| With the rapid development of Internet technology,new IT application technologies such as cloud computing,virtualization,big data,and mobile Internet have penetrated into various industries and fields,bringing great convenience to our life and production.But at the same time,Due to the high level of openness of the network,the contradiction between information sharing and information security on the Internet becomes more serious,what it described as an increasingly perilous situation.In recent years,domestic websites face a large of security problems.The frequent occurrence of security incidents on websites has a certain impact on our society and the Internet economy.From the aspect of practical application,this thesis studies WAF(Web Application Firewall)to protect the security of the SME portal websites.Firstly,the thesis expounds the major cyber security attacks in China and abroad in recent years,and introduces the research status of the defense against Web application attacks.Three common application layer attacks are deeply analyzed,including SQL injection,cross-site scripting attacks and cross-site request forgery attacks.The attack principle and attack defense measures are discuessed.Secondly,through comparison and analysis of different types of firewalls,we summarize the characteristics of each type of firewall.Then the main types and working principles of web application firewalls are analyzed.Aim at the characteristics of SME portals websites,a WAF system based on the Lua_nginx module of OpenResty platform is designed.Finally,Qing Cloud platform is used to deploy the virtualized WAF experimental platform and run the WVS scanner to verify its ability of the WAF to resist the above three kinds of Web application attacks.The experimental results show that the WAF designed in the thesis can protect SEM portal websites. |
PDF Full Text Request