HTTP flood attacks mimicking normal access behavior are difficult to discovered, it consumes web server's resources and brings hidden danger on information security, a method of proactive defense against HTTP floods is provided. Rewrite URL to record Cookield and Sessionld of HTTP requests into Web log; analysis Web log at regular time, identify user according Cookield and Sessionld, indentify puppet computers using request time characteristic; process HTTP requests in advance to keep out the requests from the puppet computers. This method is low cost and easy to implement, practice proved its validity.%模仿正常访问行为的HTTP泛洪攻击较为隐蔽,在消耗网站服务器资源的同时还带来信息安全隐患,提出了一种主动防御方法.用URL重写的方法使Web日志记录HTTP请求的CookieId和SessionId;定时分析Web日志,利用CookieId和SessionID识别用户,根据请求时间特征来识别傀儡主机;对HTTP请求进行预处理,拦截傀儡主机的请求.该方法成本低、便于实施,实践证明了其有效性.
展开▼
