First of all, this article is purely a guess. The actual situation must be different.
We can simulate an SQL injection attack that does not exist at all.
Return
405 Not Allowed
--------------------------------------------------------------------------------
ASERVER/0.8.54-1
I have sent this question: http://www.bkjia.com/article/201111/109992.html. you should have noticed something strange:
Apache Tomcat/6.0.28
If path Parsing is incorrect, we get another nginx/0.7.67
OK. The official team removed the leaked information from the report to conceal nginx, so I will try again.
Http://www.anquanbao.com/public/
Return
403 Forbidden
--------------------------------------------------------------------------------
Nginx
Through this, we can guess that the security treasure may be three layers.
Nginx reverse proxy
Aserver web firewall Device
Real website Server
Of course, there may be only two layers, that is, nginx reverse proxy, and WAF is just a module developed by ngnix! Similar modules are open-source, such:
Naxsi http://naxsi.googlecode.com for OWASP
So in the end, I guess that the core technical architecture of quickshield is an nginx reverse proxy + WAF module. Of course, this is purely speculation. People are innovative after all.
PS:
To further prove my guess, the interception of web security protection is nginx interception. I analyzed it again
For example, access:
You can clearly see that the web security protection status page of 405 contains the following sentence:
<! -- A padding to disable MSIE and Chrome friendly error page -->
Which of the following statements about the status page of open-source software is so abrupt?
You can Baidu http://www.baidu.com/s? Bs = nginx + % 3C % 21 -- + a + padding + to + disable + MSIE + and + Chrome + friendly + error + page + -- % 3E & f = 8 & rsv_bp = 1 & rsv_spt = 1 & wd = nginx % D4 % B4 % C2 % EB + % 3C % 21 -- + a + padding + to + disable + MSIE + and + Chrome + friendly + error + page + -- % 3E & input = 2324
Author: RAyh4c Black Box