摘要： 随着Internet 的发展，针对www 站点的入侵事件不断发生，现有的防火墙、IDS 等设备都不能有效防止入侵者篡改网站中的网页等文件。文章提出了一种Web 服务器安全机制，保证Web 服务器在任何情况下，都不会将未经签名的文件(如网页、图片)发送到客户端，从而保证网站文件即便被篡改，也不会为客户端获得；同时也可以保障非公开的文件不能被客户端下载得到。该系统还可以及时作出恢复、告警等动作，以应对可能的入侵行为。

关键词: Web 服务器安全；数字签名；DSS；SSL；互联网内容发布与管理系统；SPI

Abstract: With the booming of Internet, intrusions aiming at WWW sites arise continuously. This paper describes a kind of Web server security mechanism. It can prevent unauthenticated files from publishing, whether the Web server is compromised or not. Thus even if the files have been changed illegally, the clients can’t receive them. Also, when facing potential intrusion, it can response in time and try to recover the files that failed in verification.

Key words: Web server security; Digital signature; DSS; SSL; Internet content publishing and managing system (ICPMS); SPI