Web Application Firewall (WAF) entry (1)

Web Application Firewall, also known as WEB Application Security Firewall (WAF), has become increasingly popular since the end of. In the past, these tools were monopolized by a few large projects. However, with the emergence of a large number of low-cost products, as well as open-source trial products available for choice, they can eventually be used by most people. In this article, we will first introduce what Web application firewall can do, and then give a quick overview of some of the most useful features of Web application firewall. After reading this article, you can understand the topic of web application firewall and learn more about it.

What is web application firewall?

Interestingly, no one knows exactly what the web application firewall is, or, to be exact, no precise definition that everyone recognizes. In a broad sense, Web Application Firewall is a tool that enhances the security of Web applications. However, if we want to go deep into its precise definition, we may have more questions. Some Web application firewalls are hardware devices, some are application software, some are network-based, and others are embedded into WEB servers.

There are dozens of product names with the WEB Application Firewall Feature in foreign markets, not to mention the form and description of the product. It is hard to define because the name contains too many things. Low Network Layer Web Application Firewall (WAF) is deployed on the Seventh Layer. Many devices have their unique functions, such as routers, switches, firewalls, and intrusion detection systems, intrusion defense systems. However, in the HTTP world, all these features are integrated into one device: Web application firewall.

In general, WAF provides the following functions:

1. Audit device: Used to intercept all HTTP data or sessions that only meet certain rules

2. Access Control Device: used to control access to Web applications, including both active and passive security Modes

3. Architecture/network design tools: when running in reverse proxy mode, they are used to allocate functions, centralized control, and virtual infrastructure.

4. WEB application reinforcement tools: These functions enhance the security of protected Web applications. They not only shield the inherent vulnerabilities of WEB applications, but also protect the security risks caused by WEB application programming errors.

However, it should be noted that not every device called Web application firewall has the above four features at the same time.

Due to the diversity of WEB application firewalls, people with different knowledge backgrounds tend to pay attention to their characteristics in different aspects. For example, people with a network intrusion detection background tend to regard it as an IDS Device running on the HTTP layer; people with the background of the firewall tend to regard it as a functional module of the firewall. Another understanding comes from the term "Deep detection firewall. They believe that the deep detection Firewall is a device equivalent to the Web application firewall function. However, although the two devices have some similarities, the difference is still very large. The deep detection firewall usually works on the third and higher layers of the network, while the Web application firewall processes the HTTP service on the Seventh Layer and supports it well.

Is it better to directly change the WEB code to solve security problems? This is beyond doubt, but it is not so easy to implement ).

Because, by changing the WEB application code, the system security performance can be enhanced, which is itself controversial. And the reality is more complex:

◆ It is impossible to ensure 100% security. People with limited capabilities will inevitably make mistakes.

◆ In most cases, few strive for 100% security. In today's real life, those who lead the application development pay more attention to functions rather than security. This idea is changing, but it is a little slow.

◆ A complex system usually contains third-party product components and function libraries. Their security performance is unknown. If the source code of this product is confidential, you must rely on the vendor of the product to provide patches. Even if the source code is public in some cases, you cannot have the energy to correct them.

◆ We have to use business systems with security risks, even though these old systems cannot be improved at all.

Therefore, in order to achieve the best results, we need to make a two-pronged effort: on the one hand, we must improve the security awareness of managers and developers; on the other hand, we should try to improve the security of application systems.