[go: up one dir, main page]

CN104754044B - For the method and apparatus for the public network service for auditing Web server - Google Patents

For the method and apparatus for the public network service for auditing Web server Download PDF

Info

Publication number
CN104754044B
CN104754044B CN201510122996.8A CN201510122996A CN104754044B CN 104754044 B CN104754044 B CN 104754044B CN 201510122996 A CN201510122996 A CN 201510122996A CN 104754044 B CN104754044 B CN 104754044B
Authority
CN
China
Prior art keywords
file
standard
nonspecific
audited
business
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510122996.8A
Other languages
Chinese (zh)
Other versions
CN104754044A (en
Inventor
李轶夫
李挺
何跃鹰
朱海龙
杨克正
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Computer Network and Information Security Management Center
Original Assignee
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Network and Information Security Management Center filed Critical National Computer Network and Information Security Management Center
Priority to CN201510122996.8A priority Critical patent/CN104754044B/en
Publication of CN104754044A publication Critical patent/CN104754044A/en
Application granted granted Critical
Publication of CN104754044B publication Critical patent/CN104754044B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of method and apparatus for being used to audit the public network service of www server.This method includes:The first HTTP request bag, the nonspecific file that affiliated business is serviced on the public network to be audited that the first HTTP request bag acquisition request is provided by www server are sent to www server;The first http response bag is received from www server, the first http response bag includes the nonspecific file of the business;The nonspecific file of the business is audited according to the default nonspecific file standard of the public network service to be audited, to determine whether include the content for meeting the nonspecific file standard in the nonspecific file of the business;In the case of it is determined that the nonspecific file of the business includes meeting the content of the nonspecific file standard, determine that www server provides the public network service to be audited.Thereby, it is possible to rapidly and accurately grasp erection situation of the strange land www server for public network service.

