CN115733801A - Access request processing method and device and server - Google Patents

Abstract

The invention provides a processing method, a device and a server of an access request, wherein the method is applied to an object storage server; target data is stored in the object storage server; if an access request aiming at the target data is received, judging whether the access request accords with the access rule of the target data; the access rule is generated based on rule information specifying user input; the rule information is input by a specified user through a rule input interface provided by the object storage server; and processing the access request if the access request conforms to the access rule of the target data. In the mode, a user can directly input rule information through a rule input interface provided by the object storage server to generate an access rule, and after receiving an access request aiming at target data, the object storage server can directly judge whether the access request accords with the access rule, so that the user does not need to deploy a service server, and a flow limiting program is deployed on the service server, thereby reducing the development cost and the maintenance cost of the user.

Description

Access request processing method, device and server

technical field

The present invention relates to the technical field of data processing, in particular to an access request processing method, device and server.

Background technique

With the rapid development of Internet technology, network malicious attacks have become a problem that cannot be ignored in the industry. For example, within a period of time, the client sends requests to the server continuously. Because these requests are very intensive and the server's processing capacity is limited, a large number of concurrent Access has brought enormous pressure on the processing capacity and operating costs of the server. In order to ensure the safe and stable operation of the system and avoid waste of server resources, the application system or service can be restricted, that is, the API ( Application Programming Interface, application programming interface) call frequency, in order to realize current limiting; In related technologies, different users of the public cloud object storage database receive the data access request of the client through their corresponding business servers, and forward the data access request to the public cloud The server corresponding to the object storage database is used to access the data in the public cloud object storage database. This method requires each user to independently develop a current limiting program and deploy it to their respective business servers. The current limiting program deployed in the business server is implemented Limit the frequency of API calls to achieve current limiting. Since each user needs to develop a separate current limiting program and deploy a corresponding business server for each user, the user's development and maintenance costs are relatively high.

Contents of the invention

The purpose of the present invention is to provide a processing method, device and server for access requests, so as to reduce the development cost and maintenance cost of users.

A method for processing an access request provided by the present invention, the method is applied to an object storage server; the target data is stored in the object storage server; the method includes: if an access request for the target data is received, judging whether the access request meets the access requirements for the target data Rules; wherein, the access rule is generated based on the rule information input by the specified user; the rule information is input by the specified user through the rule input interface provided by the object storage server; if the access request conforms to the access rule of the target data, the access request is processed.

Further, if an access request for the target data is received, the step of judging whether the access request complies with the access rules for the target data includes: if an access request for the target data is received, updating the access information of the target data based on the access request; wherein, the access The information includes: the number of read accesses, the frequency of read accesses or the frequency of write accesses within a specified period of time; it is judged whether the access information complies with the access rules of the target data.

Further, the access rule includes at least one specified source address; if an access request for the target data is received, the step of updating the access information of the target data based on the access request includes: if an access request for the target data is received, judging whether the access request is sent Whether the address belongs to the specified source address; if it belongs to the specified source address, update the access information of the target data based on the access request.

Further, the access rule includes: at least one specified user agent information; if an access request for the target data is received, the step of updating the access information of the target data based on the access request includes: if an access request for the target data is received, judging the access request Whether the specified user agent information is included in the request header; if the specified user agent information is included, the access information of the target data is updated based on the access request.

Further, the access rule also includes: specified characters that need to be included in the data name of the target data; if an access request for the target data is received, the step of updating the current access information based on the access request includes: if the access request for the target data is received , to determine whether the data name of the target data contains specified characters; if the data name of the target data contains specified characters, update the current access information based on the access request.

Further, the step of judging whether the access information conforms to the access rule of the target data includes: judging whether the read access frequency in the access information is within the threshold range of the read access frequency of the access rule; or judging whether the write access frequency in the access information is within the access rule The write access frequency threshold range of the rule; or, determine whether the read access times in the access information is within the read access frequency threshold range of the access rule.

Further, if the access request conforms to the access rule of the target data, the step of processing the access request includes: if the access request conforms to the access rule of the target data, processing the target data based on the access request.

Further, the access rule is generated in the following manner: receiving rule information input by a specified user through the rule input interface; and generating an access rule based on the rule information.

Further, the object storage server includes at least one storage bucket, and the target data is stored in the target storage bucket; if an access request for the target data is received, the step of judging whether the access request complies with the access rules for the target data includes: For data access requests, obtain the access rules of the target data corresponding to the target bucket; determine whether the access requests comply with the access rules.

