Research Of Web Firewall's Data Buffer Management

As important security facilities of Internet,Web Firewall plays an important role in ensuring security of our network.The system does thorough analysis and more complex processing,which makes its performance is lower than packet filtering firewall and stateful filtering firewall.Faced with an increasing trend of network traffic year by year,how to adjust its strategies to return to normal state as soon as possible seems critical.In particular,how to make sure the system can deal it faced with bursty traffic.Web firewall's processing delay forms a non-negligible part of access latency because its inefficiency.How to ensure user's access delay with fluctuant network traffic,especially delay of high frequency traffic,becomes a key issue.For dynamic characteristics of network traffic,taking into AQM algorithms of router and features of web firewall,this paper proposes a probabilistic forwarding strategy.The strategy can adjust forwarding threshold and drop threshold according load size.In order to deal with unexpected traffic impact on Web firewall system,this paper uses dynamic queues to deal with burst traffic.The type data structure can take full use of buffer space when dealing with uneven data.Finally,the paper uses simulation experiments to validate the algorithm under LAN.The results show that,in the face of a large case load,the algorithm has better performance properties.In order to ensure a more accurate user access delay,delay distribution based on characteristics of single session is introduced.The paper estimates session delay threshold with history of high frequency URL session,which has been proved to be right according to theoretical analysis and experimental verification.To take advantage of the statistical results of app layer,the output queues use feedback of the upper layer session to improve its reaction speed when scheduling packets.Finally,the paper compares this kind of delay estimation methods with no delay guarantee.The results show that the method with statistical URL history can reduce sessions with large time delay when deal with small flow.At the same time,it can reduce average delay of frequency URL session effectively when flow is large.