Description

For the method and apparatus for the public network service for auditing Web server
Technical field
The present invention relates to computer communication field, in particular it relates to a kind of public affairs for being used to audit WWW (WWW) server The method and apparatus for netting service.
Background technology
For www server, it is exposed to the business of public network (being also referred to as " outer net ") (for example, exposed to public network Homepage, forum etc.) threat may be brought to the www server.Therefore, the www server is grasped in time for outer net industry The erection situation of business be it is necessary, so, once there is leak in the service of certain business, it becomes possible to rapidly evaluate by Calamity area, it is easy to adopt remedial measures in time.
At present, it will be appreciated that erection situation of the www server for outer network service, can only be by keeper local direct The www server is logged in, certain order is performed on the www server to check its erection standard.For example, by check into Journey, installation procedure etc..And the erection situation of the www server in strange land is wanted to know about, at present generally using allowing www server institute Keeper on ground fills in form and sends back local method.The method that this keeper by locality fills in form, has very big The drawbacks of:First, keeper may be omitted in form and mismatches the content put, or even situation about conceaing is not excluded in form, Whether the form content that therefore not can determine that to obtain is true;Secondly, if erection content of the www server for outer network service There is variation, then need to rewrite form, if www server quantity is many or it sets up change frequently, local pipe certainly will be expended The substantial amounts of energy of reason person, obtained form are also usually in the state of information delay.At present, can also automatically, soon without one kind Speed, the method for grasping erection situation of the www server in strange land for outer network service exactly.
The content of the invention
It is an object of the invention to provide a kind of method and apparatus for being used to audit the public network service of www server, so as to energy Enough framework situation of the www server for outer network service that be automatic, quickly and accurately grasping strange land.
To achieve these goals, the present invention provides a kind of method for being used to audit the public network service of www server.The party Method includes:The first HTTP (HTTP) request bag is sent to the www server, the first HTTP request bag is used for The nonspecific file that affiliated business is serviced on the public network to be audited that acquisition request is provided by the www server;From institute State www server and receive the first http response bag, the first http response bag includes the nonspecific file of the business;According to institute The default nonspecific file standard for stating the public network service to be audited is audited to the nonspecific file of the business, to determine Whether the content that meets the nonspecific file standard is included in the nonspecific file of the business;It is determined that the business it is non- In the case that specific file includes meeting the content of the nonspecific file standard, determine that the www server provides described in The public network service to be audited.
Preferably, the nonspecific file standard includes the hypertext mark of protocol contents standard and/or the disclosed WWW pages Remember language (HTML) source code field standard;And the default nonspecific file standard pair according to the public network service to be audited The nonspecific file of the business, which carries out examination & verification, to be included:The nonspecific file of the business is entered according to the protocol contents standard Row examination & verification;And/or the nonspecific file of the business is carried out according to the html source code field standard of the disclosed WWW pages Examination & verification.
Preferably, by pattern matching method come according to the html source code field standard of the disclosed WWW pages to described The nonspecific file of business is audited.
Preferably, the business nonspecific file by the examination & verification that is carried out according to the protocol contents standard, and/or By in the case of the examination & verification that is carried out according to the html source code field standard of the disclosed WWW pages, the non-spy of the business Determine file to be confirmed as including the content for meeting the nonspecific file standard;And do not lead in the nonspecific file of the business Cross the examination & verification according to protocol contents standard progress, also not by the html source code field according to the disclosed WWW pages In the case of the examination & verification that standard is carried out, the nonspecific file of the business is confirmed as not including meeting the nonspecific files-designated Accurate content.
Preferably, it is determined that not including the content for meeting the nonspecific file standard in the nonspecific file of the business In the case of, the second HTTP request bag is sent to the www server, the second HTTP request bag is used for acquisition request by described The specific file on the public network service to be audited that www server provides;The 2nd HTTP is received from the www server Response bag, the second http response bag include response file;According to the default specific file of the public network service to be audited Standard is audited to the response file, to determine whether include meeting the specific file standard in the response file Content;In the case of it is determined that the response file includes meeting the content of the specific file standard, the WWW clothes are determined The public network service to be audited described in business device offer;And it is determined that not including meeting the specific file mark in the response file In the case of accurate content, determine that the www server does not provide the public network service to be audited.
Preferably, the html source code field standard of the specific file standard including the private WWW pages and/or uniformly URLs (URL) path criteria;And according to the default specific file standard of the public network service to be audited to institute Stating response file and carrying out examination & verification includes:According to the html source code field standard of the private WWW pages to the response text Part is audited;And/or the response file is audited according to the URL path criterias.
Preferably, by hash algorithm or pattern matching method come the html source code word according to the private WWW pages Segment standard is audited to the response file, and by pattern matching method come according to the URL path criterias to the sound File is answered to be audited.