An access request processing device provided by the present invention is provided in an object storage server; the target data is stored in the object storage server; the device includes: a judging module, used to judge whether the access request is received if an access request for the target data is received An access rule conforming to the target data; wherein, the access rule is generated based on the rule information input by the designated user; the rule information is input by the designated user through the rule input interface provided by the object storage server; the processing module is used for if the access request conforms to the access rule of the target data , to process the access request.

A server provided by the present invention includes a processor and a memory, the memory stores machine-executable instructions that can be executed by the processor, and the processor executes the machine-executable instructions to implement the above access request processing method.

The present invention provides a machine-readable storage medium. The machine-readable storage medium stores machine-executable instructions. When the machine-executable instructions are called and executed by a processor, the machine-executable instructions prompt the processor to implement the processing of the above-mentioned access request. method.

The access request processing method, device and server provided by the present invention, the method is applied to the object storage server; the target data is stored in the object storage server; if an access request for the target data is received, it is judged whether the access request conforms to the access rules of the target data ; The access rule is generated based on the rule information input by the specified user; the rule information is input by the specified user through the rule input interface provided by the object storage server; if the access request conforms to the access rule of the target data, process the access request. In this method, users can directly input rule information through the rule input interface provided by the object storage server to generate access rules. After receiving an access request for target data, the object storage server can directly determine whether the access request complies with the access rules. Users are required to deploy a business server, and a flow limiting program is deployed on the business server, which reduces the user's development cost and maintenance cost.

Description of drawings

In order to more clearly illustrate the specific implementation of the present invention or the technical solutions in the prior art, the following will briefly introduce the accompanying drawings that need to be used in the specific implementation or description of the prior art. Obviously, the accompanying drawings in the following description The drawings show some implementations of the present invention, and those skilled in the art can obtain other drawings based on these drawings without any creative work.

FIG. 1 is a flowchart of a method for processing an access request provided by an embodiment of the present invention;

FIG. 2 is a flow chart of another access request processing method provided by an embodiment of the present invention;

FIG. 3 is a flow chart of another access request processing method provided by an embodiment of the present invention;

FIG. 4 is a schematic diagram of an interface for creating storage bucket access times management rules provided by an embodiment of the present invention;

FIG. 5 is a schematic diagram of another interface for creating storage bucket access times management rules provided by an embodiment of the present invention;

FIG. 6 is a schematic structural diagram of an access request processing device provided by an embodiment of the present invention;

FIG. 7 is a schematic structural diagram of a server provided by an embodiment of the present invention.

Detailed ways

The technical solutions of the present invention will be clearly and completely described below in conjunction with the embodiments. Obviously, the described embodiments are part of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

With the rapid development of Internet technology, network malicious attacks have become a problem that cannot be ignored in the industry. For example, for a period of time, the client sends requests to the server continuously. Because these requests are very intensive and the processing capacity of the server is limited, or the service The capacity is provided by a third party, and a large number of concurrent accesses puts forward higher requirements on the processing capacity of the server, and the operating cost of the server is also higher. In order to ensure system security and avoid waste of server resources, the flow of application systems or services can be limited. Current limiting can be understood as limiting the frequency of API calls; every call to an API requires server resources, so many APIs will not be open to users indefinitely, and access will no longer be allowed after a certain number of requests. Or within a period of time, only the specified number of accesses to the API is allowed at most. By limiting the flow of the interface or service, the interface can be prevented from being maxed out by malicious users.

Related technologies can only realize business-side flow limitation by themselves, that is, different users of the public cloud object storage database receive data access requests from clients through their corresponding business servers, and forward the data access requests to the servers corresponding to the public cloud object storage database, so as to To access the data in the public cloud object storage database, this method requires each user to independently develop a flow-limiting program and deploy it to their respective business servers. To achieve current limiting, this method requires each user to develop a separate current limiting program, and users need to implement similar programs repeatedly. At the same time, when directly uploading or downloading cloud data, the user's corresponding business server must be used to implement current limiting. As a result, when directly using cloud storage, a corresponding business server must be deployed for each user, and the user's development and maintenance costs are relatively high.

Based on this, embodiments of the present invention provide a method, device, and server for processing access requests, and the technology can be applied to applications that limit the flow of application systems or services.

