Traditional firewalls are used to solve network access control problems and prevent unauthorized network requests. Application firewalls process application layer requests by executing Internal requests of application sessions. The application firewall protects Web application communication streams and all related application resources from attacks using Web protocols.
The application firewall can block browser and HTTP attacks that use application behavior for malicious purposes. These attacks include data attacks that use special characters or wildcards to modify data, attempts to obtain the logic content of command strings or logical statements, and attacks that use accounts, files, or hosts as the primary targets.
There are two ways to implement the application firewall: A Positive security model for positive behaviors and a negative security model for preventing known attacks.
The active security model learns the application logic when the user interacts with the application, and then establishes an effective security policy for known requests to implement positive behavior. The implementation method is as follows.
1. The initial policy contains a list of valid Web pages. Before creating a session policy, your initial request must match these launch webpages.
2. The application firewall analyzes the downloaded webpage requests, including webpage links, drop-down menus, and table domains, and develops policies for all allowed requests that can be issued during user sessions.
3. Verify that the request is valid before the user request is sent to the server. Requests that are not recognized by the policy are blocked as invalid requests.
4. When the user session ends, the session policy is destroyed. A new policy is created for a new session.
The negative security model relies on a database that stores Attack Characteristics to prevent identified attacks. The implementation method is as follows.
1. Use a set of known attack characteristics to develop policies.
2. Do not use downstream web analysis to update the policy.
3. The identified attacks are blocked, while unknown requests (good or bad) are considered valid and sent to the server for processing.
4. All users share the same static policy.
The application firewall is installed between the firewall and the application server and runs on the Seventh Layer of the ISO model. All session information, including upstream and downstream session information, must flow through the application firewall. Downstream requests go through the Application Firewall and parse the policies in the context of positive models. This requires that the application firewall be installed on the front-end of the cache server to ensure the validity of the request. An upstream request is sent to an application firewall that only allows valid requests to pass. Therefore, harmful requests are not allowed to access the server.
Application Firewall knows the input and output Session requests, provides online integration with existing applications, and is compatible with Web application technology. The application firewall processes these threats in real time before they reach the application. The application firewall listens to TCP ports 80 and 443, receives input HTTP/Secure HTTP requests from the client, parses these requests, establishes a relationship with the session, or creates a session, then match the request with the session policy. If the request is acknowledged (that is, the corresponding link is recognized), it is forwarded to the Web server. If not recognized, the request is rejected. After the Web server's response arrives at the application firewall, it will establish a relationship with the same session to which the request belongs for resolution, and at the same time, the policy is updated (the new link is recognized) it is also extracted to establish a relationship with the session.
If this is the response to the first request, an encrypted session Cookie is also attached to the response to identify future communication sessions with the client. The application firewall finally forwards the response to the client.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