Preferably, carried out in the response file by the html source code field standard of the private WWW pages In the case of examination & verification, and/or the examination & verification by being carried out according to the URL path criterias, the response file is confirmed as including Meet the content of the specific file standard;And in the response file not by according to the private WWW pages Examination & verification that html source code field standard is carried out, also not by the case of the examination & verification that is carried out according to the URL path criterias, it is described Response file is confirmed as not including the content for meeting the specific file standard.
The present invention also provides a kind of equipment for being used to audit the public network service of www server.The equipment includes:For to institute The device that www server sends the first HTTP request bag is stated, the first HTTP request bag obtains for request The nonspecific file on the business belonging to the service of the public network to be audited provided by the www server is provided;For from described Www server receives the device of the first http response bag, and the first http response bag includes the nonspecific file of the business;With The nonspecific file of the business is examined in the default nonspecific file standard of the public network service to be audited according to Core, to determine whether include the device for meeting the content of the nonspecific file standard in the nonspecific file of the business;With And in the case of it is determined that the nonspecific file of the business includes meeting the content of the nonspecific file standard, really The device of the public network service to be audited described in the fixed www server offer.
Pass through above-mentioned technical proposal, send the public network to be audited of acquisition request to www server and service affiliated business First HTTP request bag of nonspecific file, according to the nonspecific file standard of the public network service to be audited to receive first Content in http response bag is audited (such as by way of matching), judges that the WWW is serviced by the examination & verification situation Whether the service to be audited is set up in device.In this way, it is possible to by the method for remote control obtain in the www server for The erection information of public network service, the generation for situations such as without manually reporting form, avoiding manually reporting by mistake, conceaing, fail to report.Therefore, The method and apparatus of public network service provided by the present invention for auditing www server can automatically, quickly and accurately be grasped different The www server on ground for public network service erection situation, it is easy to operate, save human cost, and greatly improve examination & verification effect Rate.
Other features and advantages of the present invention will be described in detail in subsequent specific embodiment part.
Brief description of the drawings
Accompanying drawing is for providing a further understanding of the present invention, and a part for constitution instruction, with following tool Body embodiment is used to explain the present invention together, but is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the flow for being used to audit the method for the public network service of www server that one embodiment of the present invention provides Schematic diagram;
Fig. 2 is the stream for being used to audit the method for the public network service of www server that another embodiment of the present invention provides Journey schematic diagram;
Fig. 3 is the signal for being used to audit the equipment of the public network service of www server that one embodiment of the present invention provides Figure;And
Fig. 4 is showing for the equipment for being used to audit the public network service of www server that another embodiment of the present invention provides It is intended to.
Embodiment
The embodiment of the present invention is described in detail below in conjunction with accompanying drawing.It should be appreciated that this place is retouched The embodiment stated is merely to illustrate and explain the present invention, and is not intended to limit the invention.
Before the embodiment of the present invention is described in detail, first the implication of some terms to being used in the present invention is entered Row is briefly introduced.In the present invention, nonspecific file refers to that in the case where the business of www server runs well request need not be constructed The file that data just can directly have access to, it is a kind of default document.On the other hand, specific file refers in www server Business run well the lower file that can not directly access to obtain.Although the specific file is exposed on the internet, still General user is not disclosed, unspecific user does not know the existence on this file, it is necessary to by constructing request data The specific file could be accessed, is a kind of non-default file.If conducted interviews to nonspecific file, need to only build common HTTP request (for example, the first HTTP request bag that hereinafter will be mentioned that), and if conducted interviews to specific file, need Build specific HTTP request (for example, the second HTTP request bag that hereinafter will be mentioned that).The specific HTTP request Construction method is described below.
In addition, in the present invention, the business (for example, forum) that www server provides can include multiple services, service point For public network service and Intranet service.Checking method provided by the present invention and equipment are mainly audited to public network service, with Determine whether www server provides certain or some public network services.
It is described in detail below in conjunction with Fig. 1-Fig. 4 according to various embodiments of the invention for auditing www server Public network service method and apparatus.
Fig. 1 is the flow for being used to audit the method for the public network service of www server that one embodiment of the present invention provides Schematic diagram.As shown in figure 1, the method for the public network service of the examination & verification www server may comprise steps of:
First, step S101, the first HTTP request bag is sent to www server, the first HTTP request bag is used to ask The nonspecific file that affiliated business is serviced on the public network to be audited provided by the www server is provided.Specifically, can be with The first HTTP request bag is actively sent to particular end using requesting methods such as post, get, put, head, connect, options Mouth or well known port.
Next, step S102, the first http response bag is received from the www server, wherein, the first http response bag Nonspecific file including the business.
Then, step S103, according to the default nonspecific file standard of the public network service to be audited to the business Nonspecific file is audited, to determine whether include meeting in nonspecific file standard in the nonspecific file of the business Hold.
In the present invention, nonspecific file standard can include the HTML of protocol contents standard and/or the disclosed WWW pages Source code field standard.In this case, according to the default nonspecific file standard of the public network service to be audited to business Nonspecific file, which carries out examination & verification, to be included:The nonspecific file of the business is audited according to protocol contents standard;With/ Or the nonspecific file of the business is audited according to the html source code field standard of the disclosed WWW pages.
