CN108494766A - WAF regulation managements method and WAF groups - Google Patents
WAF regulation managements method and WAF groups Download PDFInfo
- Publication number
- CN108494766A CN108494766A CN201810235594.2A CN201810235594A CN108494766A CN 108494766 A CN108494766 A CN 108494766A CN 201810235594 A CN201810235594 A CN 201810235594A CN 108494766 A CN108494766 A CN 108494766A
- Authority
- CN
- China
- Prior art keywords
- waf
- equipment
- groups
- interception
- waf equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Selective Calling Equipment (AREA)
Abstract
A kind of WAF regulation managements method of the application offer and WAF groups, applied to the WAF groups for including multiple WAF equipment, method includes:Main WAF equipment in WAF groups obtains the data interception statistical information sent from WAF equipment;Main WAF equipment carries out cumulative statistics to the data interception statistical information respectively sent from WAF equipment, and interception Policy Updates notice is sent to from WAF equipment according to statistical result;Policy Updates notice is intercepted from the reception of WAF equipment, and the interception rule from WAF equipment is updated according to Policy Updates notice is intercepted;When main WAF equipment, which detects, has new WAF equipment to be added in the WAF groups, the interception being newly generated rule is sent to the new WAF equipment.In this way, a WAF equipment when newly being disposed, directly can obtain newest interception rule from corresponding WAF groups, the WAF equipment newly disposed is allow efficiently to put into interception protected working in time in time.
Description
Technical field
This application involves technical field of network security, in particular to a kind of WAF regulation managements method and WAF groups.
Background technology
WAF (Web Application Firewall, network application fire wall) equipment is a kind of for providing network
The equipment that the service of application carries out security protection.WAF equipment can usually count the data interception of network attack according to itself
The every priority level for intercepting rule of information adjustment, faster intercepts network attack with more acurrate.In the prior art,
It often disposes multiple WAF and carries out interception protection jointly, WAF equipment usually works independently, and is independently united according to the data interception of itself
It counts information adjustment and intercepts rule, it, can be right since its data interception statistical information is insufficient after a WAF equipment is good by new deployment
Excessive meaningless matching is carried out in the message for needing to intercept, causes matching efficiency low, influences service response speed.
Invention content
In order to overcome above-mentioned deficiency in the prior art, the application's is designed to provide a kind of WAF regulation managements method,
Applied to the WAF groups for including multiple WAF equipment, the method includes:
Main WAF equipment in WAF groups obtains the data interception statistical information sent from WAF equipment;
The main WAF equipment carries out cumulative statistics to the data interception statistical information respectively sent from WAF equipment, according to statistics
As a result Policy Updates notice is intercepted to described sent from WAF equipment;
It is described to receive the interception Policy Updates notice from WAF equipment, and notify to update according to the interception Policy Updates
This from WAF equipment interception rule;
When the main WAF equipment, which detects, has new WAF equipment to be added in the WAF groups, described in being newly generated
It intercepts rule and is sent to the new WAF equipment.
Optionally, in the above-mentioned methods, the method further includes:
WAF equipment receives user configuration one of in the WAF groups, as the main WAF equipment to other WAF
Equipment sends notice, other described WAF equipment is made to count letter as from WAF device customizings by the data interception from WAF equipment
Breath is sent to the main WAF equipment.
Optionally, in the above-mentioned methods, the method further includes:
At interval of a preset time, the WAF equipment of the WAF groups mutually notices operation loading condition;
Each WAF equipment receives the operation loading condition of other WAF equipment transmission, and the WAF of wherein operation most lightly loaded is set
It is standby to be used as the main WAF equipment.
Optionally, in the above-mentioned methods, the method further includes:
When the WAF equipment in the WAF groups is detached from the WAF groups as independent WAF equipment to work independently, the independence
WAF equipment updates the interception of the independent WAF equipment according to the data interception statistical information itself counted after the WAF groups is detached from
Rule.
Optionally, in the above-mentioned methods, the method further includes:
When the WAF equipment in the WAF groups is detached from the WAF groups and other WAF group works are added, delete from original
The interception rule that WAF groups obtain, and new interception rule is obtained from the WAF groups being newly added.
