Design And Implemention Of Web Application Security Solution Method Based On Reverse Proxy

With the development of network and IT,especially Internet broad popularizes and applies, on-line service based on Web increases by unceasingly, such as E-government, electronic commerce, the network work as well as the hypothesized community. The following security problem of web application is also getting more and more serious, this problem that how to guarantee the normal operation of Web application also becomes important day by day, and must be solved.The function of the traditional network security equipment that defences the Web application attack is very limited. All the work and processing of the present majority firewall are in the network level, but the firewall can not examine the characteristic of application layer attack in the network level, so this situation has urged the Web application firewall and other solution method to turn out.This article mainly studies the security problem of the Web application and has analyzed the situation which the SSL-VPN equipment cannot guard against the web application attack effectively, proposed a safety solution based on reverse proxy, through increases the new Web application attack detection module in the SSL-VPN equipment's reverse proxy function, enhanced the ability that the Web application to resist the Web attack under the SSL-VPN environment.This article has emphatically analyzed three common Web application attack methods: SQL injection, cross site scripting, session disguising. Based on the discussing the principle and the technology of these attack, classified them according to the attack object and got better understanding on how to guard against these attacks. Afterward this article has analyzed the flaw and the insufficiency of the current Web safety solution, proposed a solution based on the reverse proxy, explained the system design, the module functional design and the process of implemention, finally tested the examination ability of solution and the influence of SSL-VPN equitment, the experiment indicated that this solution is able to detect the attack effectively under a certain performance loss, compared with other solutions,the merits of this solution is easy to deploy, low cost, HTTPS supported and so on, this solution is first design proposal and the product prototype which SSL-VPN equipment integrated the Web application firewall function at present.