, can be by the way that the content of standard and the content to be audited be carried out in the example embodiment of the present invention Match somebody with somebody to realize above-mentioned examination & verification, the match is successful then examination & verification pass through.In the present invention, matching process can include general matching method (example Such as, it is specified that preceding some characters or rear some characters in the content to be audited are consistent with the content of standard, or regulation will be examined As long as the content comprising standard in the content of core), hash algorithm and pattern matching method.It should be noted that every kind of matching The detailed process and principle of method are well known to those skilled in the art, on the other hand, the present invention does not specifically describe herein.
, can be according to general in the case where being audited according to protocol contents standard to the nonspecific file of the business Matching method is matched.Also, in this case, at least one field contents in default HTTP heads field can be made It is the protocol contents standard come for being audited to the nonspecific file of the business.The HTTP heads field can include Head response field, entity head field and general head field, wherein, the field contents of head response field can include but is not limited to It is at least one of lower:Http-version, http-name, status-code, accept-ranges, age, Etag, Last-modified, location, proxy-authenticate, retry-after, server, vary, www- The criteria field content such as authenticate, also including some customized field contents.The field contents of entity head field can It is at least one of following to include but is not limited to:Allow, content-base, content-encoding, content- Language, content-length, content-location, content-MD5, content-range, content- The criteria field content such as type, Etag, expires, last-modified, extension-header.The word of general head field Section content can include but is not limited at least one of following:Cache-control, connection, date, pragma, The field contents such as trailer, transfer-encoding, upgrade, via, warning, refresh, set-cookie.
The nonspecific file of the business is audited in the html source code field standard of the WWW pages disclosed in In the case of, pattern matching method can be used uniformly and matched, the match is successful then examination & verification pass through.Alternatively, it is possible to according to The type of html source code field is matched to choose corresponding matching process, the match is successful then examination & verification pass through.For example, HTML sources The type of code field is broadly divided into standard card cage type and non-standard frame-type., both can be with for the source code field of standard card cage type Matched, can also be matched according to pattern matching method according to general matching method.And for the source code of non-standard frame-type Field, generally use pattern matching method are matched.In addition, in the html source code field standard pair of the WWW pages disclosed in , can be by least one field in default Data HTTP Source code field in the case that the nonspecific file of the business is audited Field contents as the html source code field standard come for being audited to the nonspecific file of the business.It is described The field contents of at least one field in Data HTTP Source code field can include but is not limited at least one of following:input Src in name in field, script field, the src in img fields, the content in meta fields, in a fields Title in name in href, meta field, abbr field, the title in acronym fields, in applet fields Muted in alt in code, area field, audio field, the href in base fields, the dir in bdi fields, bdo words Dir in section, the cite in blockquote fields, the formmethod in button fields, in canvas fields Cite in charoff in height, col field, del field, the open in details fields, in div fields Novalidate in type in align, embed field, form field, the marginheight in frame fields etc..
After examination & verification, it can determine whether include meeting non-spy in the nonspecific file of the business in the following manner Determine the content of file standard:Pass through the examination & verification that is carried out according to protocol contents standard, and/or logical in the nonspecific file of the business In the case of the examination & verification of html source code field standard progress for crossing the WWW pages disclosed in, the nonspecific file of the business It is confirmed as including the content for meeting nonspecific file standard;And the business nonspecific file not by according to agreement Content standard carry out examination & verification, also do not pass through according to disclosed in the WWW pages html source code field standard carry out examination & verification feelings Under condition, the nonspecific file of the business is confirmed as not including the content for meeting nonspecific file standard.
Finally, step S104, it is determined that the nonspecific file of the business includes meeting in nonspecific file standard In the case of appearance, determine that the www server provides the public network service to be audited.
Pass through above-mentioned technical proposal, send the public network to be audited of acquisition request to www server and service affiliated business First HTTP request bag of nonspecific file, according to the nonspecific file standard of the public network service to be audited to receive first Content in http response bag is audited (such as by way of matching), judges that the WWW is serviced by the examination & verification situation Whether the service to be audited is set up in device.In this way, it is possible to by the method for remote control obtain in the www server for The erection information of public network service, the generation for situations such as without manually reporting form, avoiding manually reporting by mistake, conceaing, fail to report.Therefore, The method and apparatus of public network service provided by the present invention for auditing www server can automatically, quickly and accurately be grasped different The www server on ground for public network service erection situation, it is easy to operate, save human cost, and greatly improve examination & verification effect Rate.
, can also be with another reality in order to more accurately and comprehensively grasp the framework situation of public network service in the www server Public network service of the method that the mode of applying provides to the www server is audited.Fig. 2 is that another embodiment of the present invention provides Be used for audit www server public network service method schematic flow sheet.On the basis of the embodiment shown in Fig. 1, In the embodiment shown in figure 2, following steps are added:
Step S105, it is determined that not including the content for meeting nonspecific file standard in the nonspecific file of the business In the case of, the second HTTP request bag is sent to the www server, the second HTTP request bag is taken for acquisition request by the WWW The specific file on the public network service to be audited that business device provides.Specifically, can utilize post, get, put, head, Second HTTP request bag is actively sent to particular port or well known port by the requesting methods such as connect, options.