The another object of the application is to provide a kind of WAF groups, includes by multiple WAF equipment, wherein
Main WAF equipment in the WAF groups obtains the data interception statistical information sent from WAF equipment;
The main WAF equipment carries out cumulative statistics to the data interception statistical information respectively sent from WAF equipment, according to statistics
As a result Policy Updates notice is intercepted to described sent from WAF equipment;
It is described to receive the interception Policy Updates notice from WAF equipment, and notify to update according to the interception Policy Updates
This from WAF equipment interception rule;
When the main WAF equipment, which detects, has new WAF equipment to be added in the WAF groups, described in being newly generated
It intercepts rule and is sent to the new WAF equipment.
Optionally, in above-mentioned WAF groups, which is characterized in that
WAF equipment receives user configuration one of in the WAF groups, as the main WAF equipment to other WAF
Equipment sends notice, other described WAF equipment is made to count letter as from WAF device customizings by the data interception from WAF equipment
Breath is sent to the main WAF equipment.
Optionally, in above-mentioned WAF groups, at interval of a preset time, the WAF equipment of the WAF groups is mutually noticed
Run loading condition;Each WAF equipment receives the operation loading condition of other WAF equipment transmission, by wherein operation most lightly loaded
WAF equipment is as the main WAF equipment.
Optionally, it in above-mentioned WAF groups, is somebody's turn to do when the WAF equipment in the WAF groups is detached from as independent WAF equipment
When WAF groups work independently, which counts letter according to the data interception itself counted after the WAF groups is detached from
Breath updates the interception rule of the independent WAF equipment.
Optionally, in above-mentioned WAF groups, when the WAF equipment in the WAF groups is detached from the WAF groups and it is added
When its WAF group work, the interception rule obtained from former WAF groups is deleted, and new interception is obtained from the WAF groups being newly added
Rule.
In terms of existing technologies, the application has the advantages that:
WAF regulation managements method provided by the present application and WAF groups, by the way that WAF equipment group is managed, WAF groups
The WAF collaborative shares of group combine the interception rule that the data interception statistical information of each WAF equipment generates.In this way, a WAF is set
For when newly being disposed, can newest interception rule be directly obtained in time from corresponding WAF groups, make the WAF newly disposed
Equipment can efficiently put into interception protected working in time.
Description of the drawings
It, below will be to needed in the embodiment attached in order to illustrate more clearly of the technical solution of the embodiment of the present application
Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the application scenarios schematic diagram of WAF groups provided by the embodiments of the present application;
Fig. 2 is the step flow diagram of WAF regulation managements method provided by the embodiments of the present application;
Fig. 3 is the data interaction schematic diagram of principal and subordinate WAF equipment provided by the embodiments of the present application;
Fig. 4 is the hardware architecture diagram of WAF equipment provided by the embodiments of the present application.
Icon:10-WAF groups;100-WAF equipment;120- machine readable storage mediums;130- processors;20- networks take
Business device.
Specific implementation mode
To keep the purpose, technical scheme and advantage of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In attached drawing, technical solutions in the embodiments of the present application is clearly and completely described, it is clear that described embodiment is
Some embodiments of the present application, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is implemented
The component of example can be arranged and be designed with a variety of different configurations.
Therefore, below the detailed description of the embodiments herein to providing in the accompanying drawings be not intended to limit it is claimed
Scope of the present application, but be merely representative of the selected embodiment of the application.Based on the embodiment in the application, this field is common
The every other embodiment that technical staff is obtained without creative efforts belongs to the model of the application protection
It encloses.
It should be noted that:Similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent attached drawing in a attached drawing.
In the description of the present application, it is also necessary to which explanation is unless specifically defined or limited otherwise, term " setting ",
" installation ", " connected ", " connection " shall be understood in a broad sense, for example, it may be fixedly connected, may be a detachable connection or one
Connect to body;It can be mechanical connection, can also be electrical connection;It can be directly connected, it can also be indirect by intermediary
It is connected, can is the connection inside two elements.For the ordinary skill in the art, on being understood with concrete condition
State the concrete meaning of term in this application.
Fig. 1 is please referred to, the present embodiment provides a kind of WAF groups 10, the WAF groups 10 include multiple WAF equipment
100, each WAF equipment 100 can be in communication with each other, and the network server 20 to being protected carries out network attack protection.
Fig. 2 is please referred to, Fig. 2 is a kind of WAF regulation management methods applied to WAF groups 10 shown in Fig. 1, below to the party
The each step of method is described in detail.
Step S110, the main WAF equipment in the WAF groups 10 obtain the data interception statistics sent from WAF equipment and believe
Breath.
