[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN105812393A - Website protection device and method - Google Patents

Website protection device and method Download PDF

Info

Publication number
CN105812393A
CN105812393A CN201610349519.XA CN201610349519A CN105812393A CN 105812393 A CN105812393 A CN 105812393A CN 201610349519 A CN201610349519 A CN 201610349519A CN 105812393 A CN105812393 A CN 105812393A
Authority
CN
China
Prior art keywords
website
type
path
script
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610349519.XA
Other languages
Chinese (zh)
Inventor
张敬伦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Electronic Information Industry Co Ltd
Original Assignee
Inspur Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Electronic Information Industry Co Ltd filed Critical Inspur Electronic Information Industry Co Ltd
Priority to CN201610349519.XA priority Critical patent/CN105812393A/en
Publication of CN105812393A publication Critical patent/CN105812393A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a website protection device and method which are applied to a local host server.The website protection device comprises a scanning and determining unit, a recognition unit, a strategy generation unit and a protection unit, wherein the scanning and determining unit is used for scanning a process on the local host server and determining website types contained in the local host server according to the scanned process and corresponding configurations of all the website types; the recognition unit is used for recognizing website service installation paths, website page deployment paths and website script types of all the website types according to the corresponding configurations of all the website types; the strategy generation unit is used for generating corresponding protection strategies for all the website types according to the website service installation paths, the website page deployment paths and the website script types; the protection unit is used for protecting all websites on the local host server according to the protection strategies.According to the scheme, automatic website protection is realized.