As described in the aforementioned, it is necessary to build specific HTTP request (that is, above-mentioned second HTTP request bag) could be real Now to the access of specific file.In the present invention, URL path datas content that can be for example based on specific file is described to build Second HTTP request bag, wherein, the URL path datas content can obtain one or more of in the following manner: By largely manually being built to what is applied needed for www server, using caused test file in build process or configuration text Part etc., and by manually summarizing and physical surroundings test simulation.It should be appreciated that above-mentioned the second HTTP request of structure bag What method was merely exemplary, and it is nonrestrictive, and other build the specific HTTP request for being conducted interviews to specific file The mode of bag is applied to the present invention, and is well known to those skilled in the art, on the other hand, the present invention does not go to live in the household of one's in-laws on getting married one by one herein State.
Then, step S106, the second http response bag is received from the www server, the second http response bag includes Response file.The public network service to be audited is provided only in the www server and the public network service to be audited is present In the case of specific file, the response file in the second http response bag is just the specific file of the public network service to be audited.It is no Then, in other cases (for example, www server does not provide the public network service to be audited, although or www server carry For the public network service to be audited, but specific file is not present in the public network service to be audited), in the second http response bag Response file is not the specific file, but other information, such as can be the status information of the www server.
Next, step S107, enters according to the default specific file standard of the public network service to be audited to response file Row examination & verification, to determine whether include the content for meeting specific file standard in response file.
Wherein, specific file standard can include html source code field standard and/or the URL roads of the private WWW pages Footpath standard.Carrying out examination & verification to response file according to the default specific file standard of the public network service to be audited can include:Root Response file is audited according to the html source code field standard of the private WWW pages;And/or according to URL path criterias pair Response file is audited.
, can in the case where being audited according to the html source code field standard of the private WWW pages to response file To be matched using general matching method, hash algorithm or pattern matching method, the match is successful then examination & verification pass through.Also, above Enumerated in the description audited to the html source code field standard of the WWW pages disclosed in the nonspecific file of business One or more of each field contents can also serve as the html source code field standard of the private WWW pages, For being audited to response file.
In the case where being audited according to URL path criterias to response file, pattern matching method progress can be passed through Match somebody with somebody, the match is successful then examination & verification pass through.
After examination & verification, it can determine whether include the public network clothes for conforming to examination & verification in the response file in the following manner The content of the specific file standard of business:In response file by being entered according to the html source code field standard of the private WWW pages In the case of capable examination & verification, and/or the examination & verification by being carried out according to URL path criterias, response file is confirmed as including meeting The content of specific file standard;And do not pass through the html source code field standard according to the private WWW pages in response file The examination & verification of progress, also not by the way that in the case of the examination & verification that is carried out according to URL path criterias, response file is confirmed as not including symbol Close the content of specific file standard.
Next, S108, in the case of it is determined that response file includes meeting the content of specific file standard, it is determined that should Www server provides the public network service to be audited.
Finally, step S109, in the case of it is determined that not including meeting the content of specific file standard in response file, really The fixed www server does not provide the public network service to be audited.
In the preferred embodiment of the present invention, it is determined that not including meeting nonspecific text in the nonspecific file of business In the case of the content of part standard, the specific text of the public network service to be audited of acquisition request is further sent to the www server Second HTTP request bag of part, is audited according to the specific file standard of the public network service to be audited to the response file, And determine whether www server provides the service to be audited according to auditing result.Specific file be present in the service to be audited In the case of, by supplementing the examination & verification carried out according to specific file standard, the examination & verification that the embodiment shown in Fig. 1 provides can be made up Phenomenon is omitted caused by method is possible, so as to more accurately and comprehensively grasp the framework feelings of public network service in www server Condition.
Further, since the process of the second HTTP request bag of structure is more complicated than the process for building the first HTTP request bag, and And the public network service that has and specific file is not present, and therefore, the public network service provided by the present invention for auditing www server Method first sends the first HTTP request bag, and first the nonspecific file of public network service is audited.Once nonspecific file passes through Examination & verification, avoids the need for again the specific text on the public network service to be audited that acquisition request is provided by the www server Part.In such manner, it is possible to avoid building the complex process of the second HTTP request bag, the transmission quantity of data can be also reduced, so that Must audit faster, it is easier, more efficient.
The present invention also provides a kind of equipment for being used to audit the public network service of www server.Fig. 3 is the implementation of the present invention The schematic diagram for being used to audit the equipment of the public network service of www server that mode provides.As shown in figure 3, the equipment can include: For sending the device 10 of the first HTTP request bag to the www server, the first HTTP request bag is used for acquisition request by this The nonspecific file on the business belonging to the service of the public network to be audited that www server provides;For being connect from the www server The device 20 of the first http response bag is received, the first http response bag includes the nonspecific file of the business;Will for basis The default nonspecific file standard of the public network service of examination & verification is audited to the nonspecific file of business, to determine the business Nonspecific file in whether include meet nonspecific file standard content device 30;And for it is determined that the business Nonspecific file include meeting the content of nonspecific file standard in the case of, determine that www server provides what is audited The device 40 of public network service.
