CN104994084A - Local agent method of WEB firewall - Google Patents
Local agent method of WEB firewall Download PDFInfo
- Publication number
- CN104994084A CN104994084A CN201510347588.2A CN201510347588A CN104994084A CN 104994084 A CN104994084 A CN 104994084A CN 201510347588 A CN201510347588 A CN 201510347588A CN 104994084 A CN104994084 A CN 104994084A
- Authority
- CN
- China
- Prior art keywords
- compartment wall
- fire compartment
- web
- packet
- engine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a local agent method of a WEB firewall. First connection is established between a client side and an agent engine of the WEB firewall, second connection is established between the agent engine of the WEB firewall and a server, and the agent engine of the WEB firewall sends quadruple information connected for two times to a protocol stack of the WEB firewall; the protocol stack of the WEB firewall records a request data package which receives the first connection, the agent engine performs rule detection, and, when the request data package is a non-attack package, connection is established between the web engine and a server side, and data package sending is performed; and, after the protocol stack of the WEB firewall determines that the data package transmitted back by the server side is a response data package of the second connection, and the response data package is directly sent to the client side after the response data package is modification check. The local agent method can effectively improve great concurrent access lower agent engine performance, and effectively reduce a load of the gent engine.
Description
Technical field
The invention belongs to web agent skill group field, be specifically related to a kind of Local agent method of WEB fire compartment wall.
Background technology
Along with enriching of Web application, all kinds of attack tool is constantly general and powerful, and the potential safety hazard on the Internet gets more and more.Along with client's core business system is to the increase of network degree of dependence, Web application attack quantity will sustainable growth, and the loss order of severity also can increase severely.Therefore, the various organization such as government, enterprise all must to some extent countermeasure to protect its investment, profit and service.
In the ordinary course of things, use web browser directly to remove to connect other Internet websites when obtaining the network information, be contact directly point of destination point server, then by point of destination point server, information transmission returned.Proxy server is another station server between client and Web server, after having had it, browser is not directly go to fetch webpage to Web server but send request to proxy server, signal first can deliver to proxy server, fetches the information required for browser and send your browser to by proxy server.
And in web application firewall, web agent engine is the core of web protection, when Concurrency Access amount is larger, web application firewall internal memory may be caused sharply to rise, make the load of agent engine very heavy simultaneously, and then cause agent capabilities sharply to decline, have a strong impact on the normal access of website, therefore for the support of large Concurrency Access, be the key in current web fire compartment wall.
Summary of the invention
In view of this, main purpose of the present invention is a kind of Local agent method providing WEB fire compartment wall.
For achieving the above object, technical scheme of the present invention is achieved in that
The embodiment of the present invention provides a kind of Local agent method of WEB fire compartment wall, the method is: the agent engine of client and WEB fire compartment wall sets up First Contact Connections, agent engine and the server end of described WEB fire compartment wall are set up second time and are connected, and the quaternary group information of twice connection is sent to the protocol stack of WEB fire compartment wall by the agent engine of described WEB fire compartment wall; The protocol stack of described WEB fire compartment wall records the request data package receiving the first connection, agent engine carries out rule detection, and when described request packet is non-attack bag, then web engine and server end connect, and carry out Packet Generation; Described WEB fire compartment wall protocol stack determination server end passback packet be second time connect response data bag after, to described response data bag modify verification after be directly sent to client.
In such scheme, described quaternary group information comprises source IP address, source port number, object IP address, destination slogan.
In such scheme, when described agent engine carries out rule detection to the request data package received, if described request packet is attack packets, then directly sends it back and answer packet to client, and disconnect with client.
In such scheme, when the object IP address in described request packet, destination interface and protected website are inconsistent, namely this website is not by the protection of web fire compartment wall, be not then uploaded to agent engine, directly forwarded by protocol stack.
In such scheme, the packet of the protocol stack determination server end passback of described WEB fire compartment wall is after the response data bag of second time connection, to described response data bag modify verification after be directly sent to client, be specially: when the source IP address of packet, when source port is consistent with protected website, namely packet is the response data that second time connects, now search the source MAC in First Contact Connections information structure, source IP, source port, entrance network interface information, to the object MAC of this packet, object IP, destination interface, outlet network interface information and TCP sequence number are modified, and carry out IP head, TCP head carries out verify calculation, finally directly be sent to client.
Compared with prior art, beneficial effect of the present invention:
The present invention effectively can improve the performance of agent engine under large Concurrency Access, effectively reduces the load of agent engine, in the application of web fire compartment wall, while the throughput performance improving web fire compartment wall, does not affect the existing safeguard function of web fire compartment wall.
