A method and system for preventing illegal access to server

Abstract

The invention discloses a method and a system for preventing illegal access to a server, wherein the method comprises: A. the client generates an original resource URL to be requested; B. the client obtains a session identifier; C. the client converts the session identifier and the original resource URL Combined into a new URL; D. The client sends an access request to the server based on the new URL; E. The server determines whether the new URL has a session identifier, if not, the server rejects the access; if so, execute step F; F. It is judged whether the session ID in the new URL is consistent with the session ID stored in the server in advance, if not, it is judged that the access request is an illegal access request, and the server rejects the access. The present invention can identify whether the access request is legal, prevent the behavior of illegally accessing the server, thereby avoiding information leakage and the server being unable to serve normal users; the method has a wide range of applications, and is especially suitable for the behavior of swiping the back-end interface with scattered IP and irregular requests.

Description

technical field [0001] The invention belongs to the communication field, in particular to a method and system for preventing illegal access to a server. Background technique [0002] At present, most of the interactive interfaces between the client and the server are implemented through http, wherein the server provides external access interfaces, and these interfaces provide standard http services. [0003] In the prior art, the process of interaction between the client and the server is as follows: [0004] First, the client generates a resource URL (Uniform Resource Locator, Uniform Resource Locator) to be requested, and sends an http request to the server. [0005] Then, the server receives the request and returns the access result to the client. [0006] Finally, the client parses the access result returned by the server and processes the corresponding business logic. [0007] During the above interaction process, if a malicious client modifies the URL or its paramet...

AI Technical Summary

Problems solved by technology

[0007] In the above interaction process, if a malicious client modifies the URL or its parameters, initiates a malicious request, or a malicious client simulates a normal user to initiate a request, there is a risk of information leakage

In addition, if malicious clients continue to initiate requests, the server will reject normal client requests due to insufficient resources, resulting in the client being unable to obtain the required data, so the server cannot serve normal users

[0008] In order to solve the above problems, the existing method is generally to limit the IP and UserAgent of the client that initiates the request, such as limiting the number of requests that a single IP can initiate within a fixed period of time, or by analyzing the behavior of the IP, put the suspicious IP into Blacklist, IPs in the blacklist are not allowed to make requests

However, this method cannot prevent the behavior of accessing the server by brushing the backend interface with scattered IPs and unfixed requests.