In the present embodiment, WAF equipment 100 receives user configuration one of in the WAF groups 10, as described
Main WAF equipment sends to other WAF equipment 100 and notices, and makes other described WAF equipment 100 as should be from from WAF device customizings
The data interception statistical information of WAF equipment is sent to the main WAF equipment.
In this way, when the WAF groups 10 establish, a main WAF equipment can be specified according to the configuration of user.It is described
The main WAF equipment of WAF groups 10 can be a fixed equipment, can also be that can change.For example, in the present embodiment
In, at interval of a preset time, the WAF equipment 100 of the WAF groups 10 can mutually notice operation loading condition.Each WAF is set
Standby 100 receive the operation loading condition that other WAF equipment 100 are sent, and will wherein run 100 conduct of WAF equipment of most lightly loaded
The main WAF equipment.
In this way, dynamically the WAF equipment 100 of the most lightly loaded main WAF equipment the most described can be reduced to the full extent
The statistical work of main WAF equipment intercepts entire WAF groups 10 influence of work.
Step S120, the main WAF equipment carry out cumulative system to the data interception statistical information respectively sent from WAF equipment
Meter intercepts Policy Updates notice according to statistical result to described sent from WAF equipment.
Please refer to Fig. 3, in the present embodiment, it is each it is described from WAF equipment can periodically to the main WAF equipment report this from
Data interception statistical information in a period of time of WAF equipment.Or the main WAF equipment periodic training obtain it is each it is described from
The data interception statistical information of WAF equipment.
The main WAF equipment carries out cumulative statistics after the data interception statistical information for getting each WAF equipment 100, and
New interception rule is obtained according to statistical result, and the new interception rule is sent to respectively from WAF equipment.
It is understood that when carrying out cumulative statistics, the data interception of the main WAF equipment is united for the main WAF equipment
Meter information also counts.Equally, also according to the interception of the newly-generated interception Policy Updates itself rule.
Step S130, it is described to receive the interceptions Policy Updates from WAF equipment and notify, and according to the interception Policy Updates
Notice updates the interception rule from WAF equipment.
Step S140 will when the main WAF equipment, which detects, has new WAF equipment 100 to be added in the WAF groups 10
The interception rule being newly generated is sent to the new WAF equipment 100.
In the present embodiment, when the main WAF equipment detects that the WAF groups 10 are added in new WAF equipment 100,
The newest rule that intercepts is issued to the WAF equipment 100 being newly added.The WAF equipment 100 of the new addition is used as from WAF
Equipment receives the interception rule that the main WAF equipment is sent, and starts interception protected working according to the interception rule.
In this way, newly deployed WAF equipment 100 can obtain rapidly the interception rule suitable for 10 network condition of WAF groups
Then, efficiently start to intercept work in time.
Further, in the present embodiment, de- as independent WAF equipment when the WAF equipment 100 in the WAF groups 10
When working independently from the WAF groups 10, the independent WAF equipment is according to being detached from the interception number itself counted after the WAF groups 10
The interception rule of the information update independent WAF equipment according to statistics.
In this way, leave WAF groups 10 independent WAF equipment can be based on before obtain intercept rule, in conjunction with later itself
Data interception statistical information update the independent WAF equipment interception rule.So that the independent WAF equipment is being detached from WAF groups
10 successors of group can work on.
Further, in the present embodiment, when the WAF equipment 100 in the WAF groups 10 is detached from the WAF groups 10 simultaneously
When other WAF groups 10 are added working, it is regular to delete the interception obtained from former WAF groups 10, and from the WAF groups 10 being newly added
Obtain new interception rule.
Since the network condition that different WAF groups 10 adapt to may be different, required interception rule may also be different,
It therefore in the present embodiment, should when a WAF equipment 100 is detached from original WAF groups 10 and is added to new WAF groups 10
WAF equipment 100 deletes the interception rule obtained from former WAF groups 10, then receives the interception of the WAF groups 10 being newly added offer
Rule.
In the present embodiment, the WAF equipment 100 in the WAF groups 10 can be entity device, such as server or specially
Firewall box, the WAF equipment 100 can also be disposed on virtual bench or virtual machine on entity device.
Fig. 4 is please referred to, Fig. 4 is the block diagram of WAF equipment 100 shown in FIG. 1.The WAF equipment 100 or described
Book host where WAF equipment 100 may include machine readable storage medium 120, processor 130.
