背景与遇到的问题例如： 1、虽然访问地址正常，但不断变化User-Agent。 2、大量访问某一些特殊的地址</p

<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="22

<a class="user-mention notranslate" data-hovercard-type="user" data-hover

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

[suggestion] Is it possible to implement interception based on behavioral characteristics? about safeline HOT 8 OPEN

Ascetic2023 commented on August 18, 2024

[suggestion] Is it possible to implement interception based on behavioral characteristics?

from safeline.

Comments (8)

Lvshujun0918 commented on August 18, 2024

根据地址,用黑名单拦截一下,或者把人机验证打开.

from safeline.

Ascetic2023 commented on August 18, 2024

这些地址偶尔访问是正常的，但是持续大量访问（对方有控制频率）就是恶意抓取了。

from safeline.

Lvshujun0918 commented on August 18, 2024

那可以用人机验证啊。精准的控制频率似乎无法实现。

from safeline.

Ascetic2023 commented on August 18, 2024

那不能一访问就出现人机验证吧，那对正常用户影响有点大。

我们现在频率限制是基于地址的吧 ,如果增加定义一个规则，符合条件才进入频率计算，可以吗？

from safeline.

binaryYuki commented on August 18, 2024

#852 提出的 ja3指纹似乎可以比较好的解决这个问题
cc @Lorna0

from safeline.

Ascetic2023 commented on August 18, 2024

好像是，这个有推进了吗

from safeline.

Lorna0 commented on August 18, 2024

@Ascetic2023
那不能一访问就出现人机验证吧，那对正常用户影响有点大。

我们现在频率限制是基于地址的吧 ,如果增加定义一个规则，符合条件才进入频率计算，可以吗？

频率限制不会一访问就人机的。只要在限频 “限制结果” 里选 “人机验证” 就可以了。直接配自定义规则才会一访问就人机。

1、虽然访问地址正常，但不断变化User-Agent。

这种得缓存一段时间的所有请求的 UA，持续进行对比，变化超过阈值之后拦截。开发成本和性能压力都会比较高。看看大家啥意见。

2、大量访问某一些特殊的地址

这个跟下面这两个反馈相似，建议集中到已有 issue 中点赞讨论：

#209
#654

from safeline.

Ascetic2023 commented on August 18, 2024

@Lorna0 感谢回复。如果能做到基于自定义规则进行频率限制检查，然后进行策略选择，应该能解决此问题场景。

from safeline.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.

Comments (8)

Related Issues (20)

Recommend Projects

Recommend Topics

Recommend Org