The Design And Implementation Of Distributed Peer-to-peer Based Web Application Firewall

With the rapid development of Internet technology, the application of Web isbecoming more and more important and prominent, and a major characteristic whichbrings many unsafe factors is the broad development of the internet. In the past few years,many websites of the enterprises and government institutions were attacked, even someof the loss had beyond the price. So many cases show that the traditional firewall, IDS,IPS and web pages tamper equipment can't defend against these attacks whichtransferred from the application layer. The web application firewall (WAF) working onthe application layer can prevent the application layer attacks by analyzing and checkingHTTP/HTTPS requests and responses message in-depth. According to the analysis of theattack of the mainstream web application principle and attack characteristics, in order toovercome the shortage of flexible, scalability and detection efficiency in existingapplication layer intrusion defense single node WAF. This paper proposed a webapplication firewall based on distributed peer-to-peer and reverse proxy, the main workof the paper is as follow:(1) An active detection engine is designed and implemented which used reverseproxy technology. The core of detection engine is designed by reverse proxy technologycore, which has the features of no influence to the web applications, deploying flexibleand remote host protection. To filter the HTTP/HTTPS message, using the combinationway of passive detection based rules and active detection based on plug-in. Detectionengine can both filter request and response message, achieve fine particle size detectionand prevent the application layer web attacks effectively, which also protect web server.(2) The web application firewall is designed and implemented based on distributedand peer-to-peer architecture. The system uses reverse proxy to response web request.Each node runs the same application, and determine primary and auxiliary nodeaccording to the dynamic demand. The master the node has characteristics of dynamicsession keeping and load balance, putting forward the algorithm of dynamic loadbalancing based on the load mapping table and mapping scale; the auxiliary nodes detectthe HTTP/HTTPS message by using expert system and plug-in. JSON is used tocommunicate between nodes; and the main and auxiliary node can be changeddynamically.(3) Deploy the distributed peer-to-peer based web application firewall toexperimental network. In the case of single node and distributed multi-node, theperformance of detection function and load-balancing algorithm has been tested in thesystem. Experimental results show that the system has a good usability and efficiency,deployed flexibility and extensibility.