Shulou(Shulou.com)06/01 Report--

WAE:Web application protection system (also known as website application-level defense system)

The difference between WAF and firewall:

As an access control device, the network firewall mainly works in the third and fourth layers of the OSI model and detects based on IP messages. Just limit the port.

Block the TCP protocol. Its product design does not need to understand HTTP sessions, which determines that it is impossible to understand Web application languages such as HTML and SQL. Therefore, it is not possible to perform input validation or * rule analysis of HTTP communications.

Most of the malicious * * against Web websites will be encapsulated as HTTP requests and can be successfully detected by the firewall from port 80 or port 443.

According to TCP session abnormality and * * characteristics to prevent network layer * *, we can also determine whether * is hidden in multiple packets through IP split and combination, but fundamentally speaking, he still can not understand HTTP session, and it is difficult to deal with application layers such as SQL injection, cross-site scripting, cookie theft, web page tampering and so on.

Web application firewall can understand and analyze HTTP sessions in the application layer, so it can effectively prevent all kinds of application layer. At the same time, it is downwards compatible and has the function of network firewall.

The working process of WAF:

Resolve HTTP requests = = "matching rules = =" defensive actions = = "logging

The specific implementation is as follows:

1. Parsing http request: protocol parsing module

two。 Matching rules: rule detection module, matching rule base

3. Defensive action: return 403 or jump to the custom interface

4. Logging: recording to elk

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.