How to build a reliable WAF (Web application firewall)

Source: Internet
Author: User

How to build a reliable WAF (Web application firewall)

(1) What components are included in WAF implementation and how these components interact to implement WAF defense functions (2) How to maintain WAF rules (Policies) Maintenance Rules (Policies), including obtaining channels, rule testing methods and online performance evaluation (3) supported WAF Product improvement and required information library support

I. WAF implementation

WAF parses HTTP requests (Protocol parsing module), detects Rules (rule module), performs different defense actions (action module), and implements the defense process (Log Module) record it.Regardless of the hardware, software, cloud, and core, we will focus on the implementation of yy waf.WAF consists of five modules (configuration module, protocol parsing module, rule module, action module, and error handling module ).

1. Configuration Module

Set the WAF detection granularity and enable it as needed,


2. Protocol parsing module (important)

The output of protocol Parsing is the operation object during rule detection of the next module. The granularity of parsing directly affects the WAF defense effect. The cloud WAF mode where the WAF module is parasitic on the web server generally relies on the parsing capability of the web server.

3. Rule module (important)

The point is, this is the core of WAF, And I will divide it into three sub-modules.

(1) Rule Configuration Module

Configure the IP blacklist and whitelist, URL blacklist and whitelist, and select a suitable rule package.

(2) Rule parsing module


The main function is to parse specific rule files. It is best to use a uniform rule description language to facilitate the provision of custom rules to third parties. ModSecurity is very good in this aspect.


The rule file consists of four parts: Variable, operator, transaction function, and action.

(3) rule detection module

In the previous step, we set various variables, and then perform addition, subtraction, multiplication, division according to certain logic.

4. Action module (Focus)

Through the rule detection module, we have identified the good and evil of requests. Next, we will respond to the issue of sentencing, not just interception.


5. Log Module (important)

Log processing is very important and very popular. It is rich in content and can be independently developed from WAF to form a separate security product (e.g. Log Service). It uses interfaces to support WAF. For cloud WAF with a huge data volume, a separate big data team will support the architecture, including data storage (e.g. hdfs, kafka, hadoop/spark, storm, and elasticsearch.

6. Error Handling Module

Exception Handling During running errors of the above modules

Ii. WAF rule (policy) Maintenance

WAF needs to cultivate a picture to hide it

Iii. WAF Support Information Library


WAF needs to cultivate a picture to hide it


Almost all the security personnel in the above support database are doing it repeatedly, and resources are not shared. One is internal, and the other is that resources cannot be integrated without a unified description language. Alas, bapeta for security practitioners.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.