| With the rapid development of the Internet, especially WEB2.0 and "Internet plus" era, all kinds of web applications bring great convenience for the information dissemination, in the meanwhile which also has caused several security risk. According to the statistics of China Internet Network Information Center (CNNIC), the total number of Chinese websites is 4.23 million by the end of December 2015. Many websites with weak security protection have become the attacked targets of some illegal individuals, the hacker group for personal gain. Webpage tamper is the most common attack, and it has extremely bad influence. According to research and investigation, the current market mainstream website tamper proof is software tamper resistance based on host. There are many problems for this technology, such as deploying software in the web hosting, tightly coupled with host operating system or web server, changing the original site page management etc.The purpose of this thesis is to develop a website tamper proof system based on application gateway in order to solve issues mentioned above. This thesis includes the following contents:(1) Researching the existing tamper proof system combined with the user actual needs, and analyzing the existing deployment, management and protection effect. Exploring a website tamper proof system with convenient deployment, which does not occupy the host resources and provide multiple protection for websites.(2) Researching common types of Web attack principles, processes and methods of protection; analyzing all kinds of technical research of common web page tamper and web proof tampering methods, which is fully ready for the technology scheme of the system.(3) Designing the multi-layer system architecture including the Web management layer, the middle layer for configuration, the business logic layer and the data layer on the basis of a stable, efficient, flexible and open principle. Also designing the system function module, database and user management interface. Developing the Web attack filtering, website image, tamper detection protection, Web management and other functional modules.(4) Developing the hardware tamper proof system based on the application gateway, which can avoid to couple with the host site tightly. The original web page element management mode will not be changed while the system will not consume the web host resources. As the transparent proxy server which is pre deployed, it can prevent DDoS attacks effectively. Sending response to the user instead of hosting site can ensure that the web site of the business continuity when web hosting has unplanned downtime.The web anti tamper system based on the application gateway has been used in a large number of enterprises. This system solves the problem of management, performance, which is caused by traditional software website tamper-proof tightly coupled with web hosts. Research results have achieved the expected goal... |
PDF Full Text Request