Design And Implementation Of Highperformance Web Application Firewall Based On Nginx

Web applications are more and more widely used for its standardization and versatility.However,Web applications are vulnerable to various Web attacks and become unavailable.Web Application Firewall(WAF)is a type of information security system protecting Web applications through filtering requests and responses based on certain security protection rules.Aiming at the problems of imperfect functions and low performance of existing WAFs,this thesis designed and implemented a high-performance WAF based on Nginx.The main contributions of this thesis are as follows: 1.Design and implement web attack detection system based on regular matching.The system supports highly customizable detection rules and can customize whitelist rules and blacklist rules from multiple regions such as IP,URI,request parameters,request methods and request headers in Web requests,and response headers and response bodies in Web responses.In addition,with built-in open source third-party rule library Mod Security CRS,this system can detect and defend against common Web attacks such as SQL injection attacks,remote code execution,directory traversal,and cross-site scripting attacks more effectively.2.Design and implement an improved weighted minimum connection method,a kind of load balancing algorithm.The algorithm uses the average response time of each back-end server node in the last cycle time,the current number of task connections and the default weight as reference indicators to determine the allocation rules of new tasks,thereby balancing the load of each back-end server node.3.Design and implement an efficient and safe WAF management system.Under the premise of ensuring its own security,the system can enable WAF administrators to dynamically view the WAF running status and log records in real time,modify the attack detection strategy,adjust the load balancing algorithm according to WAF load,set the log format and alarm method through the Web interactive interface.After testing,in terms of function,each module of the WAF system is complete in function,and the whole system can effectively detect and defend against common web attacks.The WAF management system has a friendly interface and is easy to operate,and WAF administrators can highly customize the whitelist and blacklist through the system.In terms of performance,WAF has little effect on the average response time of Web applications after being deployed,with an impact rate of 4.20%.In addition,compared with the built-in minimum connection method in Nginx,the improved algorithm proposed in this thesis has better load balancing effect with the average response time reduced by 10.01% and concurrent throughput increased by 10.30%.In summary,the WAF designed and implemented in this thesis has important research significance and practical value for protecting Web applications.