Shulou(Shulou.com)05/31 Report--

Open source WEB application firewall jxwaf how to use, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Jxwaf

Jxwaf (Jinyi Shield) is a next-generation web application firewall developed based on openresty (nginx+lua). The original business logic protection engine and machine learning engine can effectively protect against business security risks and solve the pain points where traditional WAF cannot protect business security. The built-in semantic analysis engine combined with machine learning engine can avoid the problem of slow speed caused by too many traditional WAF rules, and enhance the accuracy of detection (low false positives, low false positives).

Feature function

Basic attack protection

SQL injection attack

XSS attack

Directory traversal vulnerability

Command injection attack

WebShell upload protection

Scanner attacks, etc.

Machine learning

Support vector machine (SVM)

Semantic analysis

Semantic Analysis of SQL injection

Semantic Analysis of XSS attack

Business logic loophole protection

Registration protection

Landing protection

Movable anti-brush

SMS bomb protection

Ultra vires loophole protection

SMS CAPTCHA check, bypass protection, etc.

Advanced CC attack Protection

Different protection variables can be set separately for different URL and request parameters.

Man-machine identification

Cookie security protection

Encryption protection of front-end parameters

Support AES encryption and decryption

Support DES encryption and decryption

Support RSA encryption and decryption

Transparent deployment of OTP function

Can provide dynamic password (OTP) function to background management system and website users.

Detect caching function

Perform MD5 cache for requests that have passed WAF detection to improve detection efficiency

Support protocol

HTTP/HTTPS

Performance & reliability

Millisecond response, request processing time less than one millisecond

Support active and standby deployment to avoid a single point of failure

Support cluster reverse proxy mode deployment, which can handle large data traffic

Support embedded deployment without changing the original network topology

Support for cloud model deployment

Management function

Basic configuration

Rule configuration

Report display

Alarm configuration

Architecture architecture

Jxwaf is composed of jxwaf and jxwaf management center:

Jxwaf: development based on openresty (nginx+lua)

Jxwaf Management Center: http://www.jxwaf.com

Environment environment

Jxwaf

Centos 7

Openresty 1.11.2.4

Install installation

Download the code to the / tmp directory, run the jxwaf_install.sh file, and jxwaf will be installed in the / opt/jxwaf directory, as follows:

$cd / tmp

$git clone https://github.com/jx-sec/jxwaf.git

$cd jxwaf

$sh install_waf.sh

After installation, the following shows that the installation is successful

Nginx: the configuration file / opt/jxwaf/nginx/conf/nginx.conf syntax is ok

Nginx: configuration file / opt/jxwaf/nginx/conf/nginx.conf test is successful

Visit http://www.jxwaf.com and register your account, go to WAF Rule Management-> View official Rule Group page to load rules according to your own needs, and then get "WAFAPIKEY" from WAF Rule configuration-> WAF Global configuration page.

Change "waf_api_key" in / opt/jxwaf/nginx/conf/jxwaf/jxwafconfig.json to "WAF_API_KEY" of your own account.

$/ opt/jxwaf/nginx/sbin/nginx starting openresty,openresty will automatically pull the latest rules of user configuration from jxwaf Management Center when starting or reload

Docs document

Instructions for using JXWAF

Implementation of Business Security Protection based on Openresty

Transparent deployment of dynamic password function based on Openresty

Cookie Security Protection of WAF Development

Contributor contributor

Chenjc Security engineer

Jiongrizi front-end development engineer

BUG&Requirement BUG& requirements

Github submits BUG questions or requirements

QQ group 730947092

Mailbox jx-sec@outlook.com

Other other

At present, the open source version can be used normally, and the basic functions and official basic rules are tested, which can meet the basic protection needs of small and medium-sized enterprises.

However, all the features have not been launched yet, and some features have not been migrated from the offline version to the open source version. Now they are only available for basic attack protection, Cookie security protection and semantic analysis. Other functions will come online one after another, and the progress depends on the time that can be deducted from a certain front end, which is expected to be completed by the end of the year.

The above are the functions of inventory. Here are some To do:

Through rule configuration, machine learning data cleaning, feature acquisition and model training are realized. To put it simply, it is a lightweight machine learning training-application platform. Users only need to pay attention to the core feature acquisition, and other "swearing work" is solved by the platform to reduce the threshold of machine learning application. At present, the core functions have been developed and integrated with other existing functions.

Development of semantic analysis libraries such as command execution and code execution

The official rules are perfect

Third-party security application interface integration

Development of business security protection scenario

The report form alarm function is perfect

Cloud WAF system development

Github address: https://github.com/jx-sec/jxwaf

JXWAF Management Center: http://www.jxwaf.com/

This project has been developed for almost a year since it was first conceived. At the beginning of this project, because after the deep use of Modsecurity, I found that there were too many Hold holes, so I could only develop WAF as soon as I infiltrated, and then because of occupational diseases, I paid special attention to some places that were easy to be bypassed when writing, specifically reflected in all aspects of the code, which can be regarded as one of the advantages of this WAF.

Next, let's talk about performance. The result of the current test is within 1ms, and the processing time of the core module is about 0.001ms. Thanks to luajit technology, adding rules has little impact. Concurrently, the test of a single 2G-1-core virtual machine is about 5000. I have no resources. I am interested in testing the performance of the configured physical machine. It should be no problem to reach more than 10K. According to the previous experience of using Modsecurity, those with less than 100 million PVs a day do not have to consider any performance problems, and if there is no "rich man's life", there is no need to consider "rich man's disease". As for the case of large concurrent traffic, you can go to the cluster or self-research.

Briefly summarize the target users:

A person's Department of Security / Department of Security without a budget

Companies with WAF needs, no WAF budget, no security staff

Apply the secondary verification function to the intranet / online

There is a need for machine learning protection.

Need for business security protection

The box WAF can't handle it. I don't want to go to the cloud / can't do it.

Companies with highly customized rules / functional requirements

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.