Under preferable case, nonspecific file standard can include the HTML of protocol contents standard and/or the disclosed WWW pages Source code field standard.Also, the nonspecific text according to the default nonspecific file standard of the public network service to be audited to business Part, which carries out examination & verification, to be included:The nonspecific file of the business is audited, and/or according to public affairs according to protocol contents standard The html source code field standard for the WWW pages opened is audited to the nonspecific file of the business.
, can be by pattern matching method come the html source code field standard pair of the WWW pages disclosed under preferable case The nonspecific file of the business is audited.
Under preferable case, the business nonspecific file by the examination & verification that is carried out according to protocol contents standard, and/or In the case of the examination & verification carried out by the html source code field standard of the WWW pages disclosed in, the nonspecific text of the business Part is confirmed as including the content for meeting nonspecific file standard;And the business nonspecific file not by according to association Discuss the examination & verification of content standard progress, also not by the examination & verification of the html source code field standard progress of the WWW pages disclosed in In the case of, the nonspecific file of the business is confirmed as not including the content for meeting nonspecific file standard.
In order to more accurately and comprehensively grasp the framework situation in the www server, the service to be audited application also In the case of with specific file, the public network service in www server can also be examined with the equipment of another embodiment Core.Fig. 4 is the schematic diagram for being used to audit the equipment of the public network service of www server that another embodiment of the present invention provides. As shown in figure 4, in addition to said apparatus 10,20,30 and 40, the equipment can also include:For it is determined that the business it is non- In the case of content in specific file not including meeting nonspecific file standard, the second HTTP request is sent to www server The device 50 of bag, the second HTTP request bag acquisition request by the www server provide on the public network service to be audited Specific file;For receiving the device 60 of the second http response bag from www server, the second http response bag includes response text Part;Response file is audited for the default specific file standard according to the public network service to be audited, to determine to respond Whether the device 70 that meets the content of specific file standard is included in file;For it is determined that response file include meeting it is specific In the case of the content of file standard, determine that www server provides the device 80 of the public network service to be audited;And for true In the case of content in provisioning response file not including meeting specific file standard, determine that www server does not provide what is audited The device 90 of public network service.
Under preferable case, specific file standard can include the private WWW pages html source code field standard and/or URL path criterias.Also, carrying out examination & verification to response file according to the default specific file standard of the public network service to be audited can With including:Response file is audited according to the html source code field standard of the private WWW pages;And/or according to URL roads Footpath standard is audited to response file.
, can be by hash algorithm or pattern matching method come the HTML sources according to the private WWW pages under preferable case Code word segment standard is audited to response file, and can be by pattern matching method come literary to response according to URL path criterias Part is audited.
Under preferable case, in response file by being carried out according to the html source code field standard of the private WWW pages In the case of examination & verification, and/or the examination & verification by being carried out according to URL path criterias, response file is confirmed as including meeting specific The content of file standard;And in response file not by being carried out according to the html source code field standard of the private WWW pages Examination & verification, also not by the way that in the case of the examination & verification that is carried out according to URL path criterias, response file is confirmed as not including meeting spy Determine the content of file standard.
Pass through above-mentioned technical proposal, send the public network to be audited of acquisition request to www server and service affiliated business First HTTP request bag of nonspecific file, according to the nonspecific file standard of the public network service to be audited to receive first Content in http response bag is audited (such as by way of matching), judges that the WWW is serviced by the examination & verification situation Whether the service to be audited is set up in device.In this way, it is possible to by the method for remote control obtain in the www server for The erection information of public network service, the generation for situations such as without manually reporting form, avoiding manually reporting by mistake, conceaing, fail to report.Therefore, The method and apparatus of public network service provided by the present invention for auditing www server can automatically, quickly and accurately be grasped different The www server on ground for public network service erection situation, it is easy to operate, save human cost, and greatly improve examination & verification effect Rate.
The preferred embodiment of the present invention is described in detail above in association with accompanying drawing, still, the present invention is not limited to above-mentioned reality The detail in mode is applied, in the range of the technology design of the present invention, a variety of letters can be carried out to technical scheme Monotropic type, these simple variants belong to protection scope of the present invention.
It is further to note that each particular technique feature described in above-mentioned embodiment, in not lance In the case of shield, it can be combined by any suitable means.In order to avoid unnecessary repetition, the present invention to it is various can The combination of energy no longer separately illustrates.
In addition, various embodiments of the present invention can be combined randomly, as long as it is without prejudice to originally The thought of invention, it should equally be considered as content disclosed in this invention.

