According to a second aspect of the embodiments of the present invention, a kind of protective device based on CSRF attack, described device packet are provided It includes:
First judging unit for receiving hypertext transfer protocol HTTP message, and judges whether the HTTP message needs The protection to be attacked based on CSRF;
Second judgment unit if needing to carry out the protection for the HTTP message, and includes in the HTTP message When the source website address of the HTTP message, judge whether the source website address of the HTTP message is safe network address;
First protective unit obtains the parameter of the HTTP message if be safe network address for the source website address;When Have in the aggressive mode string of Non-precondition or the parameter of the HTTP message in the parameter of the HTTP message and only default Aggressive mode string when, it is determined that there is not exception in the HTTP message, and is forwarded processing to the HTTP message;When Be not in the parameter of the HTTP message have and only preset aggressive mode string when, it is determined that the HTTP message occurs different Often, and to the HTTP message it is forwarded processing.
Using the embodiment of the present invention, by receiving HTTP message, and judge whether the HTTP message needs based on CSRF The protection of attack;If HTTP message is protected, and in HTTP message include HTTP message source website address when, judgement Whether the source website address of HTTP message is safe network address;If source website address is safe network address, the parameter of HTTP message is obtained, when Have in the aggressive mode string of Non-precondition or the parameter of the HTTP message in the parameter of the HTTP message and only default Aggressive mode string when, it is determined that there is not exception in the HTTP message, and is forwarded processing to the HTTP message;When Be not in the parameter of the HTTP message have and only preset aggressive mode string when, it is determined that the HTTP message occurs different Often, and to the HTTP message packet loss processing is carried out, the protection attacked based on CSRF is carried out to HTTP message to realize, and And protection efficiency is higher, is not likely to produce protection mistake, protection efficiency is also greatly improved.
Detailed description of the invention
Fig. 1 is using application scenarios schematic diagram of the embodiment of the present invention based on the CSRF protection attacked;
Fig. 2 is that the present invention is based on one embodiment flow charts of the means of defence of CSRF attack;
Fig. 3 is that the present invention is based on another embodiment flow charts of the means of defence of CSRF attack;
Fig. 4 is that the present invention is based on a kind of hardware structure diagrams of equipment where the protective device of CSRF attack;
Fig. 5 is that the present invention is based on one embodiment block diagrams of the protective device of CSRF attack.
Specific embodiment
Technical solution in embodiment in order to enable those skilled in the art to better understand the present invention, and make of the invention real The above objects, features, and advantages for applying example can be more obvious and easy to understand, with reference to the accompanying drawing to technical side in the embodiment of the present invention Case is described in further detail.
Referring to Fig. 1, to apply application scenarios schematic diagram of the embodiment of the present invention based on the CSRF protection attacked:
A kind of group-network construction of protection based on CSRF attack is shown in Fig. 1.It include website (Web) A, net in the framework Stand the legitimate user of B and website A.
Wherein, website A can connect the HTTP message of user's transmission.Website B is the source net for the HTTP message that user sends It stands.According to http protocol, there is a field Referer in HTTP, it has recorded the source address of the HTTP request, should Source address is the network address of Web B.
If Web A is not based on the preventing mechanism of CSRF, that is, there is the website of CSRF loophole, Web B is attacker's structure The malicious websites built, when user is according to the request of website B, to website A transmission HTTP message, and website A is not aware that the HTTP Message is initiated by website B in fact, so the HTTP message can be handled according to the permission of user C, leads to the evil from website B Meaning code is performed.
In the embodiment of the present invention, after A receives HTTP message when website, first determine whether the HTTP message is based on CSRF The protection of attack is then protected accordingly when determining to need to protect, and is to the HTTP message according to Protection Results decision It is forwarded processing, or packet loss processing is carried out to the HTTP message;It is just directly right and when only determining not needing protection The HTTP message is forwarded processing.
In addition, what the HTTP message that website A is received can be sent with outer net, it can also be sent with Intranet.Wherein, outer net refers to Be the website in addition to the A of website, i.e., the agreement (Internet interconnected between the domain name or network of the website of outer net and website A Protocol, IP) address difference;Intranet refers to website A itself, domain name or IP address having the same.
Therefore, in the embodiment of the present invention, have based on what CSRF was attacked from the HTTP message that Intranet, outer net are sent Effect protection.
