江苏省科技期刊可视化阅读平台

导航条

《无线互联科技》杂志社 ›› 2022, Vol. 19 ›› Issue (9): 116-118.

• 技术应用 • 上一篇    下一篇

Web应用防火墙在高校网络安全中的应用

张恬   

  1. 无锡城市职业技术学院,江苏 无锡 214153
  • 出版日期:2022-05-10 发布日期:2022-07-25
  • 作者简介:张恬(1985— ),女,山东菏泽人,工程师,硕士;研究方向:网络模拟与信息化。
  • 基金资助:
    江苏高校哲学社会科学研究基金项目;项目名称:信息生态视域下“新市民”信息贫困研究——以无锡市为例;项目编号:2018SJA0886。无锡城市职业技术学院科研(专项)课题;项目编号:WXCY-2020-KY-23。

Application of Web application firewall in university network security

Zhang Tian   

  1. Wuxi City College of Vocational Technology, Wuxi 214153,China
  • Online:2022-05-10 Published:2022-07-25

PDF

834

摘要: Web应用的形式繁多,攻击类型相对多样化,而传统的网络安全设备工作在网络层居多,与应用层的防护不匹配,文章通过对Web应用相关技术HTTP协议分析,对HTTP请求和应答过程的解析,以及基于已知攻击方式的不足,提出了基于特异性配置的Web应用防火墙配置。对自定义规则组针对不同Web应用匹配不同的规则,分析该种配置方式的优点,日常管理Web应用防火墙的有效方式,最后通过实际配置应用,验证该配置方式可以有效防御Web应用层的攻击,具备良好的安全防护能力。

关键词: Web应用防火墙, HTTP, Web应用

Abstract: There are many forms of Web applications, and the types of attacks are relatively diversified. Traditional network security devices mostly work at the network layer, which does not match the protection of the application layer. This article analyzes the HTTP protocol of Web application related technologies and analyzes the HTTP request and response process. Analysis and based on the deficiencies of known attack methods, a Web application firewall configuration based on specific configuration is proposed. Match different rules for different Web applications to the custom rule group, analyze the advantages of this configuration method, the effective way of daily management of Web application firewalls, and finally verify that the configuration method can effectively defend against attacks at the Web application layer through the actual configuration of the application. Possess good security protection capabilities.

Key words: Web application firewall, HTTP, Web application