Description

A kind of website preventer and method
Technical field
The present invention relates to field of computer technology, particularly to a kind of website preventer and method.
Background technology
Along with the application development of Web service technology, each size website be hacked, webpage be tampered security incident relevant to web services is of common occurrence.The Type of website of various conventional website and the storage position of its associated documents or process are differentiated in protection for website at present mainly through artificial mode, and protection is set by the protection method respectively various websites existed, whole process is both needed to the participation of very important person, and cannot automatically carry out website protection.
Summary of the invention
Embodiments provide a kind of website preventer and method, it is achieved that automatically carry out website protection.
A kind of website preventer, is applied to local host server, including: unit, recognition unit, strategy generating unit and protective unit are determined in scanning, wherein,
Unit is determined in described scanning, process for scanning the process on local host server, according to scanning, it is determined that the Type of website that this local host server comprises, and determine the configuration that each Type of website is corresponding, and configuration corresponding for each Type of website is sent to described recognition unit;
Described recognition unit, the configuration corresponding for receiving each Type of website that described scanning determines that unit sends, and according to configuration corresponding to each Type of website, identify that the website service installation path of each Type of website, Website page dispose path and website script type;
Described strategy generating unit, disposes path and website script type for the website service installation path identified according to described recognition unit, Website page, generates corresponding prevention policies for each Type of website;
Described protective unit, for the prevention policies generated according to described strategy generating unit, protects each website on local host server.
Preferably, above-mentioned website preventer, farther include: unit and snapshot memory element are set, wherein,
Described unit is set, stores catalogue for arranging safety in this local host server;
Described snapshot memory element; for the website script type identified according to described recognition unit; each website script file is done snapshot, and snapshot is encrypted protection, the snapshot after encipherment protection is saved in described setting under the safety storage catalogue that unit is arranged.
Preferably, above-mentioned website preventer, farther include:
Unit repaired by script, for when the script file of targeted website is destroyed, utilizing the snapshot that described snapshot memory element stores that the script file of described targeted website is repaired.
Preferably, described strategy generating unit, including: forced symmetric centralization subelement, wherein,
Described forced symmetric centralization subelement, for carrying out rules of competence configuration to the registry entry of each Type of website each self-corresponding website process, the installation path of procedure site, website script path that procedure site calls and procedure site respectively;
Described protective unit, for receiving the access request of each website, and judges whether the access request of each website meets the rules of competence of described forced symmetric centralization subelement configuration, if it is not, then this access request is intercepted.
Preferably, described forced symmetric centralization subelement, for configuring Do not switch off authority to the process of procedure site;The website script path that installation path and the procedure site of procedure site are called is respectively configured except the process of this procedure site, and the authority that the file under this path is only read by all processes, this catalogue is had all of operating right by the process of procedure site.
Preferably, above-mentioned website preventer, it is applied to any one in IIS, WebSphere, WebLogic, Tomcat and Apache or the multiple Type of website are protected.
A kind of website protection method, is applied to local host server, including:
Process on scanning local host server, the process according to scanning, it is determined that the Type of website that this local host server comprises;
Determine the configuration that each Type of website is corresponding;
According to the configuration that each Type of website is corresponding, identify that the website service installation path of each Type of website, Website page dispose path and website script type;
Dispose path and website script type according to described website service installation path, Website page, generate corresponding prevention policies for each Type of website;
According to described prevention policies, each website on local host server is protected.
Preferably, said method farther includes:
This local host server arranges safety and stores catalogue;
After the website service installation path of described each Type of website of identification, Website page dispose path and website script type; before the described prevention policies generating correspondence for each Type of website; farther include: according to described website script type; each website script file is done snapshot; and snapshot is encrypted protection, the snapshot after encipherment protection is saved under described safety storage catalogue;
Described each website on local host server is protected, including: when the script file of targeted website is destroyed, utilize the snapshot of storage that the script file of described targeted website is repaired.
Preferably, described generate corresponding prevention policies for each Type of website, including: respectively the registry entry of each Type of website each self-corresponding website process, the installation path of procedure site, website script path that procedure site calls and procedure site is carried out rules of competence configuration;
Described each website on local host server is protected, including: receive the access request of each website, and judge whether the access request of each website meets the rules of competence of configuration, if it is not, then this access request is intercepted.