The embodiment for the protection attacked the present invention is based on CSRF is described in detail with reference to the accompanying drawing.
Referring to fig. 2, for the present invention is based on one embodiment flow chart of the CSRF means of defence attacked, this method can be answered For website, for example, the website A in Fig. 1, specifically includes the following steps:
Step 210: receiving HTTP message, and judge the protection whether HTTP message needs to attack based on CSRF.Wherein, The HTTP message can be the transmission of Intranet website, be also possible to the transmission of outer net website.
Step 220: if the HTTP message received needs the protection attack based on CSRF, and being wrapped in the HTTP message When containing the source website address for sending the HTTP message, judge whether the source website address of the HTTP message is safe network address.Wherein, according to Http protocol has a field Referer in HTTP, it has recorded the source address of the HTTP request.
Step 230: if the source website address of HTTP message is safe network address, obtaining the parameter of the HTTP message;Work as HTTP Have in the aggressive mode string of Non-precondition or the parameter of HTTP message in the parameter of message and only preset aggressive mode string When, it is determined that there is not exception in the HTTP message, and is forwarded processing to the HTTP message;When the HTTP message Parameter in be not have and only preset aggressive mode string when, it is determined that the HTTP message occur it is abnormal, and to described HTTP message carries out packet loss processing.
In the embodiment of the present invention, aggressive mode string refers to the uniform resource locator (Uniform of HTTP message Resource Locator, URL) network address argument section in parameter, preset aggressive mode string be preset parameter.
For example, the argument section of the URL network address of HTTP message is /dp/index.php? name=dptech, wherein Name is aggressive mode string.If preset aggressive mode string is name, it is determined that exception does not occur in the HTTP message, and to this HTTP message is forwarded processing.
It the use of the purpose of preset aggressive mode string is to further determine that the HTTP message received in the embodiment of the present invention Safety only meets aggressive mode String matching criterion, could preferably carry out the protection attacked based on CSRF.Wherein, actively Pattern matching criterion is to have and only aggressive mode string.
As seen from the above-described embodiment, by receiving HTTP message, and judge whether the HTTP message needs based on CSRF The protection of attack;If HTTP message is protected, and in HTTP message include HTTP message source website address when, judgement Whether the source website address of HTTP message is safe network address;If source website address is safe network address, the parameter of HTTP message is obtained,
Have when in the aggressive mode string of Non-precondition in the parameter of the HTTP message or the parameter of the HTTP message And only preset aggressive mode string when, it is determined that there is not exception in the HTTP message, and carries out to the HTTP message Forward process;When being had and when only preset aggressive mode string in the parameter of the HTTP message, it is determined that the HTTP There is exception in message, and carries out packet loss processing to the HTTP message, attack based on CSRF to HTTP message to realize The protection hit, and protection efficiency is higher, is not likely to produce protection mistake, protection efficiency is also greatly improved.
In one embodiment, the above-mentioned means of defence based on CSRF attack further include:
If the source website address for not including the source website address or the HTTP message in the HTTP message received is not peace When the whole network location, the parameter of the HTTP message is obtained;When in the parameter of HTTP message including preset aggressive mode string, it is determined that There is not exception in HTTP message, and is forwarded processing to HTTP message;When in the parameter of HTTP message not comprising default Aggressive mode string when, it is determined that HTTP message occurs abnormal, and carries out packet loss processing to HTTP message.
In another embodiment, the above-mentioned means of defence based on CSRF attack further include:
If the HTTP message received does not need the protection attack based on CSRF, it is determined that the HTTP message does not have There is exception, and processing is forwarded to the HTTP message.
In further embodiment, the protection whether HTTP message needs to attack based on CSRF is judged in above-mentioned steps 210 When, specific steps include:
(1) the URL network address of the HTTP message received is obtained, and inquires the URL of HTTP message in preset URL network address Network address.Wherein, preset URL network address includes needing to carry out the network address based on the CSRF protection attacked.
(2) if inquire the URL network address of HTTP message, which needs to carry out to attack based on CSRF anti- Shield;If do not inquire the URL network address of HTTP message, which does not need the protection attack based on CSRF.
In further embodiment, when whether the source website address for judging HTTP message in above-mentioned steps 220 is safe network address, tool Body step includes:
(1) source website address of HTTP message is inquired in preset source website address.Wherein, preset source website address is all peace The whole network location.