In order to facilitate the understanding of this embodiment, a method for processing an access request disclosed in the embodiment of the present invention is firstly introduced in detail; the method is applied to an object storage server, and target data is stored in the object storage server; as shown in FIG. 1 , The method comprises the steps of:

Step S102, if an access request for the target data is received, judge whether the access request complies with the access rules of the target data; wherein, the access rules are generated based on the rule information input by the specified user; the rule information is input by the specified user through the rules provided by the object storage server interface input.

The above-mentioned target data is usually the data that the user needs to access, and the data can be single data or batch data; the above-mentioned access request can be understood as a request sent by the user when he needs to access the target data in the object storage server, for example, a request for The target data is read or written, etc.; the above rule information can be understood as the information related to the current limit entered in order to limit the access to the target data. For example, the rule information can be entered by the user within a specified time period , the read access frequency threshold or write access frequency threshold for the target data, etc.; the above rule input interface can be a graphical interface or an API method, and the specified user can generate the access rule after inputting rule information through the graphical interface or API method ; In actual implementation, in order to limit the access to the target data, the user can input rule information in advance to generate an access rule for the target data. When the object storage server receives the access request for the target data, it can judge the Whether the access request complies with the pre-generated access rules for the target data.

Step S104, if the access request complies with the access rule of the target data, process the access request.

If the object storage server judges that the access request conforms to the access rules of the target data, it can further process the access request. For example, if the access request is a request to read the target data, it can send the target data to the client that initiated the access request .

The above access request processing method is applied to the object storage server; the target data is stored in the object storage server; if an access request for the target data is received, it is judged whether the access request conforms to the access rules of the target data; the access rules are based on the specified user input The rule information is generated; the rule information is input by the designated user through the rule input interface provided by the object storage server; if the access request conforms to the access rules of the target data, the access request is processed. In this method, users can directly input rule information through the rule input interface provided by the object storage server to generate access rules. After receiving an access request for target data, the object storage server can directly determine whether the access request complies with the access rules. Users are required to deploy a business server, and a flow limiting program is deployed on the business server, which reduces the user's development cost and maintenance cost.

The embodiment of the present invention provides another access request processing method, which is implemented on the basis of the methods in the above embodiments. This method focuses on the description of whether the access request meets the access requirements of the target data if an access request for the target data is received. The specific process of the rule, as shown in Figure 2, the method includes the following steps:

Step S202, if an access request for the target data is received, update the access information of the target data based on the access request; where the access information includes: read access times, read access frequency or write access frequency within a specified time period.

The above specified time period can be set according to actual needs. For example, the specified time period can be per minute or hour; The total number of read requests; the above-mentioned read access frequency can be set according to QPM (Queries Per Minute), that is, the number of read requests per minute, or it can be set according to QPS (Queries Per Second), that is, every second The number of read requests, etc.; the above-mentioned write access frequency can also be set according to QPM (Queries Per Minute), that is, the number of write requests per minute, or it can also be set according to QPS (Queries Per Second), that is, every The number of write requests per second, etc.; in actual implementation, if an access request for the target data is received, the access information of the target data can be updated based on the access request. For example, if a read access request for the target data is received, you can Add 1 to the currently counted number of read accesses of the target data to update the number of read accesses of the target data.

If the access rule includes at least one specified source address, step S202 can be implemented through the following steps 1 and 2:

Step 1, if an access request for the target data is received, it is judged whether the address sending the access request belongs to the specified source address.

The above-mentioned source address can be understood as the IP (Internet Protocol, Internet Protocol) address of the client that sends the access request, and this IP address can be a public network IP address or an intranet IP address; One or more IP addresses set by the rule input interface provided by the object storage server; if one or more specified source addresses are included in the access rule, the relationship between multiple IP addresses is OR, it can be understood that it is necessary to The access request for the target data sent by the client at the source address is subjected to rate-limiting processing; in actual implementation, when an access request for the target data is received, it is necessary to determine whether the IP address of the client sending the access request belongs to the access rule The specified source address set.

Step 2, if it belongs to the specified source address, update the access information of the target data based on the access request.

If the address that sends the access request belongs to the specified source address, it can be understood that the access request for the target data sent by the client from the specified source address needs to be speed-limited. At this time, the target data can be updated based on the access request. Access information such as the number of read accesses, read access frequency, or write access frequency to update target data.

If the access rule includes at least one specified user agent information, step S202 can be implemented through the following steps 3 and 4:

Step 3: If an access request for the target data is received, it is judged whether the request header of the access request includes the specified user agent information.