Preferably, said method is applied to any one in IIS, WebSphere, WebLogic, Tomcat and Apache or the multiple Type of website are protected;
The described prevention policies generating correspondence for each Type of website, including: the process of procedure site is configured Do not switch off authority;The website script path that installation path and the procedure site of procedure site are called is respectively configured except the process of this procedure site, and the authority that the file under this path is only read by all processes, this catalogue is had all of operating right by the process of procedure site.
Embodiments provide a kind of website preventer and method, this website preventer is by scanning the process determining on unit scan local host server, process according to scanning, determine the Type of website that this local host server comprises, and determine the configuration that each Type of website is corresponding, by recognition unit according to configuration corresponding to each Type of website, identify that the website service installation path of each Type of website, Website page dispose path and website script type;Dispose path and website script type by strategy generating unit according to website service installation path, Website page, generate corresponding prevention policies for each Type of website;Each website on local host server can be protected by this prevention policies by protective unit, this website preventer can for the different prevention policies of different web sites type configuration, and automatically carry out website protection by prevention policies, without artificial intervention in whole process, it is achieved that automatically carry out website protection.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the structural representation of a kind of website preventer that one embodiment of the invention provides;
Fig. 2 is the structural representation of a kind of website preventer that another embodiment of the present invention provides;
Fig. 3 is the structural representation of a kind of website preventer that another embodiment of the present invention provides;
Fig. 4 is the structural representation of a kind of website preventer that another embodiment of the present invention provides;
Fig. 5 is the flow chart of a kind of website protection method that one embodiment of the invention provides;
Fig. 6 is the flow chart of a kind of website protection method that another embodiment of the present invention provides.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearly; below in conjunction with the accompanying drawing in the embodiment of the present invention; technical scheme in the embodiment of the present invention is clearly and completely described; obviously; described embodiment is a part of embodiment of the present invention, rather than whole embodiments, based on the embodiment in the present invention; the every other embodiment that those of ordinary skill in the art obtain under the premise not making creative work, broadly falls into the scope of protection of the invention.
As it is shown in figure 1, a kind of website of embodiment of the present invention offer preventer, this website preventer, including: unit 101, recognition unit 102, strategy generating unit 103 and protective unit 104 are determined in scanning, wherein,
Unit 101 is determined in scanning, process for scanning the process on local host server, according to scanning, it is determined that the Type of website that this local host server comprises, and determine the configuration that each Type of website is corresponding, and configuration corresponding for each Type of website is sent to recognition unit 102;
Recognition unit 102, for receiving the configuration that scanning determines that each Type of website that unit 101 sends is corresponding, and according to configuration corresponding to each Type of website, identifies the website service installation path of each Type of website, Website page deployment path and website script type;
Strategy generating unit 103, disposes path and website script type for the website service installation path identified according to recognition unit 102, Website page, generates corresponding prevention policies for each Type of website;
Protective unit 104, for the prevention policies generated according to strategy generating unit 103, protects each website on local host server.
In the embodiment shown in fig. 1, this website preventer is by scanning the process determining on unit scan local host server, process according to scanning, determine the Type of website that this local host server comprises, and determine the configuration that each Type of website is corresponding, by recognition unit according to configuration corresponding to each Type of website, identify that the website service installation path of each Type of website, Website page dispose path and website script type;Dispose path and website script type by strategy generating unit according to website service installation path, Website page, generate corresponding prevention policies for each Type of website;Each website on local host server can be protected by this prevention policies by protective unit, this website preventer can for the different prevention policies of different web sites type configuration, and automatically carry out website protection by prevention policies, without artificial intervention in whole process, it is achieved that automatically carry out website protection.
As in figure 2 it is shown, in an alternative embodiment of the invention, above-mentioned network protection device farther includes: arrange unit 201 and snapshot memory element 202, wherein,
Unit 201 is set, stores catalogue for arranging safety in this local host server;
Snapshot memory element 202, for the website script type identified according to recognition unit 102, does snapshot to each website script file, and snapshot is encrypted protection, and the snapshot after encipherment protection is saved in described setting under the safety storage catalogue that unit is arranged.
As it is shown on figure 3, in still another embodiment of the process, above-mentioned website preventer, farther include:
Unit 301 repaired by script, for when the script file of targeted website is destroyed, utilizing the snapshot that snapshot memory element 202 stores that the script file of targeted website is repaired.
