Web Application Protection System OPENWAF Open Source CC protection Module __web Application

Guide

Openwaf since last October open source, six months have been continuously open source of the major modules, has been a lot of attention. Recently, it is just open source, we are looking forward to the CC module!

Openwaf since last October open source, six months have been continuously open source of the major modules, has been a lot of attention. Recently, it is just open source, we are looking forward to the CC module!

What is CC? What can openwaf cc protection do? We'll give you a detailed description of the following. what is CC?

For example, the east of the new opened a Beef noodle restaurant, booming business, customers in a steady stream. One day, a local bully summoned a group of younger brothers, swarm into the beef noodle, occupy all the seats, only chat not order, leading to real customers can not enter the store consumption. As a result, the business of the Beef noodle shop was affected and suffered heavy losses.

If the Beef noodle restaurant as an Internet enterprise, then the evil of this group of Ruffians is a typical distributed denial of service, which is what we call DDoS attacks.

CC attacks are a type of DDoS (distributed denial of service) that appears to be more technical than other DDoS attack CC. The attacker generates a legitimate request to the victim host using a proxy server, DDoS, and the disguise is called: CC (Challengecollapsar).

This attack you can not see the real source IP, see a particularly large abnormal traffic, but will cause the server can not be a normal connection. such as electric dealers and game operators are common victims of CC attacks. the principle of CC attack

The traditional CC attack principle is that the attacker control some hosts keep sending a large number of packets to the other server caused the server resource exhaustion, until the downtime crashes. CC is primarily used to attack pages, everyone has this experience: when a Web page visits a very large number of times, open the page is slow, CC is to simulate multiple users (how many threads are many users) Non-stop access to those who need a lot of data operations (that is, the need for a large amount of CPU time) of the page, Cause the waste of server resources, CPU for a long time in 100%, always have to deal with the connection until the network congestion, normal access was aborted.

Traditional CC protection, will always determine whether to achieve cc cleaning threshold, to find the source of attack to intercept, often inefficient and high false alarm rate.

The CC protection of OPENWAF is divided into two stages: flow monitoring and flow cleaning. In the traffic monitoring phase, the details of each IP are not recorded until the server performance bottleneck is reached. That is, traffic jams to speed limit, no traffic jams you want to drive how fast. This is to save resources, but also effectively improve the performance of the engine. When the flow reached the set trigger threshold, it really entered the flow cleaning phase, the time recorded analysis of IP and path flow, to carry out "speed limit."

When the flow reaches the cleaning threshold, the traditional CC protection only supports blocking requests, the probability of "manslaughter" is high and the user experience is poor. And Openwaf provides a wealth of interception action, not only support blocking, but also provide connection reset, human machine identification (JS code verification or verification code verification, this feature April open source). As if encountering an accident, we are not directly revoked the driver's license, but the responsibility to judge, thus effectively enhance the user experience, reduce false positives.

OPENWAF traffic monitoring currently supports the monitoring of request traffic per second and the number of requests per second, the flow cleaning phase currently supports the IP level of new connections per second, total IP level connections, IP level requests per second, and path-level requests per second. In conjunction with the OPENWAF security policy, can be site-level, path-level, IP-level multiple configuration, effective multiple protection, so that you can easily customize the "Traffic speed limit rules" you want.

We always believe that "the more sharing, the more secure", we hope that more people can try Openwaf, and join the team to protect the web security, and give us your valuable advice.

This article is reproduced from: http://www.linuxprobe.com/web-openwaf-cc.html

Free to provide the latest Linux technology tutorials Books, for the open source technology enthusiasts to do more and better: http://www.linuxprobe.com/