Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to add a soft WAF for Nginx using deep learning". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to add a soft WAF that uses deep learning for Nginx".

I. Preface

This article introduces how to add a soft WAF module using Tensorflow C library to Nginx, whose main body is based on Naxsi.

2. Obtaining data and training data

Here, Dalao has previously published such an article: SQL injection detection based on convolution neural network.

This is an open source project, but due to speed, I do not intend to use the model of this article, but only the dataset used in this article. This can save a lot of time in feature engineering.

Data training is not the focus of this article, here only talk about the training results, here in order to prevent the impact of the CUDA cycle on the detection time, use CPU to run the reasoning process.

Third, use Tensorflow C library to do reasoning.

Our goal is to add a soft WAF module to Nginx that uses the Tensorflow C library. If you write a soft WAF from scratch, it must take up a lot of time, and this deviates from the theme of this article.

Among Nginx's open source soft WAF modules, Naxsi is a very popular module. This module uses C as the main development language, so if we want to add a reasoning process based on this module, we will probably need to join the Tensorflow C library. So, the first thing you should do is try to use the Tensorflow C library for single reasoning and do a good module test.

The Main file is as follows:

After the compilation is complete, you can run the data. Here, in order to save space, just test one.

It can be seen that this part of the code is working properly.

4. Add code to Naxsi

First, recall some of the principles of Nginx. Nginx uses fork at run time to create a master process and several worker processes, and the worker process is the process that actually processes the data. The initialization function of each module is actually completed by the initialization process. After that, if daemon is configured, the initialization process automatically exits.

At the same time, for ease of understanding, we can split the reasoning process into several parts:

1. Initialization model

two。 Convert the input to a format recognized by Tensorflow

3. Run the model to get the results

Among them, step 1 needs to be run only once, and step 2 and 3 need to be done each time the module is run.

I don't understand Nginx very well, DaLao tap.

Since the worker process is generated by fork, it is virtually impossible to use the model generated by the initialization process, so each worker process needs to initialize its own model-related resources once. Therefore, the newly added function should look something like this:

Here, I'm just checking for injection requests within uri, and the detection code for other parts should be very similar, so I won't repeat it here.

Because tf_model is automatically loaded the first time the module is called, each worker process on this server may stutter a bit when it receives data for the first time.

Fifth, compile and run

Copy the code of Naxsi and Nginx to the compilation server at the same time, and then include the code part of the lower Naxsi when compiling Nginx.

Since Nginx does not use the Tensorflow library when compiling, we need to manually modify the Makefile, automatically add the Tensorflow library when linking, and finally compile.

Then, you need to copy the configuration file of Naxsi into the conf folder of Nginx, configure Naxsi, and modify the configuration file of Nginx to add the Naxsi module. Customize a 403 Page as an alternative interface when injection occurs. Then, run Nginx.

VI. Manual note test

A simple manual note is used here to test whether the module is working properly. In fact, it is impossible to inject here. If you are interested, you can join DVWA and other target aircraft and use sqlmap and other tools to actually attack.

At this point, I believe you have a deeper understanding of "how to join a soft WAF that uses deep learning for Nginx". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.