(2) if inquire the source website address of HTTP message, the source website address of HTTP message is safe network address;If no When inquiring the source website address of HTTP message, then the source website address of HTTP message is not safe network address.
As seen from the above-described embodiment, by URL network address to HTTP message, source website address, aggressive mode string etc. into Row differentiation processing carries out the protection attacked based on CSRF to HTTP message to realize, and protection efficiency is higher, is not easy to produce Mistake is protected in biological and ecological methods to prevent plant disease, pests, and erosion, and protection efficiency is also greatly improved.
Fig. 3 is the present invention is based on another embodiment flow chart of the means of defence of CSRF attack, and this method can be applied In on website, for example, the website A in Fig. 1, specifically includes the following steps:
Step 301: receiving HTTP message.Wherein, which can be the transmission of Intranet website, be also possible to outer net What website was sent.
Step 302: judging the protection whether HTTP message needs to attack based on CSRF, if desired, then follow the steps 303; Otherwise, 311 are thened follow the steps.
Wherein, judge HTTP message whether need based on CSRF attack protection specifically include:
(1) the URL network address of the HTTP message received, and the HTTP that inquire-receive arrives in preset URL network address are obtained The URL network address of message.Wherein, preset URL network address includes needing to carry out the network address based on the CSRF protection attacked.
(2) if inquire the URL network address of HTTP message, which needs to carry out to attack based on CSRF anti- Shield;If do not inquire the URL network address of HTTP message, which does not need the protection attack based on CSRF.
Step 303: obtaining the source website address of HTTP message.
Step 304: judging whether to get the source website address of HTTP message, if getting, then follow the steps 305;Otherwise, Then follow the steps 309.
Step 305: whether the source website address for judging HTTP message is safe network address, if safe network address, thens follow the steps 306;Otherwise, 309 are thened follow the steps.
Wherein, whether the source website address for judging HTTP message is that safe network address specifically includes:
(1) source website address of HTTP message is inquired in preset source website address.Wherein, preset source website address is all peace The whole network location.
(2) if inquire the source website address of HTTP message, the source website address of the HTTP message is safe network address;If When not inquiring the source website address of HTTP message, then the source website address of HTTP message is not safe network address.
Step 306: obtaining the parameter of HTTP message.
Step 307: judging whether comprising preset aggressive mode string in the parameter of HTTP message, if comprising executing step Rapid 308;Otherwise, step 311 is executed.
Step 308: judging whether to have in the parameter of HTTP message and only preset aggressive mode string, if having and only pre- If aggressive mode string, then follow the steps 311;Otherwise, step 312 is executed.
Step 309: obtaining the parameter of HTTP message.
Step 310: judging whether comprising preset aggressive mode string in the parameter of HTTP message, if comprising executing step Rapid 311;Otherwise, step 312 is executed.
Step 311: determining that exception does not occur in HTTP message, and processing is forwarded to HTTP message, process terminates.
Step 312: it is abnormal to determine that HTTP message occurs, and packet loss processing is carried out to HTTP message, process terminates.
As seen from the above-described embodiment, by URL network address to HTTP message, source website address, aggressive mode string etc. into Row differentiation processing carries out the protection attacked based on CSRF to HTTP message to realize, and protection efficiency is higher, is not easy to produce Mistake is protected in biological and ecological methods to prevent plant disease, pests, and erosion, and protection efficiency is also greatly improved.
Corresponding with the aforementioned means of defence embodiment based on CSRF attack, the present invention also provides what is attacked based on CSRF The embodiment of protective device.
The present invention is based on the embodiments of the protective device of CSRF attack can be using on network devices.Installation practice can Can also be realized by way of hardware or software and hardware combining by software realization.Taking software implementation as an example, as one Device on logical meaning is to be referred to computer program corresponding in nonvolatile memory by the processor of equipment where it It enables and is read into memory what operation was formed.For hardware view, as shown in figure 4, for the present invention is based on the protection that CSRF is attacked A kind of hardware structure diagram of equipment where device in addition to processor shown in Fig. 4, network interface, memory and non-volatile is deposited Except reservoir, the equipment in embodiment where device can also include usually other hardware, such as be responsible for the forwarding core of processing message Piece etc.;The equipment is also possible to be distributed equipment from hardware configuration, may include multiple interface cards, so as to hard The extension of part level progress Message processing.
Referring to Fig. 5, for the present invention is based on one embodiment block diagram of the CSRF protective device attacked, described device can be answered With, can be used for executing on network devices Fig. 2 and the means of defence shown in Fig. 3 based on CSRF attack, described device includes: First judging unit 51, second judgment unit 52 and the first protective unit 53.
