The Design And Implementation Of Traffic Processing Module In Web Application Firewall

Web Application Firewall(WAF)is a safety solution dedicated to Web applications.It isolates safety and application business logic,reducing loss caused by Web application attacks and price of safety development.By the development of Internet,the business scale of enterprises increases.Enterprises needs to defend malicious access,e.g.crawlers' fetching website content and coupon abusing,in addition to traditional Web application attacks.They usually insert detection code for defense of malicious access in Web applications.However,this solution increases the coupling of business functionality and safe functionality,and revalidation and redeployment of Web application is required after modifying code for detection.Both increase maintenance cost of the application.Filtering and statistics of matched Web access in range of holistic website is also required for detection,which inevitably introduces architecture complexity and development cost to most Web applications based on Web server clusters.Main purpose of this thesis is to propose a solution to malicious access protection,which is based on customized script for extending the WAR Enterprise users arrange their safety requirements into detection scripts,submitting them to WAF,so that access statistics and safety reactions(e.g.banning,alerting)can be performed by WAF.Traffic processing module in WAF takes the main responsibility of realizing the proposed solution.Web applications varies in scale and real time load,thus a scalable traffic processing module is designed in this thesis to fit in with such variation.Enterprise users could dynamically increase and decrease deployment of traffic processing module node,regarding the trade-off of processing performance and infrastructure cost.Main work of this thesis is to design and implementation of traffic processing module in WAFR Firstly,this thesis introduces current condition of solution to malicious access defense,and induces the proposed solution of this thesis.Secondly,this thesis presents the overview and adoption rationale of relevant technologies.Thirdly,this thesis analyzes the functional requirements and non-functional requirements related to industrial standards,e.g.scalability,performance and security.Fourthly,this thesis designs the architecture of traffic processing module,depicting its interaction with other modules in WAF.Fifthly,the design and implementation of components in traffic processing module,including stream processing module,plugin module and node interface module,are carried out by this thesis,demonstrating how relevant technologies are utilized and how functional and non-functional requirements are fulfilled.Finally,this thesis revises the work and concludes the milestones achieved in current stage,and anticipates the next milestones in the next stage for improving the solution.Enterprises will can protect their Web applications with customized detection scripts using WAF designed based on the proposed solution,while maintaining the isolation of safety and application business logic,and without redeployment and altering architecture of the Web applications.