The above-mentioned user agent can be User Agent (abbreviated as UA). The user agent is usually a part of the Http protocol and belongs to the header field. The identification of browser type and version, operating system and version, browser kernel and other information; through this identification, the service website can display different layouts, so as to provide users with a better experience or carry out information statistics; for example, access Google with a mobile phone The typography displayed on the service's website is usually different from that displayed when accessing Google on a computer. The above designated user agent information may be one or more user agent information set by the user through the rule input interface provided by the object storage server; if one or more designated user agent information is included in the access rule, the multiple designated user agents are or It can be understood that it is necessary to limit the rate of the access request for the target data sent by the client that contains the specified user agent information in the request header of the access request; in actual implementation, when receiving the target data When accessing an access request, it is necessary to determine whether the request header of the access request includes the specified user agent information set in the access rule.

Step 4, if the specified user agent information is included, update the access information of the target data based on the access request.

If the request header of the access request includes the specified user agent information, it can be understood that it is necessary to limit the rate of the access request for the target data sent by the client that initiated the access request. At this time, it can be updated based on the access request Access information of the target data, for example, the number of read accesses, read access frequency, or write access frequency to update the target data.

If the access rule includes specified characters that need to be included in the data name of the target data, this step S202 can be realized through the following steps five and six:

Step 5, if an access request for the target data is received, it is judged whether the data name of the target data contains specified characters.

The above-mentioned specified characters may be a specified prefix or a specified suffix contained in the data name, where the specified prefix may be used to indicate the storage path or directory of the data, etc.; the specified suffix may be used to indicate the data type to which the data belongs, etc.; different data The specified characters contained in the data name of the object storage server may or may not be the same; the user can set one or more specified characters through the rule input interface provided by the object storage server; All data access requests are subject to rate-limit processing, and you can also choose to perform rate-limit processing only for partial data access requests. Specifically, users can choose to perform rate-limit processing on data whose data names contain specified characters according to actual needs. ; For example, if it is necessary to limit the speed of data containing a fixed prefix in the data name, and the fixed prefix indicates the storage directory of the data, it can be understood that all files under the storage directory corresponding to the fixed prefix need to be accessed Perform speed limit processing; in actual implementation, when receiving an access request for the target data, it is necessary to determine whether the data name of the target data contains the specified characters set in the access rules.

Step six, if the data name of the target data contains specified characters, update the current access information based on the access request.

If the data name of the target data contains specified characters, it can be understood that the access request for the target data needs to be processed at a rate limit. At this time, the access information of the target data can be updated based on the access request, for example, the read Access count, read access frequency, or write access frequency.

Step S204, judging whether the access information conforms to the access rules of the target data.

After the access information of the target data is updated based on the access request, it may be further determined whether the updated access information complies with the access rules of the target data.

This step S204 may specifically include: judging whether the read access frequency in the access information is within the read access frequency threshold range of the access rule; or, judging whether the write access frequency in the access information is within the write access frequency threshold range of the access rule; or , to determine whether the number of read accesses in the access information is within the threshold range of the number of read accesses in the access rule.

In actual implementation, if the speed limit method adopts the QPM method, only the read access frequency threshold can be set in the access rule, or only the write access frequency threshold can be set, or both the read access frequency threshold and the write access can be set at the same time Frequency threshold; for example, if both the read access frequency threshold and the write access frequency threshold are set, when a read access request for the target data is received, the read access frequency in the access information can be updated and the updated read access frequency can be judged Whether it is within the set read access frequency threshold range, if it is within the read access frequency threshold range, it can be understood that the access request complies with the access rules of the target data; when a write access request for the target data is received, the access can be updated Write access frequency in the information, and judge whether the updated write access frequency is within the set write access frequency threshold range, if it is within the write access frequency threshold range, it can be understood that the access request complies with the access rules of the target data.

If the speed limit method adopts a fixed number of access times, usually only the threshold of read access times is set in the access rules. For example, when a read access request for the target data is received, the number of read access times in the access information can be updated. And judge whether the updated read access times is within the set read access times threshold range, if it is within the read access times threshold range, it can be understood that the access request complies with the access rules of the target data. Users can choose a suitable speed limit method according to actual needs, and set an appropriate threshold based on the selected speed limit method.

Step S206, if the access request conforms to the access rule of the target data, process the access request.

