Webshell interception detection method, device and equipment and readable storage medium

The invention discloses a webshell interception detection method, device and equipment and a readable storage medium, and the method comprises the steps: screening a ciphertext file, a confusion fileand a plaintext file from network flow through a Web application firewall; detecting the plaintext file, and screening out a webshell file from the plaintext file by utilizing a detection result; performing dynamic scheduling test on the ciphertext file, the obfuscated file and the webshell file to obtain an executable malicious file; and intercepting malicious files. According to the method, theWeb application firewall performs layer-by-layer screening on the files in the network flow, and finally the files subjected to the dynamic scheduling test are only suspicious files in the network flow, so that the detection efficiency of the webshell file can be effectively improved. 本发明公开了一种webshell拦截检测方法、装置、设备及可读存储介质，该方法包括：Web应用防火墙从网络流量中，筛选出密文文件、混淆文件和明文文件；对明文文件进行检测，并利用检测结果从明文文件中筛选出webshell文件；对密文文件、混淆文件和webshell文件进行动态调度测