WAF on the network is an integrated WEB security protection device that integrates WEB protection, web page protection, load balancing and application delivery.
WAF is the abbreviation of "Web Application Firewall" in English, which means "Web application firewall" in Chinese, also known as "website application-level intrusion prevention system". WAF's biggest challenge is the recognition rate, which is not an easy indicator to measure, because not all intruders who have escaped from the net are openly advertised, such as hanging horses on web pages. It is difficult to detect which one has come in, and it is certainly impossible to count without knowing.
WAF needs to be deployed in front of the Web server and connected in series, which not only requires high hardware performance, but also cannot affect the Web service. Therefore, HA function and Bypass function are necessary, and it should be deployed in coordination with common products in front of the Web server such as load balancing.
introduction to the classification of WAF:
1. Hardware WAF
is usually deployed in the front end of a Web server in series to detect and block abnormal traffic. Proxy technology is used to proxy the external traffic, and the request packet is parsed, which is matched by the attack rules in the security rule base. If the rules in the rule base are successfully matched, it is identified as abnormal and the request is blocked.
2. The software WAF
is usually deployed on the server that needs protection, and requests are detected and blocked through the listening port or in the way of Web container extension.
3. Cloud WAF
is also called the cloud mode of WEB application firewall. This mode allows users to implement security protection for websites without installing software programs or deploying hardware devices in their own networks. The main way to achieve security protection is to use DNS technology and transfer domain name resolution rights. The user's request is first sent to the cloud node for detection, and if there is an abnormal request, it is intercepted, otherwise the request is forwarded to the real server.