关键词: Web应用防火墙, HTTP, Web攻击, Simhash, 分块检索

Abstract:

With the rapid development of Web application, the security situation is not optimistic, the majority of Web applications have security vulnerabilities, and the traditional network security equipment for the application layer attack prevention is very limited. The traditional firewall can only protect the network layer, IPS, IDS cannot effectively protect the application layer attacks by flexible encoding and packet segmentation. The Web application firewall works in the application layer, it analysis the HTTP requests and responses, then compares the analysis results to the HTTP attack feature library, blocking Web application attacks, protect application layer effectively. This paper analyzed the HTTP protocol and mainstream web attacks and bypass mode, aiming at the deficiency of the HTTP protocol and the defect of model matching, and it adopted Simhash feature extraction and block prevention and filtering search technology, to propose a based on feature matching of Web Application Firewall System. Experiments show that the Web application firewall can defend against all kinds of Web application layer attacks, effectively solve the problem of the Web attack detection.

Key words: Web application firewall, HTTP, Web attack, Simhash, block search