In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Preface
In order to intercept most of the requests, the verification code is introduced at the front end of the second kill case. Many people on Taobao complain that when the input of flash sale activity is over, yes, it is over. Of course, the real function of CAPTCHA is to effectively intercept the operation of brushing and let econnoisseur go home empty-handed.
Verification code
So what exactly is a CAPTCHA? As a means of man-machine identification, the ultimate goal of CAPTCHA is to distinguish the operation of normal people and machines. Our common Internet registration, login, posting, getting coupons, voting and other application scenarios all have the risk of all kinds of losses caused by machine brushing.
At present, most of the common forms of CAPTCHA are picture CAPTCHA, that is, traditional character CAPTCHA in the form of numbers, letters, text, picture objects and so on. This kind of CAPTCHA seems simple and easy to operate, but the actual user experience is poor (see 12306 website), and with the use of OCR technology and coding platform, images are relatively easy to crack.
Here we use Tencent's intelligent man-machine security verification code to bid farewell to the single point of defense of the traditional verification code, and ten security fences to create a three-dimensional and comprehensive security verification to shut out the underground industry.
Scene
Let's take a look at which scenario security problems can be easily solved by CAPTCHA:
Log in and register, protect you from hitting the library, stop the batch registration activities of the registration machine, effectively intercept the operation of brushing, let econnoisseur return and send likes and posts empty-handed, effectively solve the problems of advertising slaughtering, malicious irrigation and ticket brushing, data protection, prevent automata and crawlers from stealing web content and data applications
Application address: https://007.qq.com/product.html
Online experience: https://007.qq.com/online.html
As long as a QQ can be applied for free, for general corporate OA systems or personal blog sites, the CAPTCHA free package is enough, with the following features:
2000 times / hour security protection support verification-free + hierarchical verification three-minute fast access full-feature configuration background support HTTPS threshold traffic without advertising
2000 times per hour of security protection, generally rarely achieve such an effect, of course, immediately exceed the threshold, at most is only multiple advertisements.
Access
Fast read access: https://007.qq.com/quick-start.html
Access and help provides a variety of client-side and server-side access cases, where we use the Java language that we are most familiar with in the second-kill case.
Front end
Introduce JS:
Page elements:
Verification
JS callback:
Window.callback = function (res) {console.log (res) / / res (failed verification) = {ret: 1, ticket: null} / / res (verification succeeded) = {ret: 0, ticket: "String", randstr: "String"} if (res.ret = 0) {startSeckill (res)}} / / background verification ticket And enter the second kill queue function startSeckill (res) {$.ajax ({url: "startSeckill", type: 'post', data: {' ticket': res.ticket,'randstr':res.randstr}, success: function (result) {/ / verify whether it is passed, prompt the user}}) } backend @ Api (tags = "second kill merchandise") @ RestController@RequestMapping ("/ seckillPage") public class SeckillPageController {@ Autowired private ActiveMQSender activeMQSender; / / Custom tool class @ Autowired private HttpClient httpClient; / / here self-configuration parameter @ Value ("${qq.captcha.url}") private String url; @ Value ("${qq.captcha.aid}") private String aid @ Value ("${qq.captcha.AppSecretKey}") private String appSecretKey; @ RequestMapping ("/ startSeckill") public Result startSeckill (String ticket,String randstr,HttpServletRequest request) {HttpMethod method = HttpMethod.POST; MultiValueMap params= new LinkedMultiValueMap (); params.add ("aid", aid); params.add ("AppSecretKey", appSecretKey); params.add ("Ticket", ticket); params.add ("Randstr", randstr) Params.add ("UserIP", IPUtils.getIpAddr (request)); String msg = httpClient.client (url,method,params) / * response: 1: verification succeeded, 0: verification failed, 100:AppSecretKey parameter verification error [required] * evil_level: [0100] Malicious level [optional] * err_msg: verify error message [optional] * / / {"response": "1", "evil_level": "0", "err_msg": "OK"} JSONObject json = JSONObject.parseObject (msg) String response = (String) json.get ("response"); if ("1" .equals (response)) {/ / enter the queue, fake data only Destination destination = new ActiveMQQueue ("seckill.queue"); activeMQSender.sendChannelMess (destination,1000+ ";" + 1); return Result.ok ();} else {return Result.error ("Verification failure") }}}
Custom request tool class HttpClient:
@ Servicepublic class HttpClient {public String client (String url, HttpMethod method, MultiValueMap params) {RestTemplate client = new RestTemplate (); HttpHeaders headers = new HttpHeaders (); / / do not easily change this submission method. In most cases, the submission method is form submission headers.setContentType (MediaType.APPLICATION_FORM_URLENCODED); HttpEntity requestEntity = new HttpEntity (params, headers) / / execute HTTP request ResponseEntity response = client.exchange (url, HttpMethod.POST, requestEntity, String.class); return response.getBody ();}}
Get the IP address utility class IPUtils:
/ * IP address * / public class IPUtils {private static Logger logger = LoggerFactory.getLogger (IPUtils.class) / * * obtain IP address * using reverse proxy software such as Nginx, you cannot obtain IP address through request.getRemoteAddr () * if multi-level reverse proxy is used, the value of X-Forwarded-For is not one, but a string of IP addresses, the first valid IP string in X-Forwarded-For that is not unknown Is the real IP address * / public static String getIpAddr (HttpServletRequest request) {String ip = null Try {ip = request.getHeader ("x-forwarded-for"); if (StringUtils.isEmpty (ip) | | "unknown" .equals IgnoreCase (ip)) {ip = request.getHeader ("Proxy-Client-IP") } if (StringUtils.isEmpty (ip) | | ip.length () = = 0 | | "unknown" .equalsIgnoreCase (ip)) {ip = request.getHeader ("WL-Proxy-Client-IP");} if (StringUtils.isEmpty (ip) | | "unknown" .equalsIgnoreCase (ip)) {ip = request.getHeader ("HTTP_CLIENT_IP") } if (StringUtils.isEmpty (ip) | | "unknown" .equalsIgnoreCase (ip)) {ip = request.getHeader ("HTTP_X_FORWARDED_FOR");} if (StringUtils.isEmpty (ip) | | "unknown" .equalsIgnoreCase (ip)) {ip = request.getRemoteAddr () }} catch (Exception e) {logger.error ("IPUtils ERROR", e) } / / using proxy, get the first IP address if (StringUtils.isEmpty (ip) & & ip.length () > 15) {if (ip.indexOf (",") > 0) {ip = ip.substring (0, ip.indexOf (","));}} return ip;}} case effect diagram
Start project access: http://localhost:8080/seckill/1000.shtml
Custom access
When logging in to the system, we need to verify the user name and password first, and then call the CAPTCHA operation. Here we need to customize the access.
Login to login: function () {/ / verify the username and password / / generate a CAPTCHA object var captcha = new TencentCaptcha ('2001344788verification, function (res) {if (res.ret = 0) {/ / callback successful var data = {' username':username,'password':password,'ticket':res.ticket) 'randstr':res.randstr} $.ajax ({type: "POST", url: "sys/loginCaptcha", data: data, dataType: "json", success: function (result) {/ / verify whether success}}) }}); captcha.show (); / / display verification code}, backend monitoring
Tencent backend also provides simple and practical data monitoring, as follows:
Summary
Generally speaking, it is very convenient for the system to access the man-machine verification code, and there is no technical difficulty, the difficulty has been encapsulated by the provider, we only need a simple call.
Second kill case: https://gitee.com/52itstyle/spring-boot-seckill
Demo case (click the generate button): http://jichou.52itstyle.com
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.