Claims (16)

1. a kind of method for being used to audit the public network service of world wide web server, this method include:
The first HTTP request bag is sent to the www server, the first HTTP request bag is used to ask The nonspecific file that affiliated business is serviced on the public network to be audited provided by the www server is provided;Wherein, it is described Nonspecific file refers to that request data need not be constructed with regard to the text that can have access in the case where the business of the www server runs well Part;
The first http response bag is received from the www server, the first http response bag includes the nonspecific text of the business Part;
The nonspecific file of the business is carried out according to the default nonspecific file standard of the public network service to be audited Examination & verification, to determine whether include the content for meeting the nonspecific file standard in the nonspecific file of the business;
In the case of it is determined that the nonspecific file of the business includes meeting the content of the nonspecific file standard, it is determined that The public network service to be audited described in the www server offer.
2. according to the method for claim 1, it is characterised in that
The nonspecific file standard includes the HTML HTML of protocol contents standard and/or the disclosed WWW pages Source code field standard;And
The nonspecific file of the business is carried out according to the default nonspecific file standard of the public network service to be audited Examination & verification includes:The nonspecific file of the business is audited according to the protocol contents standard;And/or according to the disclosure The html source code field standards of the WWW pages the nonspecific file of the business is audited.
3. according to the method for claim 2, it is characterised in that
By pattern matching method come according to the html source code field standard of the disclosed WWW pages to the nonspecific of the business File is audited.
4. according to the method for claim 2, it is characterised in that
The business nonspecific file by the examination & verification that is carried out according to the protocol contents standard, and/or by according to institute In the case of the examination & verification of html source code field standard progress for stating the disclosed WWW pages, the nonspecific file of the business is true It is set to the content including meeting the nonspecific file standard;And
The business nonspecific file not by the examination & verification that is carried out according to the protocol contents standard, also not by according to institute In the case of the examination & verification of html source code field standard progress for stating the disclosed WWW pages, the nonspecific file of the business is true Being set to does not include the content for meeting the nonspecific file standard.
5. according to the method described in any claim in claim 1-4, it is characterised in that this method also includes:
In the case of it is determined that not including meeting the content of the nonspecific file standard in the nonspecific file of the business, to The www server sends the second HTTP request bag, and the second HTTP request bag is carried for acquisition request by the www server The specific file on the public network service to be audited supplied;Wherein, the specific file refers in the www server Business needs to construct the file that request data can just have access under running well;
The second http response bag is received from the www server, the second http response bag includes response file;
The response file is audited according to the default specific file standard of the public network service to be audited, to determine Whether the content that meets the specific file standard is included in the response file;
In the case of it is determined that the response file includes meeting the content of the specific file standard, the WWW clothes are determined The public network service to be audited described in business device offer;And
In the case of it is determined that not including meeting the content of the specific file standard in the response file, the WWW is determined Server does not provide the public network service to be audited.
6. according to the method for claim 5, it is characterised in that
The specific file standard includes the html source code field standard and/or URL of the private WWW pages URL path criterias;And
Carrying out examination & verification to the response file according to the default specific file standard of the public network service to be audited includes:Root The response file is audited according to the html source code field standard of the private WWW pages;And/or according to described URL path criterias are audited to the response file.
7. according to the method for claim 6, it is characterised in that
By hash algorithm or pattern matching method come according to the html source code field standard of the private WWW pages to described Response file is audited, and the response file is examined according to the URL path criterias by pattern matching method Core.
8. the method according to claim 6 or 7, it is characterised in that
The response file by the examination & verification that is carried out according to the html source code field standard of the private WWW pages and/ Or in the case of the examination & verification by being carried out according to the URL path criterias, the response file is confirmed as including meeting described The content of specific file standard;And
The response file not by the examination & verification that is carried out according to the html source code field standard of the private WWW pages, Also not by the way that in the case of the examination & verification that is carried out according to the URL path criterias, the response file is confirmed as not including meeting The content of the specific file standard.
9. a kind of equipment for being used to audit the public network service of www server, the equipment include:
For sending the device of the first HTTP request bag, first HTTP request to the www server The nonspecific text that affiliated business is serviced on the public network to be audited provided for acquisition request by the www server is provided Part;Wherein, the nonspecific file refers to that request data need not be constructed just in the case where the business of the www server runs well The file that can be had access to;
For receiving the device of the first http response bag from the www server, the first http response bag includes the business Nonspecific file;
Default nonspecific file standard for the public network service to be audited according to is to the nonspecific file of the business Audited, to determine whether include the dress for meeting the content of the nonspecific file standard in the nonspecific file of the business Put;And
For in the case of it is determined that the nonspecific file of the business includes meeting the content of the nonspecific file standard, The device of the public network service to be audited described in the www server offer is provided.
10. equipment according to claim 9, it is characterised in that
The nonspecific file standard includes the HTML HTML of protocol contents standard and/or the disclosed WWW pages Source code field standard;And
The nonspecific file of the business is carried out according to the default nonspecific file standard of the public network service to be audited Examination & verification includes:The nonspecific file of the business is audited according to the protocol contents standard;And/or according to the disclosure The html source code field standards of the WWW pages the nonspecific file of the business is audited.
11. equipment according to claim 10, it is characterised in that
By pattern matching method come according to the html source code field standard of the disclosed WWW pages to the nonspecific of the business File is audited.
12. equipment according to claim 10, it is characterised in that
The business nonspecific file by the examination & verification that is carried out according to the protocol contents standard, and/or by according to institute In the case of the examination & verification of html source code field standard progress for stating the disclosed WWW pages, the nonspecific file of the business is true It is set to the content including meeting the nonspecific file standard;And
The business nonspecific file not by the examination & verification that is carried out according to the protocol contents standard, also not by according to institute In the case of the examination & verification of html source code field standard progress for stating the disclosed WWW pages, the nonspecific file of the business is true Being set to does not include the content for meeting the nonspecific file standard.
13. according to the equipment described in any claim in claim 9-12, it is characterised in that the equipment also includes:
For it is determined that not including the situation for meeting the content of the nonspecific file standard in the nonspecific file of the business Under, the device of the second HTTP request bag is sent to the www server, the second HTTP request bag is for acquisition request by described The specific file on the public network service to be audited that www server provides;Wherein, the specific file refers to described The business of www server needs to construct the file that request data can just have access under running well;
For receiving the device of the second http response bag from the www server, the second http response bag includes response file;
Default specific file standard for the public network service to be audited according to is audited to the response file, with Determine whether include the device for meeting the content of the specific file standard in the response file;
For in the case of it is determined that the response file includes meeting the content of the specific file standard, it is determined that described The device of the public network service to be audited described in www server offer;And
For it is determined that in the response file not include meet the content of the specific file standard in the case of, it is determined that described Www server does not provide the device of the public network service to be audited.
14. equipment according to claim 13, it is characterised in that
The specific file standard includes the html source code field standard and/or URL of the private WWW pages URL path criterias;And
Carrying out examination & verification to the response file according to the default specific file standard of the public network service to be audited includes:Root The response file is audited according to the html source code field standard of the private WWW pages;And/or according to described URL path criterias are audited to the response file.
15. equipment according to claim 14, it is characterised in that
By hash algorithm or pattern matching method come according to the html source code field standard of the private WWW pages to described Response file is audited, and the response file is examined according to the URL path criterias by pattern matching method Core.
16. the equipment according to claims 14 or 15, it is characterised in that
The response file by the examination & verification that is carried out according to the html source code field standard of the private WWW pages and/ Or in the case of the examination & verification by being carried out according to the URL path criterias, the response file is confirmed as including meeting described The content of specific file standard;And
The response file not by the examination & verification that is carried out according to the html source code field standard of the private WWW pages, Also not by the way that in the case of the examination & verification that is carried out according to the URL path criterias, the response file is confirmed as not including meeting The content of the specific file standard.
CN201510122996.8A 2015-03-20 2015-03-20 For the method and apparatus for the public network service for auditing Web server Active CN104754044B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510122996.8A CN104754044B (en) 2015-03-20 2015-03-20 For the method and apparatus for the public network service for auditing Web server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510122996.8A CN104754044B (en) 2015-03-20 2015-03-20 For the method and apparatus for the public network service for auditing Web server

