• • 上一篇    下一篇

基于 ISAPI 过滤器的 Web 防护系统

池阳%高健%周福才   

  • 基金资助:
    国家科技重大专项(2013ZX03002006)

Design and Implementation of the Web Firewall System based on ISAPI Filter

CHI Yang%GAO Jian%ZHOU Fu-cai   

  • About author:东北大学软件学院,辽宁沈阳,110819

摘要: 随着 Internet 的发展,恶意用户利用 Web 应用程序存在的漏洞,对 Web 站点实施攻击,从而完成获取信息资料、植入病毒木马、伪装钓鱼网站、恶意插入广告等恶意操作,危害用户的利益,降低网站的可信度。随着 Web 攻击的日益增长,网站的安全风险达到了前所未有的高度。针对 Web 站点安全问题,在 HTTP 协议模型的基础上,结合 URL 解析技术及 Web 服务器核心扩展技术,文章设计并实现了一个基于 ISAPI 过滤器的 Web 防火墙系统。该系统可抵御常见网络攻击行为,为基于 HTTP 协议的 IIS 网站提供安全保障。系统主要包括3个组成部分:配置模块、过滤模块及日志模块。文章对系统过滤模块的设计与实现进行了详尽的阐述,系统的主要功能包括:过滤 HTTP 请求类型、限制头部长度、禁止 SQL 注入、禁止 Cookie 注入、禁止跨站攻击、防止敏感目录扫描、过滤请求文件类型以及 IP 黑名单。系统通过上述功能可以有效检测 Web 攻击行为并能做出正确处理,为 Web 网站安全提供有效保障。文章最后对系统进行功能测试,测试表明,系统可以对常见的 Web 攻击行为进行过滤处理并做出预期响应。系统符合设计目标,具有较高的实用价值。

Abstract: With the development of Internet, malicious users attack Web sites by using leaks which exit in Web applications to achieve accessing to information, implanting trojans and virus, camouflaging fishing sites, inserting malicious advertising and other illegal operations. These malicious behaviours damage the profit of the legal users and reduce the credibility of the site.With the increasment of Web attacks , the security risks of websites have reached unprecedented levels. According to the security problems of Web sites, basing on the HTTP protocol model, combining with the URL parsed technique and core extension technique of Web server, the paper designs and implements the WAF system based on ISAPI filter. The system can resist a variety of network attacks, and can protect IIS Web sites basing on the HTTP protocol. The system contains three modules, they are configuration module, filtration module and log module. This paper introduces the design and implementation of the filtration module in detail. The system mainly implements the following functions: filtering the type of HTTP request, restricting the length of HTTP head, forbidding SQL injection, forbidding Cookie injection, forbidding XSS attack, prohibiting the scan of sensitive directory, filtering the type of files and IP blacklist. The System can detect Web attacks effectively and can response correctly. At last, the system testing environment is set up to achieve function test, The result of the test shows that the system can filter Web attacks and react as expected. The system can meet the requirement, and it has high practical value.