Wherein, the first judging unit 51 is for receiving hypertext transfer protocol HTTP message, and judges the HTTP message Whether the protection based on CSRF attacked is needed.
If second judgment unit 52 needs to carry out the protection for the HTTP message, and includes in the HTTP message When the source website address of the HTTP message, judge whether the source website address of the HTTP message is safe network address.
If the first protective unit 53 for the source website address be safe network address when, obtain the parameter of the HTTP message; It is pre- when having in the aggressive mode string of Non-precondition in the parameter of the HTTP message or the parameter of the HTTP message and only having If aggressive mode string when, it is determined that there is not exception in the HTTP message, and is forwarded processing to the HTTP message; When being had and when only preset aggressive mode string in the parameter of the HTTP message, it is determined that the HTTP message occurs different Often, and to the HTTP message packet loss processing is carried out.
Wherein, aggressive mode string refers to the parameter in the argument section of the URL network address of HTTP message, preset positive mould Formula string is preset parameter.
In an optional implementation, the protective device based on CSRF attack can also include: the second protection Unit (is not shown) in Fig. 5.
Wherein, if the second protective unit is not for including the source website address or the HTTP in the HTTP message When the source website address of message is not safe network address, the parameter of the HTTP message is obtained;It is wrapped when in the parameter of the HTTP message When containing preset aggressive mode string, it is determined that exception does not occur in the HTTP message, and is forwarded to the HTTP message Processing;When in the parameter of the HTTP message not comprising preset aggressive mode string, it is determined that the HTTP message occurs It is abnormal, and packet loss processing is carried out to the HTTP message.
In another optional implementation, the protective device based on CSRF attack can also include: that third is anti- It protects unit (being not shown in Fig. 5).
Wherein, if third protective unit does not need to carry out the protection for the HTTP message, it is determined that described There is not exception in HTTP message, and is forwarded processing to the HTTP message.
In another optional implementation, first judging unit 51 is also used to obtain the unification of the HTTP message Resource localizer URL network address, and inquire in preset URL network address the URL network address of the HTTP message, the preset URL Network address includes needing to carry out the network address based on the CSRF protection attacked;If inquire the URL network address of the HTTP message, institute HTTP message is stated to need to carry out the protection;If do not inquire the URL network address of the HTTP message, the HTTP message It does not need to carry out the protection.
In another optional implementation, the second judgment unit 52 is also used to inquire in preset source website address The source website address of the HTTP message, the preset source website address are all safe network address;If inquiring the HTTP message When source website address, then the source website address of the HTTP message is safe network address;If not inquiring the source of the HTTP message When network address, then the source website address of the HTTP message is not safe network address.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize the present invention program.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
As seen from the above-described embodiment, by receiving HTTP message, and judge whether the HTTP message needs based on CSRF The protection of attack;If HTTP message is protected, and in HTTP message include HTTP message source website address when, judgement Whether the source website address of HTTP message is safe network address;If source website address is safe network address, the parameter of HTTP message is obtained, when Have in the aggressive mode string of Non-precondition or the parameter of the HTTP message in the parameter of the HTTP message and only default Aggressive mode string when, it is determined that there is not exception in the HTTP message, and is forwarded processing to the HTTP message;When Be not in the parameter of the HTTP message have and only preset aggressive mode string when, it is determined that the HTTP message occurs different Often, and to the HTTP message packet loss processing is carried out, the protection attacked based on CSRF is carried out to HTTP message to realize, and And protection efficiency is higher, is not likely to produce protection mistake, protection efficiency is also greatly improved.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to of the invention its Its embodiment.This application is intended to cover any variations, uses, or adaptations of the invention, these modifications, purposes or Person's adaptive change follows general principle of the invention and including the undocumented common knowledge in the art of the present invention Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by following Claim is pointed out.
It should be understood that the present invention is not limited to the precise structure already described above and shown in the accompanying drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is limited only by the attached claims.