In the above access request processing method, if the access request for the target data is received, the access information of the target data is updated based on the access request; and whether the access information conforms to the access rules of the target data is judged. If the access request matches the access rules of the target data, process the access request. In this method, users can directly input rule information through the rule input interface provided by the object storage server to generate access rules. After receiving an access request for target data, the object storage server can directly determine whether the access request complies with the access rules. Users are required to deploy a business server, and a flow limiting program is deployed on the business server, which reduces the user's development cost and maintenance cost.

The embodiment of the present invention provides another access request processing method, which is implemented on the basis of the methods in the above embodiments. This method focuses on describing the specific process of processing the access request if the access request conforms to the access rules of the target data, and the access The process of generating rules; in this method, the object storage server includes at least one storage bucket, and the target data is stored in the target storage bucket; the storage bucket is the carrier of data, which can be understood as a "container" for storing data, and the "container" No upper limit on capacity; object storage servers typically include multiple buckets. As shown in Figure 3, the method includes the following steps:

Step S302, if an access request for the target data is received, acquire an access rule for the target data corresponding to the target bucket.

In actual implementation, access rules can be set in units of buckets, that is, access rules corresponding to the bucket can be set for each bucket; if an access request for target data is received, since the target data is stored in the target bucket , you can get the access rules of the target data corresponding to the target bucket. Specifically, the above access rules are generated through the following steps A and B:

Step A, receiving rule information input by a specified user through the rule input interface.

The above-mentioned rule input interface can be a graphical interface or an API, through which a designated user can input rule information. For example, in terms of the speed limit dimension, one or more specified source IPs can be selected, or Enter one or more specified user agent information, or two speed limit dimensions can be used together; in terms of speed limit method, you can choose the QPM method or the method of fixed number of visits, and set the corresponding threshold based on the selected speed limit method wait.

Step B, generating an access rule based on the rule information.

After receiving the above rule information input by the designated user, an access rule can be generated based on the rule information.

Step S304, judging whether the access request complies with the access rule.

Step S306, if the access request conforms to the access rule of the target data, process the target data based on the access request.

If the access request conforms to the access rules of the target data, the target data can be accessed. For example, if the access request is a read access request for the target data, the target data can be sent to the client requesting to access the target data; if the access The request is a write access request for the target data. For example, if the user modifies the target data through the client and needs to store the modified target data in the object storage server, the modified target data can be received and saved.

In the above method for processing the access request, if an access request for the target data is received, the access rule of the target data corresponding to the target bucket is obtained. Determine whether the access request complies with the access rules. If the access request complies with the access rules of the target data, the target data is processed based on the access request. In this method, users can directly input rule information through the rule input interface provided by the object storage server to generate access rules. After receiving an access request for target data, the object storage server can directly determine whether the access request complies with the access rules. Users are required to deploy a business server, and a flow limiting program is deployed on the business server, which reduces the user's development cost and maintenance cost. Moreover, in this way, access rules can be set in units of storage buckets, which refines the control granularity of access requests, and improves control flexibility and control precision.

In order to further understand the above embodiment, the following provides a schematic diagram of an interface for creating storage bucket access times management rules as shown in Figure 4, which includes three rate limit configuration items: policy matching, rate limit dimension and rate limit mode. In this configuration item, you can select all files or files with a fixed prefix, that is, the configuration effective range of the rate limit rule (corresponding to the above access rules) can support the effect on files in the entire storage bucket, and can also support fixed The files with the prefix take effect. If you choose to take effect on files with fixed prefixes, a maximum value is usually set for the number of input fixed prefixes. For example, a maximum of 100 fixed prefixes are supported, which can achieve the purpose of limiting the access speed of files in a certain directory. If you enter Multiple fixed prefixes, multiple fixed prefixes cannot overlap. For example, after configuring the fixed prefix 123/456, you cannot configure the fixed prefix 123/, and the two matching strategies are mutually exclusive. You can only select all files or select the fixed prefix files cannot be selected at the same time.