As shown in Figure 4, in an alternative embodiment of the invention, strategy generating unit 103, including: forced symmetric centralization subelement 401, wherein,
Forced symmetric centralization subelement 401, for carrying out rules of competence configuration to the registry entry of each Type of website each self-corresponding website process, the installation path of procedure site, website script path that procedure site calls and procedure site respectively;
Protective unit 104, for receiving the access request of each website, and judges whether the access request of each website meets the rules of competence of forced symmetric centralization subelement 401 configuration, if it is not, then this access request is intercepted.
In still another embodiment of the process, forced symmetric centralization subelement 401, for configuring Do not switch off authority to the process of procedure site;The website script path that installation path and the procedure site of procedure site are called is respectively configured except the process of this procedure site, and the authority that the file under this path is only read by all processes, this catalogue is had all of operating right by the process of procedure site.
In an alternative embodiment of the invention, above-mentioned website preventer, it is applied to any one in IIS, WebSphere, WebLogic, Tomcat and Apache or the multiple Type of website are protected.
The contents such as the information between each unit in said apparatus is mutual, execution process, with the inventive method embodiment based on same design, particular content referring to the narration in embodiment of the method, can repeat no more herein.
As it is shown in figure 5, embodiments provide a kind of website protection method, the method may comprise steps of:
Step 501: the process on scanning local host server, the process according to scanning, it is determined that the Type of website that this local host server comprises;
Step 502: determine the configuration that each Type of website is corresponding;
Step 503: according to the configuration that each Type of website is corresponding, identifies that the website service installation path of each Type of website, Website page dispose path and website script type;
Step 504: dispose path and website script type according to website service installation path, Website page, generate corresponding prevention policies for each Type of website;
Step 505: according to prevention policies, each website on local host server is protected.
In an embodiment of the invention, in order to realize the recovery to website script file, said method farther includes: arranges safety in this local host server and stores catalogue;After the step 503, farther included before step 504: according to website script type, each website script file is done snapshot, and snapshot is encrypted protection, the snapshot after encipherment protection is saved under safety storage catalogue;The detailed description of the invention of step 505, including: when the script file of targeted website is destroyed, utilize the snapshot that snapshot memory element stores that the script file of targeted website is repaired.
In an embodiment of the invention, in order to improve security protection further, the detailed description of the invention of step 504, including: respectively the registry entry of each Type of website each self-corresponding website process, the installation path of procedure site, website script path that procedure site calls and procedure site is carried out rules of competence configuration;The detailed description of the invention of step 505, including: receive the access request of each website, and judge whether the access request of each website meets the rules of competence of configuration, if it is not, then this access request is intercepted.
In an embodiment of the invention, said method is applied to any one in IIS, WebSphere, WebLogic, Tomcat and Apache or the multiple Type of website are protected;The detailed description of the invention of step 505, including: the process of procedure site is configured Do not switch off authority;The website script path that installation path and the procedure site of procedure site are called is respectively configured except the process of this procedure site, the authority that file under this path is only read by all processes, this catalogue is had all of operating right by the process of procedure site, various website make said method range of application ratio wide, so that can more comprehensively obtain website protection by ratio.
As shown in Figure 6, another embodiment of the present invention provides a kind of website protection method, and the method may comprise steps of:
Step 600: safety is set in local host server and stores catalogue;
The safety storage catalogue arranged in this step can so that except can modifying except network protection device provided by the invention, safety can only be read out and can not distort by the file stored in catalogue by other program.
Step 601: the process on scanning local host server, the process according to scanning, it is determined that the Type of website that this local host server comprises;
In this step, can scan the Type of website include: any one or the multiple Type of website in IIS, WebSphere, WebLogic, Tomcat and Apache, owing to its process of the different Types of website is different, then the Type of website having in local host server can be determined easily by process is scanned.
Step 602: determine the configuration that each Type of website is corresponding;
This configuration includes: path, website script file type and store path thereof that process, website service installation path, webpage are disposed etc..
Step 603: according to the configuration that each Type of website is corresponding, identifies that the website service installation path of each Type of website, Website page dispose path and website script type;
Such as: for the IIS Type of website, identified by this step: the procedure site w3wp.exe of the IIS Type of website and operation process corresponding to this procedure site;The installation path ../iis/ of IIS website, deployment path, website such as ../webpage/.
Step 604: according to website script type, does snapshot to each website script file, and snapshot is encrypted protection, is saved in by the snapshot after encipherment protection under safety storage catalogue;
