Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to deploy Web application firewall JXWAF. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

Overview of JXWAF

JXWAF is an open source Web application firewall that can be used to protect against common OWASP attacks such as SQL injection vulnerabilities, XSS vulnerabilities, command execution breakthroughs, CC attacks, etc., to avoid website data disclosure, and to ensure website availability and security.

Functional characteristics

1. Web application attack protection

Based on semantic recognition protection engine against SQL injection, XSS attacks, Webshell addition, directory traversal extension, command injection, scan protection and so on.

2. Intelligent protection against CC attacks

The access frequency of a single source IP is controlled, and comprehensive protection is carried out combined with the number of visits per unit time. The man-machine identification algorithm specially developed for CC attack protection can intelligently switch protection modes according to business load, and is especially suitable for the protection of massive IP slow request attacks. Automatically block and unseal the malicious attack IP without human intervention, and reduce the operating cost.

3. Custom rule protection

It supports the combination of conditions for common HTTP segments such as IP,URL,BODY,User-Agent, and supports protection scenarios such as hotlink protection and website backend protection.

4. IP blacklist and whitelist

The difference between quickly adding blacklists and whitelists and adding IP blacklists and whitelists with custom rule protection is that IP blacklists and whitelists can be added in large quantities through hash matching, with little impact on performance.

5. Regional ban

Ban on the basis of the country or region to which IP belongs.

6. Block page customization

You can customize the definition page to improve the user experience.

Application scenario

JXWAF is developed based on openresty (nginx + lua) and supports cloud native deployment. Users can deploy JXWAF to servers in Ali Cloud, Tencent Cloud or self-built server rooms, which can be deployed separately or exploited to cooperate with cloud load balancer or dns to build private cloud WAF deployment. Support to protect the HTTP,HTTPS,HTTP2 traffic of the website, and support deployment, embedded deployment, cloud WAF deployment, partition deployment.

JXWAF can help you resolve the following issues:

Data anti-disclosure, to avoid injection expansion, command execution interruption, etc., resulting in the offset of the core data of the website. CC attack protection, prevent malicious requests, ensure the availability of the website. Business security protection.

Step1: installation environment dependency

Step2: download openresty

Step3: decompress openresty

Step4: change to the openresty directory and view

Step5: compile and install openresty

Step6: compilation and installation

Step7: edit configuration environment variabl

Step8: adding configuration environment variables

Step9: effective immediately

Step10:WAF download

Step11: switch to the jxwaf directory

Step12: give permission to run

Step13: run the install.waf.sh installation script

Step14: open www.jxwaf.com, click Login, then click Register, fill in the electronic fuel tank and picture verification code

Step15: fill in the mailbox and password, as well as the verification code to receive the mailbox

Step16: registered successfully

Step17: log in to the backend using the registered account, and copy the api and mailbox verification code separately.

Step18: switch to the tools directory

Step19: configuring api key and api password values

Step20: running nginx

Step21: go to the backend to add a website domain name or IP address

Step22: the protection rules have been added, and the necessary protection policies are enabled as needed.

Through personal experience of installation and deployment in the local client, you first need to install dependent installation packages and web server nginx support, because there are many modules in this application firewall that need their linkage. JXWAF is configured through the console or scripts in the tools directory, start openresty overload jxwaf Management Center to pull the latest rules of user configuration, and complete the entire website protection process.

After reading the above, do you have any further understanding of how to deploy Web application firewall JXWAF? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.