In the configuration item of the speed limit dimension, if the source IP is selected as the speed limit dimension, you can enter one or more IP addresses that need to restrict access in the configuration column corresponding to the source IP. For example, you can set up to 100 IPs Address; if you choose User Agent as the speed limit dimension, you can enter one or more User Agents whose access needs to be restricted in the configuration column corresponding to User Agent. For example, you can set up to 100 User Agents; these two speed limit dimensions You can also choose to use it together. At this time, the source IP and the User Agent are in a logical AND relationship, that is, it is necessary to perform speed limit processing on access requests that satisfy both speed limit dimensions; for example, the source IP includes an IP address 110.10.0.1 , the User Agent includes Mozilla/5.0 (Linux Android 4.2.1; M040), then it is necessary to include the character information of Mozilla/5.0 (Linux Android 4.2.1; M040) in the request header of the access request from this IP address rate-limited access requests. The speed limit mode in Figure 4 is the QPM mode, and the threshold corresponding to the read operation (read access frequency threshold) and the threshold corresponding to the write operation (write access frequency threshold) can be configured separately. In Figure 4, both thresholds are set to 1000 times, that is, if more than 1000 times, the access will be denied. In addition, in order to make it easier for users to manage the speed limit rules and increase the readability of the speed limit rules, you can also make further supplementary instructions on the speed limit rules in the configuration item Remarks, such as "Speed limit protection for X business" indicates that the speed limit rule is for X business.

Refer to Figure 5 for another schematic diagram of the interface for creating bucket access times management rules, in which policy matching and speed limit dimensions can refer to the relevant descriptions in Figure 4, and the speed limit method in Figure 5 adopts a fixed number of times, that is, , the number of requests for a certain resource is fixed. In this method, the threshold corresponding to the read operation can be configured. As shown in Figure 5, the threshold is set to 1000 times. It means that within the specified time period, only 1000 download operations can be performed on a certain file, and access will be denied if the download operation exceeds 1000 times.

Bucket access times management rules usually take a while to take effect after being set, for example, it takes 2 minutes to take effect after setting, because this function needs to rely on the object storage server to implement access monitoring based on the user single bucket dimension and file prefix dimension, and the rules are issued globally It takes less than 2 minutes for the initial access statistics to take effect. After the rate limit rule takes effect, the real-time access monitoring system of the object storage server will obtain real-time access analysis and perform Monitoring of visits.

An object storage server may include multiple storage buckets, and each storage bucket can support the configuration of multiple rate-limiting rules. For example, a single storage bucket can support up to 20 rate-limiting rules. See Table 1 for a list of bucket access times management rules. In this list, four rate limit rules are configured for bucket X. Each rate limit rule is configured with its corresponding policy matching, rate limit dimension, limit speed mode, creation time, and remarks; in addition, the storage bucket access times management function supports users to modify the current limiting rules. Specifically, you can select the "Edit" option in the operation column in Table 1 to modify the current limiting rules. It supports the termination of rate limiting rules. Specifically, you can select the "Delete" option in the operation column in Table 1 to delete a certain rate limiting rule. It also takes about 2 minutes for the rule cache and the refresh operation of the new rule to take effect.

Table 1

If the access request triggers the rate limit rule, for example, rule 1 in Table 1 is triggered, and the number of downloads (read operations) for files starting with 123 reaches 100 times, then the files starting with 123 will be deleted by the public cloud in the future. The object storage server refuses, returns 403, access is denied, and the error message is Trigger bucket current limiting, that is, the storage space current limiting policy is triggered.

In related technologies, the object storage server provides external data access and data management interfaces, but does not support users to limit the flow of interfaces or services according to their own needs. The public cloud object storage server cannot provide flexible flow limitation methods, and each Users independently develop current limiting programs and deploy them on their corresponding business servers. The frequency of API calls is restricted through the current limiting programs deployed in the business servers to achieve current limiting. Different users need to implement similar current limiting programs repeatedly. ;In the speed limit configuration method in this application, the public cloud object storage server abstracts the speed limit function out of general logic, and supports setting access QPM or fixed times limit for fixed source IP or User Agent, that is, it can support three speed limit dimensions Management and two speed limit configurations, and support users to configure access frequency for public cloud data storage buckets: users can combine bucket speed limit rules according to actual needs, that is, access rules can be set in the bucket dimension, which can support Fine-grained control over the entire bucket or files with a fixed prefix in the bucket.

In addition, the speed limit configuration method in this application can take effect after simply setting rules on the graphical interface or API. The speed limit function on the business side is realized by the cloud object storage server, which does not require users to implement traffic limit on the business side. There is no need for users to repeat similar current limiting logic. If the business side is directly uploading or downloading cloud data, if the current limiting function needs to be implemented, it can be implemented through the cloud object storage server, without adding user business servers, and without deploying current limiting programs on the business servers, which can save users' development costs and maintenance costs.

An embodiment of the present invention provides an access request processing device, which is set in an object storage server; target data is stored in the object storage server; as shown in FIG. The access request of the target data, judging whether the access request conforms to the access rules of the target data; wherein, the access rules are generated based on the rule information input by the specified user; the rule information is input by the specified user through the rule input interface provided by the object storage server; the processing module 61, Used to process access requests if they match the access rules for the target data.