The script file of website is mainly backed-up by this step, can also be recovered by the script file of this backup after script file is destroyed.
Step 605: the registry entry of each Type of website each self-corresponding website process, the installation path of procedure site, website script path that procedure site calls and procedure site is carried out rules of competence configuration;
In this step, mainly the process of procedure site is configured Do not switch off authority;The website script path that installation path and the procedure site of procedure site are called is respectively configured except the process of this procedure site, and the authority that the file under this path is only read by all processes, this catalogue is had all of operating right by the process of procedure site.Such as: for the IIS Type of website, operation process configuration Do not switch off authority for the procedure site w3wp.exe of the IIS Type of website, the installation path ../iis/ of IIS is configured the authority that the file under this path is only read by all processes, and the installation path ../iis/ of this IIS is had all of operating right by the w3wp.exe process of this IIS Type of website, installation path so can be prevented to be destroyed, and the upgrading etc. of the compatible IIS of energy operates;Then, deployment path, website ../webpage/ is configured the authority that the file under this path is only read by all processes, and this catalogue is had all of operating right by the w3wp.exe process of this IIS Type of website, ensure that web site contents can be altered by w3wp, and web site contents can not be distorted by other process.
Step 606: when receiving the access request of each website, it is judged that whether the access request of each website meets the rules of competence of configuration, if it is, perform step 607;Otherwise, step 608 is performed;
Such as: include the file under amendment deployment path, website ../webpage/ in an access request, then this access request is unsatisfactory for the rules of competence of step 605 configuration, then step 608 is performed;If including the file read under the ../webpage/ of deployment path, website in an access request, then this access request meets the rules of competence of step 605 configuration, then perform step 607.
Step 607: the request of the accepting the interview access to website, and terminate current process;
Step 608: this access request is intercepted;
Step 609: when the script file of targeted website is destroyed, utilizes the snapshot of storage that the script file of targeted website is repaired.
According to such scheme, various embodiments of the present invention, at least have the advantages that
1. this website preventer is by scanning the process determining on unit scan local host server, determine the Type of website that this local host server comprises, and determine the configuration that each Type of website is corresponding, by recognition unit according to configuration corresponding to each Type of website, identify that the website service installation path of each Type of website, Website page dispose path and website script type;It is that each Type of website generates corresponding prevention policies by strategy generating unit;Each website on local host server can be protected by this prevention policies by protective unit, this website preventer can for the different prevention policies of different web sites type configuration, and automatically carry out website protection by prevention policies, without artificial intervention in whole process, it is achieved that automatically carry out website protection.
2. any one in IIS, WebSphere, WebLogic, Tomcat and Apache or the multiple Type of website can be protected by scheme provided by the invention, by the process of procedure site is configured Do not switch off authority;The website script path that installation path and the procedure site of procedure site are called is respectively configured except the process of this procedure site, the authority that file under this path is only read by all processes, this catalogue is had all of operating right by the process of procedure site, achieve the protection to website, further increase web portal security, polytype website can be protected simultaneously, be effectively improved range of application and the practicality of security protection.
3. scheme provided by the invention can according to configuration corresponding to each Type of website, identify that the website service installation path of each Type of website, Website page dispose path and website script type, achieve the path automatically identifying that the website needing protection is relevant, different protection is implemented for different types of website, prevent website to be tampered, ensure the safety of website further.
It should be noted that, in this article, the relational terms of such as first and second etc is used merely to separate an entity or operation with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " includes ", " comprising " or its any other variant are intended to comprising of nonexcludability, so that include the process of a series of key element, method, article or equipment not only include those key elements, but also include other key elements being not expressly set out, or also include the key element intrinsic for this process, method, article or equipment.When there is no more restriction, statement " including a 〃 " key element limited, it is not excluded that there is also other same factor in including the process of described key element, method, article or equipment.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can be completed by the hardware that programmed instruction is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program upon execution, performs to include the step of said method embodiment;And aforesaid storage medium includes: in the various media that can store program code such as ROM, RAM, magnetic disc or CD.
Last it should be understood that the foregoing is only presently preferred embodiments of the present invention, it is merely to illustrate technical scheme, is not intended to limit protection scope of the present invention.All make within the spirit and principles in the present invention any amendment, equivalent replacement, improvement etc., be all contained in protection scope of the present invention.

