How to build a reliable WAF (Web application firewall)

(1) WAF implementation WAF includes which components, how these components interact to achieve WAF defense functions (2) WAF rules (Policy) Maintenance rules (policy) how to maintain, including access to channels, rules testing methods and on-line effect Evaluation (3) WAF support WAF product improvement needs which information base to support

First, WAF implementation

WAF A sentence description, is to parse HTTP request (Protocol parsing module), rule Detection (rule module), do different defensive action (action module), and the Defense process (log module) recorded. Regardless of hardware, software, Cloud section, the core is this, and then around this sentence to YY WAF implementation. The implementation of WAF consists of five modules (configuration module, Protocol parsing module, rule module, action module, error handling module).

1. Configuration module

Set the detection granularity of the WAF, open on demand as shown in the figure

2. Protocol parsing module (emphasis)

The output of protocol parsing is the operation object of the next module rule detection, and the granularity of analysis directly affects the WAF defense effect. The cloud WAF pattern that hosts the WAF module on the Web server generally relies on the resolution capabilities of the Web server.

3. Rule module (emphasis)

The point is, this is the core of WAF, and I divide this piece into three sub modules.

(1) Rule configuration module

IP black and white list configuration, url black and white list configuration, and select the appropriate rule package.