The above-mentioned access request processing device is set in the object storage server; the target data is stored in the object storage server; if an access request for the target data is received, it is judged whether the access request conforms to the access rules of the target data; the access rules are based on the specified user input The rule information is generated; the rule information is input by the designated user through the rule input interface provided by the object storage server; if the access request conforms to the access rules of the target data, the access request is processed. In this device, users can directly input rule information through the rule input interface provided by the object storage server to generate access rules. After receiving an access request for target data, the object storage server can directly determine whether the access request complies with the access rules. Users are required to deploy a business server, and a flow limiting program is deployed on the business server, which reduces the user's development cost and maintenance cost.

Further, the judging module is also used for: if an access request for the target data is received, update the access information of the target data based on the access request; wherein, the access information includes: the number of read accesses, the frequency of read access or the number of write accesses within a specified time period Access frequency; determine whether the access information complies with the access rules of the target data.

Further, the access rule includes at least one specified source address; the judging module is also used to: if an access request for the target data is received, determine whether the address sending the access request belongs to the specified source address; if it belongs to the specified source address, update the address based on the access request Access information for the target data.

Further, the access rule includes: at least one specified user agent information; the judging module is also used to: if an access request for the target data is received, determine whether the specified user agent information is included in the request header of the access request; if the specified user agent information is included , update the access information of the target data based on the access request.

Further, the access rule also includes: specified characters that need to be included in the data name of the target data; the judging module is also used to: if an access request for the target data is received, determine whether the data name of the target data contains specified characters; The data name of the data contains specified characters, and the current access information is updated based on the access request.

Further, the judging module is also used to: judge whether the read access frequency in the access information is within the read access frequency threshold range of the access rule; or judge whether the write access frequency in the access information is within the write access frequency threshold range of the access rule ; Or, determine whether the number of read accesses in the access information is within the threshold range of the number of read accesses in the access rule.

Further, the processing module is further configured to: if the access request conforms to the access rule of the target data, process the target data based on the access request.

Further, the device further includes a generation module, through which access rules are generated: receiving rule information input by a specified user through a rule input interface; and generating access rules based on the rule information.

Further, the object storage server includes at least one storage bucket, and the target data is stored in the target storage bucket; the judging module is also used to: if an access request for the target data is received, obtain the access rule of the target data corresponding to the target storage bucket; judge Whether the access request complies with the access rules.

The implementation principle and technical effect of the access request processing device provided by the embodiment of the present invention are the same as the aforementioned access request processing method embodiment. For a brief description, the part of the access request processing device embodiment that is not mentioned, Reference may be made to the corresponding content in the foregoing access request processing method embodiments.

The embodiment of the present invention also provides a server, as shown in FIG. 7, the server includes a processor 130 and a memory 131, the memory 131 stores machine-executable instructions that can be executed by the processor 130, and the processor 130 executes the machine The instruction can be executed to realize the above access request processing method.

Further, the server shown in FIG. 7 also includes a bus 132 and a communication interface 133 , and the processor 130 , the communication interface 133 and the memory 131 are connected through the bus 132 .

Wherein, the memory 131 may include a high-speed random access memory (RAM, Random Access Memory), and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory. The communication connection between the system network element and at least one other network element is realized through at least one communication interface 133 (which may be wired or wireless), and the Internet, wide area network, local network, metropolitan area network, etc. can be used. The bus 132 can be an ISA bus, a PCI bus, or an EISA bus, etc. The bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one double-headed arrow is used in FIG. 7 , but it does not mean that there is only one bus or one type of bus.

The processor 130 may be an integrated circuit chip with signal processing capability. In the implementation process, each step of the above method may be implemented by an integrated logic circuit of hardware in the processor 130 or an instruction in the form of software. The above-mentioned processor 130 can be a general-purpose processor, including a central processing unit (Central Processing Unit, referred to as CPU), a network processor (Network Processor, referred to as NP), etc.; it can also be a digital signal processor (Digital Signal Processor, referred to as DSP) , Application Specific Integrated Circuit (ASIC for short), Field Programmable Gate Array (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. Various methods, steps and logic block diagrams disclosed in the embodiments of the present invention may be implemented or executed. A general-purpose processor may be a microprocessor, or the processor may be any conventional processor, or the like. The steps of the methods disclosed in the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module can be located in a mature storage medium in the field such as random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, register. The storage medium is located in the memory 131, and the processor 130 reads the information in the memory 131, and completes the steps of the method in the foregoing embodiments in combination with its hardware.

