In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)05/31 Report--
Open source WEB application firewall jxwaf how to use, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.
Jxwaf
Jxwaf (Jinyi Shield) is a next-generation web application firewall developed based on openresty (nginx+lua). The original business logic protection engine and machine learning engine can effectively protect against business security risks and solve the pain points where traditional WAF cannot protect business security. The built-in semantic analysis engine combined with machine learning engine can avoid the problem of slow speed caused by too many traditional WAF rules, and enhance the accuracy of detection (low false positives, low false positives).
Feature function
Basic attack protection
SQL injection attack
XSS attack
Directory traversal vulnerability
Command injection attack
WebShell upload protection
Scanner attacks, etc.
Machine learning
Support vector machine (SVM)
Semantic analysis
Semantic Analysis of SQL injection
Semantic Analysis of XSS attack
Business logic loophole protection
Registration protection
Landing protection
Movable anti-brush
SMS bomb protection
Ultra vires loophole protection
SMS CAPTCHA check, bypass protection, etc.
Advanced CC attack Protection
Different protection variables can be set separately for different URL and request parameters.
Man-machine identification
Cookie security protection
Encryption protection of front-end parameters
Support AES encryption and decryption
Support DES encryption and decryption
Support RSA encryption and decryption
Transparent deployment of OTP function
Can provide dynamic password (OTP) function to background management system and website users.
Detect caching function
Perform MD5 cache for requests that have passed WAF detection to improve detection efficiency
Support protocol
HTTP/HTTPS
Performance & reliability
Millisecond response, request processing time less than one millisecond
Support active and standby deployment to avoid a single point of failure
Support cluster reverse proxy mode deployment, which can handle large data traffic
Support embedded deployment without changing the original network topology
Support for cloud model deployment
Management function
Basic configuration
Rule configuration
Report display
Alarm configuration
Architecture architecture
Jxwaf is composed of jxwaf and jxwaf management center:
Jxwaf: development based on openresty (nginx+lua)
Jxwaf Management Center: http://www.jxwaf.com
Environment environment
Jxwaf
Centos 7
Openresty 1.11.2.4
Install installation
Download the code to the / tmp directory, run the jxwaf_install.sh file, and jxwaf will be installed in the / opt/jxwaf directory, as follows:
$cd / tmp
$git clone https://github.com/jx-sec/jxwaf.git
$cd jxwaf
$sh install_waf.sh
After installation, the following shows that the installation is successful
Nginx: the configuration file / opt/jxwaf/nginx/conf/nginx.conf syntax is ok
Nginx: configuration file / opt/jxwaf/nginx/conf/nginx.conf test is successful
Visit http://www.jxwaf.com and register your account, go to WAF Rule Management-> View official Rule Group page to load rules according to your own needs, and then get "WAFAPIKEY" from WAF Rule configuration-> WAF Global configuration page.
Change "waf_api_key" in / opt/jxwaf/nginx/conf/jxwaf/jxwafconfig.json to "WAF_API_KEY" of your own account.
$/ opt/jxwaf/nginx/sbin/nginx starting openresty,openresty will automatically pull the latest rules of user configuration from jxwaf Management Center when starting or reload
Docs document
Instructions for using JXWAF
Implementation of Business Security Protection based on Openresty
Transparent deployment of dynamic password function based on Openresty
Cookie Security Protection of WAF Development
Contributor contributor
Chenjc Security engineer
Jiongrizi front-end development engineer
BUG&Requirement BUG& requirements
Github submits BUG questions or requirements
QQ group 730947092
Mailbox jx-sec@outlook.com
Other other
At present, the open source version can be used normally, and the basic functions and official basic rules are tested, which can meet the basic protection needs of small and medium-sized enterprises.
However, all the features have not been launched yet, and some features have not been migrated from the offline version to the open source version. Now they are only available for basic attack protection, Cookie security protection and semantic analysis. Other functions will come online one after another, and the progress depends on the time that can be deducted from a certain front end, which is expected to be completed by the end of the year.
The above are the functions of inventory. Here are some To do:
Through rule configuration, machine learning data cleaning, feature acquisition and model training are realized. To put it simply, it is a lightweight machine learning training-application platform. Users only need to pay attention to the core feature acquisition, and other "swearing work" is solved by the platform to reduce the threshold of machine learning application. At present, the core functions have been developed and integrated with other existing functions.
Development of semantic analysis libraries such as command execution and code execution
The official rules are perfect
Third-party security application interface integration
Development of business security protection scenario
The report form alarm function is perfect
Cloud WAF system development
Github address: https://github.com/jx-sec/jxwaf
JXWAF Management Center: http://www.jxwaf.com/
This project has been developed for almost a year since it was first conceived. At the beginning of this project, because after the deep use of Modsecurity, I found that there were too many Hold holes, so I could only develop WAF as soon as I infiltrated, and then because of occupational diseases, I paid special attention to some places that were easy to be bypassed when writing, specifically reflected in all aspects of the code, which can be regarded as one of the advantages of this WAF.
Next, let's talk about performance. The result of the current test is within 1ms, and the processing time of the core module is about 0.001ms. Thanks to luajit technology, adding rules has little impact. Concurrently, the test of a single 2G-1-core virtual machine is about 5000. I have no resources. I am interested in testing the performance of the configured physical machine. It should be no problem to reach more than 10K. According to the previous experience of using Modsecurity, those with less than 100 million PVs a day do not have to consider any performance problems, and if there is no "rich man's life", there is no need to consider "rich man's disease". As for the case of large concurrent traffic, you can go to the cluster or self-research.
Briefly summarize the target users:
A person's Department of Security / Department of Security without a budget
Companies with WAF needs, no WAF budget, no security staff
Apply the secondary verification function to the intranet / online
There is a need for machine learning protection.
Need for business security protection
The box WAF can't handle it. I don't want to go to the cloud / can't do it.
Companies with highly customized rules / functional requirements
Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.