Publications (2)

Publication Number Publication Date
CN104754044A CN104754044A (en) 2015-07-01
CN104754044B true CN104754044B (en) 2018-01-05

Family

ID=53593131

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510122996.8A Active CN104754044B (en) 2015-03-20 2015-03-20 For the method and apparatus for the public network service for auditing Web server

Country Status (1)

Country Link
CN (1) CN104754044B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102130847A (en) * 2011-02-18 2011-07-20 杭州迪普科技有限公司 Audit method and device of web mails
CN102932209A (en) * 2012-11-20 2013-02-13 无锡城市云计算中心有限公司 Method and device for detecting state of server cluster
CN103297287A (en) * 2012-02-28 2013-09-11 北京百度网讯科技有限公司 Network device and rack position information detection method and system and checking platform
CN103825772A (en) * 2012-11-16 2014-05-28 华为技术有限公司 Method for identifying user click behavior and gateway equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698275B2 (en) * 2004-05-21 2010-04-13 Computer Associates Think, Inc. System and method for providing remediation management

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102130847A (en) * 2011-02-18 2011-07-20 杭州迪普科技有限公司 Audit method and device of web mails
CN103297287A (en) * 2012-02-28 2013-09-11 北京百度网讯科技有限公司 Network device and rack position information detection method and system and checking platform
CN103825772A (en) * 2012-11-16 2014-05-28 华为技术有限公司 Method for identifying user click behavior and gateway equipment
CN102932209A (en) * 2012-11-20 2013-02-13 无锡城市云计算中心有限公司 Method and device for detecting state of server cluster

Also Published As

Publication number Publication date
CN104754044A (en) 2015-07-01

Similar Documents

Publication Publication Date Title
CA2640025C (en) Methods and devices for post processing rendered web pages and handling requests of post processed web pages
CN102682009B (en) Method and system for logging in webpage
CN102480490B (en) Method for preventing CSRF attack and equipment thereof
US8589782B2 (en) System and method for bookmarking and tagging a content item
US8255491B1 (en) Determining a particular type of wireless device to be emulated
US9684628B2 (en) Mechanism for inserting trustworthy parameters into AJAX via server-side proxy
CN107172081B (en) A kind of method and apparatus of data check
US20090100505A1 (en) Third-party-secured zones on web pages
EP1008055A2 (en) Apparatus and method for tracking world wide web browser requests across distinct domains using persistent client-side state
CN103428179B (en) A kind of log in the method for many domain names website, system and device
CN108304207A (en) Mix the resource regeneration method and system of APP application programs
US20110023099A1 (en) User terminal with identity selector and method for identity authentication using identity selector of the same
CN105430102B (en) The integrated approach of the websites SaaS and third party system, system and its apparatus
CN104427627A (en) Test data obtaining method, client and server
CN109428877A (en) A kind of method and apparatus for by user equipment access operation system
US20100095024A1 (en) Mobile sites detection and handling
CN110659301B (en) Method and system for native application content verification
CN107656910A (en) Method and apparatus for generating list
CN108027857B (en) Browser authentication challenge and response system
CN104461537B (en) A kind of multi-service integrated system based on browser kernel
WO2007088785A1 (en) Personal information leakage preventive device and method
CN102946396A (en) User agent device, host web server and user authentication method
CN104754044B (en) For the method and apparatus for the public network service for auditing Web server
US20040267946A1 (en) Server access control
CN107294917A (en) One kind trusts login method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant