A method and system for preventing illegal access to server

Abstract

The invention discloses a method and system for preventing illegal access to a server, wherein the prevention method includes: the client sends the user identification and the resource identification to be requested to the server; The key generates a session ID, and sends the session ID to the client; the client generates the original resource URL to be requested, combines the session ID and the original resource URL into a new URL, and sends an access request to the server based on the new URL; the server judges the new Whether there is a session ID in the URL, if not, the access is rejected; if so, it is judged whether the session ID in the new URL is consistent with the generated session ID, and if not, the access is rejected. The invention can prevent the behavior of illegally accessing the server, thereby avoiding information leakage and the failure of the server to serve normal users; the method has a wide range of applications, and is especially suitable for the behavior of swiping the back-end interface with scattered IPs and unfixed requests.

Description

technical field [0001] The invention belongs to the communication field, in particular to a method and system for preventing illegal access to a server. Background technique [0002] At present, most of the interactive interfaces between the client and the server are implemented through http, wherein the server provides external access interfaces, and these interfaces provide standard http services. [0003] In the prior art, the process of interaction between the client and the server is as follows: [0004] First, the client generates a resource URL (Uniform Resource Locator, Uniform Resource Locator) to be requested, and sends an http request to the server. [0005] Then, the server receives the request and returns the access result to the client. [0006] Finally, the client parses the access result returned by the server and processes the corresponding business logic. [0007] During the above interaction process, if a malicious client modifies the URL or its paramet...

AI Technical Summary

Problems solved by technology

[0007] In the above interaction process, if a malicious client modifies the URL or its parameters, initiates a malicious request, or a malicious client simulates a normal user to initiate a request, there is a risk of information leakage

In addition, if malicious clients continue to initiate requests, the server will reject normal client requests due to insufficient resources, resulting in the client being unable to obtain the required data, so the server cannot serve normal users

[0008] In order to solve the above problems, the existing method is generally to limit the IP and UserAgent of the client that initiates the request, such as limiting the number of requests that a single IP can initiate within a fixed period of time, or by analyzing the behavior of the IP, put the suspicious IP into Blacklist, IPs in the blacklist are not allowed to make requests

However, this method cannot prevent the behavior of accessing the server by brushing the backend interface with scattered IPs and unfixed requests.