Accompanying drawing explanation
Fig. 1 provides a kind of flow chart of Local agent method of WEB fire compartment wall for the embodiment of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.
The embodiment of the present invention provides a kind of Local agent method of WEB fire compartment wall, and as shown in Figure 1, the method is realized by following steps:
Step 101: the agent engine of client and WEB fire compartment wall sets up First Contact Connections, agent engine and the server end of described WEB fire compartment wall are set up second time and are connected, and the quaternary group information of twice connection is sent to the protocol stack of WEB fire compartment wall by the agent engine of described WEB fire compartment wall.
Concrete, need to set up twice tcp between described agent engine with client and server end to be connected, when the quaternary group information of twice connection correspondence informing protocol stack, so that protocol stack can the cognitive corresponding relation to twice connection after the success of twice connection establishment.
Article one, TCP connects is carry out uniquely identified by transmit leg socket and recipient's socket, and namely TCP connection quaternary group information carrys out unique identification, and described quaternary group information comprises source IP address, source port number, object IP address, destination slogan.
Step 102: the protocol stack of described WEB fire compartment wall records the request data package receiving the first connection, agent engine carries out rule detection.
Concrete, in protocol stack packet receiving porch, according to the corresponding relation of twice connection, judge that packet is by the data of First Contact Connections request, time consistent with protected website with destination interface when the object IP address in request data package, namely request data package is the request msg of First Contact Connections, at this moment, record its TCP sequence number, TCP acknowledgment sequence number and tcp window size etc., by the TCP sequence number of packet, TCP acknowledgment sequence number, tcp window size, source MAC, source IP, source port, entrance network interface information is stored in the information structure of First Contact Connections, and then packet is reached agent engine process.
Rule detection can be carried out to packet after agent engine receives packet, if this packet is non-attack bag, then web engine and server end connect, and carry out Packet Generation, otherwise directly send it back and answer packet to client, and disconnect with client.
When the object IP address in request data package, destination interface and protected website are inconsistent, namely this website is not by the protection of web fire compartment wall, then be not uploaded to web firewall engine, directly forwarded by protocol stack.
Step 103: described WEB fire compartment wall protocol stack determination server end passback packet be second time connect response data bag after, to described response data bag modify verification after be directly sent to client.
Concrete; when the source IP address of packet, source port are consistent with protected website; namely packet is the response data that second time connects; now search the source MAC in First Contact Connections information structure, source IP, source port, entrance network interface information; object MAC, the object IP of this packet, destination interface, outlet network interface information and TCP sequence number etc. are modified; and carry out IP head, TCP head carries out verify calculation, is finally directly sent to client.
The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.
Claims (5)
1. the Local agent method of a WEB fire compartment wall, it is characterized in that, the method is: the agent engine of client and WEB fire compartment wall sets up First Contact Connections, agent engine and the server end of described WEB fire compartment wall are set up second time and are connected, and the quaternary group information of twice connection is sent to the protocol stack of WEB fire compartment wall by the agent engine of described WEB fire compartment wall; The protocol stack of described WEB fire compartment wall records the request data package receiving the first connection, agent engine carries out rule detection, and when described request packet is non-attack bag, then web engine and server end connect, and carry out Packet Generation; Described WEB fire compartment wall protocol stack determination server end passback packet be second time connect response data bag after, to described response data bag modify verification after be directly sent to client.
2. the Local agent method of WEB fire compartment wall according to claim 1, is characterized in that: described quaternary group information comprises source IP address, source port number, object IP address, destination slogan.
3. the Local agent method of WEB fire compartment wall according to claim 1 and 2, is characterized in that:
When described agent engine carries out rule detection to the request data package received, if described request packet is attack packets, then directly sends it back and answer packet to client, and disconnect with client.
4. the Local agent method of WEB fire compartment wall according to claim 3; it is characterized in that: when the object IP address in described request packet, destination interface and protected website are inconsistent; namely this website is not by the protection of web fire compartment wall; then be not uploaded to agent engine, directly forwarded by protocol stack.
