| With the development of the Web2.0era, many governments, schools and critical business activities relay on the Web application heavily. While providing the simple service to the customer, the Web application is also faceing more and more risks. The most authoritative RSA study shows that the Web application security issues are more serious than all previous network layer security problem, which become the most serious, most widely, the greatest danger of security issues. So people pay more and more attentionto the problem of the application layer security.Web Application Firewall (abbreviation:WAF) provides protection to Web applications by a series of the HTTP/HTTPS security policies. ModSecurity is an open source Web application firewall developed and updated by the Open Web Application Security Project. It is essential to strengthen defense function and simplify regular libraries to provide better protection for Intranet.Basing on the reserching of famous open source Web application firewall ModSecurity, combing with the traditional network layer defense equipment, this paper give some Web application firewall deployment scenarios of Intranet. The major works are done as flows:1、Having deep analysis into several mainstream application-layer attacks, including the application layer DOS attacks, SQL injection attacks, cross-site scripting attacks, cross-site request forgery attacks. This paper describes their attack principles and the appropriate number of signatures, analysis circumvent technical network-based IDS technology in the network layer and application layer.2、Analyzing of the request processing flow of the Web application firewall, this paper summarize the five stages of request processing and the function of each hook. Then this paper design a hook function in hook point process_connection to count the request timeout. Combined the request processing characteristics in Apche2.3.x, the hook function we designed could achieve effective detection and prevention to the Slowloris attack.3、This paper designed a Web application firewall deployment scenario in campus network for some fetures of the campus network and the feture of traditional defence equipment and WAF. And analyze the pros and cons of this deployment scenario. Based on the characteristics of campus network, this paper simplifies Web application firewall rules for the various types of application-layer attacks and improves the effectiveness of rules matching.4、Compiling the corresponding rule to fix Remote Denial of Service vulnerability which caused by the deformity Range option for the Apahce.This article is based on the open source ModSecurity project, combined with the traditional defense equipment to design a Web application firewall deployment scenario in the campus network. The deployment scenario can better protect the safety of the campus network, especially the application layer security which payed little attention but often caused problems. It has a certain reference value for the next intranet Web application security. |
PDF Full Text Request