Claims (10)

1. a website preventer, it is characterised in that be applied to local host server, including: unit, recognition unit, strategy generating unit and protective unit are determined in scanning, wherein,
Unit is determined in described scanning, process for scanning the process on local host server, according to scanning, it is determined that the Type of website that this local host server comprises, and determine the configuration that each Type of website is corresponding, and configuration corresponding for each Type of website is sent to described recognition unit;
Described recognition unit, the configuration corresponding for receiving each Type of website that described scanning determines that unit sends, and according to configuration corresponding to each Type of website, identify that the website service installation path of each Type of website, Website page dispose path and website script type;
Described strategy generating unit, disposes path and website script type for the website service installation path identified according to described recognition unit, Website page, generates corresponding prevention policies for each Type of website;
Described protective unit, for the prevention policies generated according to described strategy generating unit, protects each website on local host server.
2. website according to claim 1 preventer, it is characterised in that farther include: unit and snapshot memory element are set, wherein,
Described unit is set, stores catalogue for arranging safety in this local host server;
Described snapshot memory element; for the website script type identified according to described recognition unit; each website script file is done snapshot, and snapshot is encrypted protection, the snapshot after encipherment protection is saved in described setting under the safety storage catalogue that unit is arranged.
3. website according to claim 2 preventer, it is characterised in that farther include:
Unit repaired by script, for when the script file of targeted website is destroyed, utilizing the snapshot that described snapshot memory element stores that the script file of described targeted website is repaired.
4. website according to claim 1 preventer, it is characterised in that described strategy generating unit, including: forced symmetric centralization subelement, wherein,
Described forced symmetric centralization subelement, for carrying out rules of competence configuration to the registry entry of each Type of website each self-corresponding website process, the installation path of procedure site, website script path that procedure site calls and procedure site respectively;
Described protective unit, for receiving the access request of each website, and judges whether the access request of each website meets the rules of competence of described forced symmetric centralization subelement configuration, if it is not, then this access request is intercepted.
5. website according to claim 4 preventer, it is characterised in that
Described forced symmetric centralization subelement, for configuring Do not switch off authority to the process of procedure site;The website script path that installation path and the procedure site of procedure site are called is respectively configured except the process of this procedure site, and the authority that the file under this path is only read by all processes, this catalogue is had all of operating right by the process of procedure site.
6. according to the arbitrary described website preventer of claim 1 to 5, it is characterised in that be applied to any one in IIS, WebSphere, WebLogic, Tomcat and Apache or the multiple Type of website are protected.
7. a website protection method, it is characterised in that be applied to local host server, including:
Process on scanning local host server, the process according to scanning, it is determined that the Type of website that this local host server comprises;
Determine the configuration that each Type of website is corresponding;
According to the configuration that each Type of website is corresponding, identify that the website service installation path of each Type of website, Website page dispose path and website script type;
Dispose path and website script type according to described website service installation path, Website page, generate corresponding prevention policies for each Type of website;
According to described prevention policies, each website on local host server is protected.
8. method according to claim 7, it is characterised in that farther include:
This local host server arranges safety and stores catalogue;
After the website service installation path of described each Type of website of identification, Website page dispose path and website script type; before the described prevention policies generating correspondence for each Type of website; farther include: according to described website script type; each website script file is done snapshot; and snapshot is encrypted protection, the snapshot after encipherment protection is saved under described safety storage catalogue;
Described each website on local host server is protected, including: when the script file of targeted website is destroyed, utilize the snapshot of storage that the script file of described targeted website is repaired.
9. method according to claim 7, it is characterised in that
Described generate corresponding prevention policies for each Type of website, including: respectively the registry entry of each Type of website each self-corresponding website process, the installation path of procedure site, website script path that procedure site calls and procedure site is carried out rules of competence configuration;
Described each website on local host server is protected, including: receive the access request of each website, and judge whether the access request of each website meets the rules of competence of configuration, if it is not, then this access request is intercepted.
10. according to the arbitrary described method of claim 7 to 9, it is characterised in that be applied to any one in IIS, WebSphere, WebLogic, Tomcat and Apache or the multiple Type of website are protected;
The described prevention policies generating correspondence for each Type of website, including: the process of procedure site is configured Do not switch off authority;The website script path that installation path and the procedure site of procedure site are called is respectively configured except the process of this procedure site, and the authority that the file under this path is only read by all processes, this catalogue is had all of operating right by the process of procedure site.
CN201610349519.XA 2016-05-24 2016-05-24 Website protection device and method Pending CN105812393A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610349519.XA CN105812393A (en) 2016-05-24 2016-05-24 Website protection device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610349519.XA CN105812393A (en) 2016-05-24 2016-05-24 Website protection device and method

