Research And Development Of Web Application Firewall System

With the advent of Web 2.0,the number of services provided by Web applications on the Internet has grown exponentially,while the number of attacks against Web applications has grown linearly,and the attack methods have become more complicated.However,due to the lack of attention and understanding of web application security by developers,and the lack of secure software development technology,web application vulnerabilities have become the primary target of current attacks.For attacks against program vulnerabilities,the general approach is to set up a firewall for defense.Traditional firewalls can successfully prevent attacks at the network layer,but traditional firewalls cannot effectively defend against attacks by web applications based on the application layer.Therefore,Web applications have the necessary security requirements.As Web security becomes more and more important,Web Application Firewall(WAF)comes into being.Aiming at the problems of traditional web application firewall,this paper designs an application gateway with the function of web application firewall.This article adopts the Web-based management model to solve the problem that the client-mode Web application firewall needs to install the client on the target host;this article uses the method of encrypting the certificate private key and storing it in the database to solve the problem that certificate proliferation will cause the certificate Leakage issues;meanwhile,this article designs the application gateway as a unified access port for business access,so that all business accesses need to pass through the gateway,so that traffic detection,load balancing and other functions can be implemented on the gateway,and the scalability of the system is greatly improved.For the core design of the application gateway,the Web application firewall module,this article uses signature detection and anomaly detection strategies to achieve the function of the Web application firewall module.The signature detection module is divided into two parts: signature detection rule set module and CC(Challenge Collapsar)defense module.This article designs a signature detection rule set module that can defend against common attacks.This module analyzes common Web application attacks,such as SQL injection,XSS(cross-site scripting attacks),etc.,and analyzes and draws on the core rules of the Mod Security rule set.The two are integrated to achieve;the CC defense module designed in this paper,according to the research,concluded that the current CC attacks are mainly based on web pages,so CC defense is detected by three aspects: Cookie,HTTP URL,and HTTP User-Agent.Implementation;the anomaly detection strategy designed in this paper is mainly aimed at the day0 type of attack.In this paper,based on the design of the data model and the detection model,the algorithm of request length detection is adopted,which can effectively intercept the requests of abnormal length parameters,and at the same time ensure a very low false alarm rateAt the same time,this paper also designs and implements the load balancing function of the application backend.When there are multiple application servers in the backend,resources will be randomly allocated for user business access.The Web-based background management module implements functions such as business configuration management,rules management,and log management.It uses Angular for real-time interaction with the gateway through the back-end API.Finally,according to the typical application scenarios of Web Application Firewall application gateway,the environment is built and the function is tested.We tested and verified the system functions in the following scenarios:(1)After logging in to the background management terminal,the security administrator can set and modify applications and rules on the management terminal according to actual application requirements through the web interface;(2)In the experiment of simulating criminals to conduct malicious attacks,the WAF Application Gateway can well defend common attacks,Challenge Collapsar,and perform abnormal parameter detection,blocking the rules triggered by the attacks,verifying the verification code or other protective actions.