Claims (10)

1. a kind of based on the means of defence for requesting forgery CSRF attack across station, which is characterized in that the described method includes:
Hypertext transfer protocol HTTP message is received, and judges the protection whether HTTP message needs to attack based on CSRF;
If the HTTP message needs to carry out the protection, and includes the source website address of the HTTP message in the HTTP message When, judge whether the source website address of the HTTP message is safe network address;
If the source website address is safe network address, the parameter of the HTTP message is obtained;When in the parameter of the HTTP message Have in the aggressive mode string of Non-precondition or the parameter of the HTTP message and only preset aggressive mode string when, then really There is not exception in the fixed HTTP message, and is forwarded processing to the HTTP message;When the parameter of the HTTP message In have preset aggressive mode string but be not have and only preset aggressive mode string when, it is determined that the HTTP message occurs different Often, and to the HTTP message packet loss processing is carried out.
2. the method according to claim 1, wherein the preset aggressive mode string is preset parameter, institute State method further include:
If not including the source website address in the HTTP message or the source website address of the HTTP message not being safe network address When, obtain the parameter of the HTTP message;When in the parameter of the HTTP message including preset aggressive mode string, it is determined that There is not exception in the HTTP message, and is forwarded processing to the HTTP message;When in the parameter of the HTTP message When including preset aggressive mode string, it is determined that exception occurs in the HTTP message, and loses to the HTTP message Packet processing.
3. the method according to claim 1, wherein the method also includes:
If the HTTP message does not need to carry out the protection, it is determined that exception does not occur in the HTTP message, and to institute It states HTTP message and is forwarded processing.
4. judging whether the HTTP message needs based on CSRF the method according to claim 1, wherein described The protection of attack specifically includes:
The uniform resource locator URL network address of the HTTP message is obtained, and inquires the HTTP report in preset URL network address The URL network address of text, the preset URL network address include needing to carry out the network address based on the CSRF protection attacked;
If inquire the URL network address of the HTTP message, the HTTP message needs to carry out the protection;If not inquiring To the HTTP message URL network address when, then the HTTP message does not need to carry out the protection.
5. the method according to claim 1, wherein the source website address for judging the HTTP message whether be Safe network address specifically includes:
The source website address of the HTTP message is inquired in preset source website address, the preset source website address is all safety net Location;
If inquire the source website address of the HTTP message, the source website address of the HTTP message is safe network address;If not yet When having the source website address for inquiring the HTTP message, then the source website address of the HTTP message is not safe network address.
6. a kind of protective device based on CSRF attack, which is characterized in that described device includes:
First judging unit for receiving hypertext transfer protocol HTTP message, and judges whether the HTTP message needs base In the protection of CSRF attack;
Second judgment unit, if needing to carry out the protection for the HTTP message, and comprising described in the HTTP message When the source website address of HTTP message, judge whether the source website address of the HTTP message is safe network address;
First protective unit obtains the parameter of the HTTP message if be safe network address for the source website address;When described Have in the aggressive mode string of Non-precondition or the parameter of the HTTP message in the parameter of HTTP message and only preset product When the pattern string of pole, it is determined that exception does not occur in the HTTP message, and is forwarded processing to the HTTP message;When described Have preset aggressive mode string in the parameter of HTTP message but be not have and only preset aggressive mode string when, it is determined that it is described There is exception in HTTP message, and carries out packet loss processing to the HTTP message.
7. device according to claim 6, which is characterized in that the preset aggressive mode string is preset parameter, institute State device further include:
Second protective unit, if for not including coming for the source website address or the HTTP message in the HTTP message When source network address is not safe network address, the parameter of the HTTP message is obtained;When in the parameter of the HTTP message comprising preset When aggressive mode string, it is determined that exception does not occur in the HTTP message, and is forwarded processing to the HTTP message;Work as institute When stating in the parameter of HTTP message not comprising preset aggressive mode string, it is determined that the HTTP message occurs abnormal and right The HTTP message carries out packet loss processing.
8. device according to claim 6, which is characterized in that described device further include:
Third protective unit, if do not need to carry out the protection for the HTTP message, it is determined that the HTTP message does not have Exception is occurred, and processing is forwarded to the HTTP message.
9. device according to claim 6, which is characterized in that first judging unit is also used to obtain the HTTP report The uniform resource locator URL network address of text, and the URL network address of the HTTP message is inquired in preset URL network address, it is described pre- If URL network address include need carry out based on CSRF attack protection network address;If inquiring the URL network address of the HTTP message When, then the HTTP message needs to carry out the protection;It is described if do not inquire the URL network address of the HTTP message HTTP message does not need to carry out the protection.
10. device according to claim 6, which is characterized in that the second judgment unit is also used in preset source The source website address of the HTTP message is inquired in network address, the preset source website address is all safe network address;If inquiring described When the source website address of HTTP message, then the source website address of the HTTP message is safe network address;If not inquiring the HTTP When the source website address of message, then the source website address of the HTTP message is not safe network address.
CN201510096263.1A 2015-03-04 2015-03-04 Means of defence and device based on CSRF attack Active CN105991615B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510096263.1A CN105991615B (en) 2015-03-04 2015-03-04 Means of defence and device based on CSRF attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510096263.1A CN105991615B (en) 2015-03-04 2015-03-04 Means of defence and device based on CSRF attack