Publications (1)

Publication Number Publication Date
CN105812393A true CN105812393A (en) 2016-07-27

Family

ID=56452804

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610349519.XA Pending CN105812393A (en) 2016-05-24 2016-05-24 Website protection device and method

Country Status (1)

Country Link
CN (1) CN105812393A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109905396A (en) * 2019-03-11 2019-06-18 北京奇艺世纪科技有限公司 A kind of WebShell file test method, device and electronic equipment
CN110650161A (en) * 2019-10-30 2020-01-03 华南师范大学 Safe website and working method thereof
CN114513468A (en) * 2022-02-14 2022-05-17 中国农业银行股份有限公司 Method, device, equipment, storage medium and product for protecting flow in Sentinel

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882834A (en) * 2011-07-13 2013-01-16 阿里巴巴集团控股有限公司 Access control method and device
CN102904876A (en) * 2012-09-03 2013-01-30 常州嘴馋了信息科技有限公司 Safety protection system of websites
CN103685274A (en) * 2013-12-16 2014-03-26 北京奇虎科技有限公司 Method and device for protecting websites
US20140280988A1 (en) * 2010-09-15 2014-09-18 Oracle International Corporation System and method for parallel multiplexing between servers in a cluster
CN104793957A (en) * 2015-04-30 2015-07-22 浪潮电子信息产业股份有限公司 Method and device for detecting website existing in server and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140280988A1 (en) * 2010-09-15 2014-09-18 Oracle International Corporation System and method for parallel multiplexing between servers in a cluster
CN102882834A (en) * 2011-07-13 2013-01-16 阿里巴巴集团控股有限公司 Access control method and device
CN102904876A (en) * 2012-09-03 2013-01-30 常州嘴馋了信息科技有限公司 Safety protection system of websites
CN103685274A (en) * 2013-12-16 2014-03-26 北京奇虎科技有限公司 Method and device for protecting websites
CN104793957A (en) * 2015-04-30 2015-07-22 浪潮电子信息产业股份有限公司 Method and device for detecting website existing in server and device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109905396A (en) * 2019-03-11 2019-06-18 北京奇艺世纪科技有限公司 A kind of WebShell file test method, device and electronic equipment
CN110650161A (en) * 2019-10-30 2020-01-03 华南师范大学 Safe website and working method thereof
CN110650161B (en) * 2019-10-30 2021-09-24 华南师范大学 Safe website and working method thereof
CN114513468A (en) * 2022-02-14 2022-05-17 中国农业银行股份有限公司 Method, device, equipment, storage medium and product for protecting flow in Sentinel
CN114513468B (en) * 2022-02-14 2024-05-10 中国农业银行股份有限公司 Method, device, equipment, storage medium and product for protecting flow in Sentinel

Similar Documents

Publication Publication Date Title
Ma et al. Cdrep: Automatic repair of cryptographic misuses in android applications
US8225281B1 (en) Automated baseline deployment system
CN107852412B (en) System and method, computer readable medium for phishing and brand protection
CN102999732B (en) Multi-stage domain protection method and system based on information security level identifiers
US20070192630A1 (en) Method and apparatus for securing the privacy of sensitive information in a data-handling system
CN105493470A (en) Dynamic application security verification
CN102739774B (en) Method and system for obtaining evidence under cloud computing environment
CN107766728A (en) Mobile application security managing device, method and mobile operation safety protection system
KR101989581B1 (en) Apparatus and method for verifying file to be transmitted to internal network
US20160171801A1 (en) Apparatus and method for processing a plurality of logging policies
CN105812393A (en) Website protection device and method
CN104537310A (en) Method for managing portable storage device and client terminal
CN101324913B (en) Method and apparatus for protecting computer file
CN107103243B (en) Vulnerability detection method and device
Shahriar et al. OCL fault injection-based detection of LDAP query injection vulnerabilities
Grossman Whitehat website security statistics report
CN112528181B (en) Two-dimensional code management method, device, computer equipment and readable storage medium
CN112579330B (en) Processing method, device and equipment for abnormal data of operating system
CN105809045A (en) Method and device for processing equipment systems during data reset
CN105528263A (en) Method and device for repairing document
CN105550573A (en) Bundled software interception method and apparatus
Jones et al. The 2016 analysis of information remaining on computer hard disks offered for sale on the second hand market in the UAE
KR101763184B1 (en) File recovery method using backup
CN112732676B (en) Block chain-based data migration method, device, equipment and storage medium
KR19990025289A (en) Intentional rogue user detection method and system for protecting certification authority system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160727

RJ01 Rejection of invention patent application after publication