5. the Local agent method of WEB fire compartment wall according to claim 4, it is characterized in that, the packet of the protocol stack determination server end passback of described WEB fire compartment wall is after the response data bag of second time connection, to described response data bag modify verification after be directly sent to client, be specially: when the source IP address of packet, when source port is consistent with protected website, namely packet is the response data that second time connects, now search the source MAC in First Contact Connections information structure, source IP, source port, entrance network interface information, to the object MAC of this packet, object IP, destination interface, outlet network interface information and TCP sequence number are modified, and carry out IP head, TCP head carries out verify calculation, finally directly be sent to client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510347588.2A CN104994084A (en) | 2015-06-23 | 2015-06-23 | Local agent method of WEB firewall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510347588.2A CN104994084A (en) | 2015-06-23 | 2015-06-23 | Local agent method of WEB firewall |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104994084A true CN104994084A (en) | 2015-10-21 |
Family
ID=54305836
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510347588.2A Pending CN104994084A (en) | 2015-06-23 | 2015-06-23 | Local agent method of WEB firewall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104994084A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109246145A (en) * | 2018-10-31 | 2019-01-18 | 四川中企互信信息技术有限公司 | A kind of network erection method applied to intranet and extranet safety |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB9723154D0 (en) * | 1997-11-04 | 1998-01-07 | Ibm | Methods and apparatus for routing data packets |
| CN1555170A (en) * | 2003-12-23 | 2004-12-15 | 沈阳东软软件股份有限公司 | Flow filtering fine wall |
| CN1604539A (en) * | 2004-10-29 | 2005-04-06 | 江苏南大苏富特软件股份有限公司 | Firewall kernel security component integration method |
| CN101834783A (en) * | 2010-03-29 | 2010-09-15 | 北京星网锐捷网络技术有限公司 | Method and device for forwarding messages and network equipment |
| CN102611700A (en) * | 2012-02-24 | 2012-07-25 | 汉柏科技有限公司 | Method for realizing VPN (Virtual Private Network) access under transparent mode |
| CN103607350A (en) * | 2013-12-10 | 2014-02-26 | 山东中创软件商用中间件股份有限公司 | Method and device for generating route |
-
2015
- 2015-06-23 CN CN201510347588.2A patent/CN104994084A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB9723154D0 (en) * | 1997-11-04 | 1998-01-07 | Ibm | Methods and apparatus for routing data packets |
| CN1555170A (en) * | 2003-12-23 | 2004-12-15 | 沈阳东软软件股份有限公司 | Flow filtering fine wall |
| CN1604539A (en) * | 2004-10-29 | 2005-04-06 | 江苏南大苏富特软件股份有限公司 | Firewall kernel security component integration method |
| CN101834783A (en) * | 2010-03-29 | 2010-09-15 | 北京星网锐捷网络技术有限公司 | Method and device for forwarding messages and network equipment |
| CN102611700A (en) * | 2012-02-24 | 2012-07-25 | 汉柏科技有限公司 | Method for realizing VPN (Virtual Private Network) access under transparent mode |
| CN103607350A (en) * | 2013-12-10 | 2014-02-26 | 山东中创软件商用中间件股份有限公司 | Method and device for generating route |
Non-Patent Citations (1)
| Title |
|---|
| 蔡圣闻: "内核级透明代理TPF的设计与实现", 《计算机科学》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109246145A (en) * | 2018-10-31 | 2019-01-18 | 四川中企互信信息技术有限公司 | A kind of network erection method applied to intranet and extranet safety |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104519036B (en) | A kind of method and device for sending business request information | |
| CN101997768B (en) | Method and device for uploading address resolution protocol messages | |
| CN106936791B (en) | Method and device for intercepting malicious website access | |
| CN101582856B (en) | Session setup method of portal server and BAS (broadband access server) device and system thereof | |
| CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
| CN102655481A (en) | Webpape-based instant messaging chat content looking-up method and system | |
| CN101771695A (en) | Transmission control protocol (TCP) connection processing method and system and synchronization (SYN) agent equipment | |
| CN106899500B (en) | Message processing method and device for cross-virtual extensible local area network | |
| CN103618726A (en) | Method for recognizing mobile data service based on HTTPS | |
| CN108881233A (en) | anti-attack processing method, device, equipment and storage medium | |
| CN105357212A (en) | DNS end-to-end analysis method capable of ensuring safety and privacy | |
| CN102413176A (en) | Connection transfer method and equipment | |
| CN103684974A (en) | Mail processing method and system | |
| CN106487807A (en) | A kind of means of defence of domain name mapping and device | |
| CN110474922B (en) | Communication method, PC system and access control router | |
| CN104184646A (en) | VPN data interaction method and system and VPN data interaction device | |
| CN107707569A (en) | DNS request processing method and DNS systems | |
| CN104735050B (en) | A kind of fusion mac certifications and the authentication method of web authentication | |
| CN104283716A (en) | Data transmission method, equipment and system | |
| CN106302539A (en) | A kind of embedded type WEB safety certifying method | |
| CN104994084A (en) | Local agent method of WEB firewall | |
| CN106470249A (en) | Gateway-whois domain name registration querying method and device | |
| TW201312369A (en) | Method for filetring web page content and network equipment | |
| CN103501334B (en) | Data transmission method, equipment and network system | |
| CN105991509A (en) | Session processing method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151021 |