Publications (2)

Publication Number Publication Date
CN105991615A CN105991615A (en) 2016-10-05
CN105991615B true CN105991615B (en) 2019-06-07

Family

ID=57039084

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510096263.1A Active CN105991615B (en) 2015-03-04 2015-03-04 Means of defence and device based on CSRF attack

Country Status (1)

Country Link
CN (1) CN105991615B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294994B (en) * 2017-07-06 2020-06-05 网宿科技股份有限公司 CSRF protection method and system based on cloud platform

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296087A (en) * 2007-04-23 2008-10-29 Sap股份公司 Method and system for preventing cross-site attacks
WO2008153606A1 (en) * 2007-01-26 2008-12-18 Sibeam, Inc. Content protection based on wireless proximity estimation
CN101883024A (en) * 2010-06-23 2010-11-10 南京大学 A Dynamic Detection Method for Cross-Site Forgery Requests
CN102480490A (en) * 2010-11-30 2012-05-30 国际商业机器公司 Method and device for preventing CSRF attack
CN103679018A (en) * 2012-09-06 2014-03-26 百度在线网络技术(北京)有限公司 Method and device for detecting CSRF loophole

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008153606A1 (en) * 2007-01-26 2008-12-18 Sibeam, Inc. Content protection based on wireless proximity estimation
CN101296087A (en) * 2007-04-23 2008-10-29 Sap股份公司 Method and system for preventing cross-site attacks
CN101883024A (en) * 2010-06-23 2010-11-10 南京大学 A Dynamic Detection Method for Cross-Site Forgery Requests
CN102480490A (en) * 2010-11-30 2012-05-30 国际商业机器公司 Method and device for preventing CSRF attack
CN103679018A (en) * 2012-09-06 2014-03-26 百度在线网络技术(北京)有限公司 Method and device for detecting CSRF loophole

Also Published As

Publication number Publication date
CN105991615A (en) 2016-10-05

Similar Documents

Publication Publication Date Title
US10826872B2 (en) Security policy for browser extensions
EP2854361A1 (en) Apparatus and method for protecting communication pattern of network traffic
JP7388613B2 (en) Packet processing method and apparatus, device, and computer readable storage medium
CN105763561B (en) A kind of attack defense method and device
CN107645478B (en) Network attack defense system, method and device
CN106656849B (en) Message rate-limiting method and device
CN104468624A (en) SDN controller, routing/switching device and network defending method
JP2016136735A (en) System, apparatus, program, and method for protocol fingerprint acquisition and evaluation correlation
Kim et al. Detecting DNS-poisoning-based phishing attacks from their network performance characteristics
KR101250899B1 (en) Apparatus for detecting and preventing application layer distribute denial of service attack and method
CN104954384B (en) A kind of url mimicry methods of protection Web applications safety
CN104717212B (en) Protection method and system for cloud virtual network security
CN105704120B (en) A method of the secure access network based on self study form
CN106797378B (en) Apparatus and method for controlling a communication network
CN104539604B (en) Website protection method and device
Arukonda et al. The innocent perpetrators: reflectors and reflection attacks
CN108400955B (en) Network attack protection method and system
CN110557358A (en) Honeypot server communication method, SSLStrip man-in-the-middle attack perception method and related device
CN104348924A (en) Method, system and device for domain name resolution
Kulshrestha et al. A literature reviewon sniffing attacks in computernetwork
CN117544335A (en) Bait activation method, device, equipment and storage medium
Goutam The problem of attribution in cyber security
JP2020129736A (en) Test device
CN102457415B (en) IPS check processing method, Network Security Device and system
Reti et al. Honey infiltrator: Injecting honeytoken using netfilter

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant after: Hangzhou Dipu Polytron Technologies Inc

Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building

Applicant before: Hangzhou Dipu Technology Co., Ltd.

COR Change of bibliographic data
GR01 Patent grant
GR01 Patent grant