The embodiment of the present invention also provides a machine-readable storage medium, the machine-readable storage medium stores machine-executable instructions, and when the machine-executable instructions are called and executed by a processor, the machine-executable instructions prompt the processor to To realize the processing method of the above access request, the specific implementation may refer to the method embodiment, which will not be repeated here.

The computer program product of the access request processing method, device, and server provided by the embodiments of the present invention includes a computer-readable storage medium storing program codes, and the instructions included in the program codes can be used to execute the method described in the preceding method embodiments. For the specific implementation of the method, refer to the method embodiments, which will not be repeated here.

If the functions described above are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes. .

Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than limiting them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present invention. scope.

Claims (12)

1. A method for processing an access request, wherein the method is applied to an object storage server; target data is stored in the object storage server; the method includes: If an access request for the target data is received, it is judged whether the access request complies with the access rules for the target data; wherein, the access rules are generated based on rule information input by a specified user; the rule information is determined by the specified The user inputs through the rule input interface provided by the object storage server; If the access request complies with the access rule of the target data, process the access request. 2. The method according to claim 1, wherein if an access request for the target data is received, the step of judging whether the access request complies with the access rules for the target data comprises: If an access request for the target data is received, update the access information of the target data based on the access request; wherein the access information includes: the number of read access times, read access frequency or write access within a specified time period frequency; Judging whether the access information complies with the access rule of the target data. 3. The method according to claim 2, wherein the access rule includes at least one specified source address; if an access request for the target data is received, updating the access to the target data based on the access request Informational steps include: If an access request for the target data is received, determine whether the address sending the access request belongs to the specified source address; If it belongs to the specified source address, updating the access information of the target data based on the access request. 4. The method according to claim 2, wherein the access rule comprises: at least one specified user agent information; if an access request for the target data is received, updating the target data based on the access request The steps for accessing information include: If an access request for the target data is received, determine whether the request header of the access request includes the specified user agent information; If the designated user agent information is included, the access information of the target data is updated based on the access request. 5. The method according to claim 2, wherein the access rule further comprises: specified characters to be included in the data name of the target data; If the access request for the target data is received, the step of updating the current access information based on the access request includes: If an access request for the target data is received, determine whether the data name of the target data contains the specified character; If the data name of the target data contains the specified character, the current access information is updated based on the access request. 6. The method according to claim 2, wherein the step of judging whether the access information complies with the access rules of the target data comprises: judging whether the read access frequency in the access information is within the read access frequency threshold range of the access rule; Or, determine whether the write access frequency in the access information is within the write access frequency threshold range of the access rule; Alternatively, it is judged whether the number of read accesses in the access information is within the threshold range of the number of read accesses in the access rule. 7. The method according to claim 1, wherein if the access request complies with the access rule of the target data, the step of processing the access request comprises: If the access request complies with the access rule of the target data, process the target data based on the access request. 8. The method according to claim 1, wherein the access rules are generated in the following manner: receiving the rule information input by the specified user through the rule input interface; The access rules are generated based on the rule information. 9. The method according to claim 1, wherein the object storage server comprises at least one storage bucket, and the target data is stored in the target storage bucket; If the access request for the target data is received, the step of judging whether the access request complies with the access rules for the target data includes: If an access request for the target data is received, acquiring an access rule for the target data corresponding to the target bucket; Judging whether the access request complies with the access rule. 10. A processing device for an access request, characterized in that the device is set in an object storage server; the target data is stored in the object storage server; the device includes: A judging module, configured to, if an access request for the target data is received, judge whether the access request complies with an access rule for the target data; wherein, the access rule is generated based on rule information input by a specified user; the rule The information is input by the specified user through the rule input interface provided by the object storage server; A processing module, configured to process the access request if the access request complies with the access rule of the target data. 11. A server, comprising a processor and a memory, the memory storing machine-executable instructions capable of being executed by the processor, the processor executing the machine-executable instructions to achieve claim 1 -The processing method of the access request described in any one of 9. 12. A machine-readable storage medium, wherein the machine-readable storage medium stores machine-executable instructions, and when the machine-executable instructions are called and executed by a processor, the machine-executable instructions cause The processor implements the access request processing method according to any one of claims 1-9.

Images