Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for security protection based on nginx

A security protection and server technology, applied in the field of network security, can solve problems such as high development and maintenance costs, affecting website requests, and inability to do more data association analysis, so as to reduce development and maintenance costs and avoid impact

Active Publication Date: 2019-12-17
深圳市慧择时代科技有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the existing technology, the current request is analyzed by embedding Nginx code, which is actually based on Nginx for embedded secondary development, which will affect the real-time performance of Nginx and cannot do more data correlation analysis; and embedded development will increase request packet inspection The time required for development is extremely high, and a little carelessness will affect the request of the entire website, and the development and maintenance costs are high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for security protection based on nginx
  • Method and device for security protection based on nginx
  • Method and device for security protection based on nginx

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0020] figure 1 It is a flow chart of a method for security protection based on Nginx provided by Embodiment 1 of the present invention. This embodiment is applicable to the situation of security protection based on Nginx logs, and the method can be performed by a device for security protection based on Nginx. The device can be implemented by software and / or hardware, and generally can be integrated into a security analysis server. The method specifically includes the following steps:

[0021] Step 110, obtaining log data of the Nginx server.

[0022] In the data layer, the Nginx server writes the changes of the Nginx process into the log, and synchronizes the newly added log data to the security analysis server in real time. The Nginx server monitors the log changes in real time. When the log changes, that is, when new log data is generated, the log data is sent to the security analysis server in the form of log data stream. After the security analysis server receives the l...

Embodiment 2

[0036] figure 2 It is a flow chart of a method for Nginx-based security protection provided by Embodiment 2 of the present invention. This embodiment has been optimized on the basis of the foregoing embodiments. The method specifically includes the following steps:

[0037] Step 210, obtaining log data of the Nginx server.

[0038] Step 220, acquiring request-related information of the client in the log data.

[0039] Step 230, if the request-related information of the client satisfies the pre-defined prohibition rules, then send a prohibition instruction to the Nginx server to instruct the Nginx server to prohibit the request permission of the client.

[0040]Step 240, after the client's request permission is prohibited for a first preset time, send a release instruction to the Nginx server, so as to release the prohibition of the client's request permission.

[0041] The client may return to normal after a period of time, and there is no longer a threat to the site. At th...

Embodiment 3

[0048] image 3 It is a flow chart of a method for Nginx-based security protection provided by Embodiment 3 of the present invention. This embodiment has been optimized on the basis of the foregoing embodiments. The method specifically includes the following steps:

[0049] Step 310, obtaining log data of the Nginx server.

[0050] Step 320, acquiring request-related information of the client in the log data.

[0051] Step 330, if the request-related information of the client satisfies the pre-defined prohibition rules, send a prohibition instruction to the Nginx server to instruct the Nginx server to prohibit the request permission of the client.

[0052] Step 340, according to the log data, summarize related request information for the same site.

[0053] Wherein, the request related information to the same site includes at least one of the following: within the second preset time, the number of requests to the same site, the request response type to the same site, the req...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention discloses an engine x (Nginx) based method and device for security protection. The method includes: acquiring log data of a Nginx server; acquiring request related information of a client-side in the log data; and if the request related information of the client-side satisfies a predefined prohibition rule, issuing a prohibit instruction to the Nginx server to indicate the Nginx server to prohibit client-side request permission. Without invading the nginx server, the method and device avoid affecting the Nginx server and reduce the development and maintenance costs.

Description

technical field [0001] The embodiment of the present invention relates to network security technology, in particular to a method and device for Nginx-based security protection. Background technique [0002] Nginx (engine x) is a high-performance HTTP and reverse proxy server, as well as an IMAP / POP3 / SMTP server. Nginx was developed by Igor Sysoev for the Rambler.ru site with the second most requests in Russia. It releases the source code in the form of a BSD-like license; it is characterized by less memory and strong concurrency, and has become an important website for domestic and foreign web sites. Choose one. [0003] As Nginx is the first entrance of the website, the security protection based on Nginx is particularly important. Malicious requests and attacks can be detected at the first time, and defenses can be made in time. In the existing technology, the current request is analyzed by embedding Nginx code, which is actually based on Nginx for embedded secondary deve...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/101H04L63/1425
Inventor 蔡柱昌彭思源
Owner 深圳市慧择时代科技有限公司