The machine readable storage medium 120 and 130 each element of processor are directly or indirectly electrically connected between each other,
To realize the transmission or interaction of data.For example, these elements can pass through one or more communication bus or signal wire between each other
It realizes and is electrically connected.Also, the processor 130 by read and execute in machine readable storage medium 120 with WAF rule pipes
The corresponding machine-executable instruction of logic is managed, the WAF equipment 100 can be disposed and executed as main WAF equipment or from WAF equipment
Above-described WAF regulation managements method.
Wherein, the machine readable storage medium 120 may be, but not limited to, random access memory (Random
Access Memory, RAM), read-only memory (Read Only Memory, ROM), programmable read only memory
(Programmable Read-Only Memory, PROM), erasable read-only memory (Erasable Programmable
Read-Only Memory, EPROM), electricallyerasable ROM (EEROM) (Electric Erasable Programmable
Read-Only Memory, EEPROM) etc..
In conclusion WAF regulation managements method provided by the present application and WAF groups, by the way that WAF equipment group is carried out pipe
The WAF collaborative shares of reason, WAF groups combine the interception rule that the data interception statistical information of each WAF equipment generates.In this way,
One WAF equipment directly can obtain newest interception rule from corresponding WAF groups, make newly quilt in time when newly being disposed
The WAF equipment of deployment can efficiently put into interception protected working in time.
In embodiment provided herein, it should be understood that disclosed device and method, it can also be by other
Mode realize.The apparatus embodiments described above are merely exemplary, for example, the flow chart and block diagram in attached drawing are shown
According to the device, the architectural framework in the cards of method and computer program product, function of multiple embodiments of the application
And operation.In this regard, each box in flowchart or block diagram can represent one of a module, section or code
Point, a part for the module, section or code includes one or more for implementing the specified logical function executable
Instruction.It should also be noted that at some as in the realization method replaced, the function of being marked in box can also be attached to be different from
The sequence marked in figure occurs.For example, two continuous boxes can essentially be basically executed in parallel, they also may be used sometimes
To execute in the opposite order, this is depended on the functions involved.It is also noted that each of block diagram and or flow chart
The combination of box in box and block diagram and or flow chart, function or the dedicated of action are based on as defined in execution
The system of hardware is realized, or can be realized using a combination of dedicated hardware and computer instructions.
In addition, each function module in each embodiment of the application can integrate to form an independent portion
Point, can also be modules individualism, can also two or more modules be integrated to form an independent part.
It, can be with if the function is realized and when sold or used as an independent product in the form of software function module
It is stored in a computer read/write memory medium.Based on this understanding, the technical solution of the application is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be expressed in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be
People's computer, server or network equipment etc.) execute each embodiment the method for the application all or part of step.
And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic disc or CD.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
The above, the only specific implementation mode of the application, but the protection domain of the application is not limited thereto, it is any
Those familiar with the art can easily think of the change or the replacement in the technical scope that the application discloses, and should all contain
It covers within the protection domain of the application.Therefore, the protection domain of the application shall be subject to the protection scope of the claim.
Claims (10)
1. a kind of WAF regulation managements method, applied to the WAF groups for including multiple WAF equipment, which is characterized in that the method
Including:
Main WAF equipment in the WAF groups obtains the data interception statistical information sent from WAF equipment;
The main WAF equipment carries out cumulative statistics to the data interception statistical information respectively sent from WAF equipment, according to statistical result
Policy Updates notice is intercepted to described sent from WAF equipment;
It is described to receive interceptions Policy Updates notice from WAF equipment, and updated according to interceptions Policy Updates notice be somebody's turn to do from
The interception rule of WAF equipment;
When the main WAF equipment, which detects, has new WAF equipment to be added in the WAF groups, the interception that will be newly generated
Rule is sent to the new WAF equipment.
2. according to the method described in claim 1, it is characterized in that, the method further includes:
WAF equipment receives user configuration one of in the WAF groups, as the main WAF equipment to other WAF equipment
Notice is sent, other described WAF equipment is made to be sent out as from WAF device customizings by the data interception statistical information from WAF equipment
Give the main WAF equipment.
3. according to the method described in claim 1, it is characterized in that, the method further includes:
At interval of a preset time, the WAF equipment of the WAF groups mutually notices operation loading condition;
Each WAF equipment receives the operation loading condition of other WAF equipment transmission, and the WAF equipment of wherein operation most lightly loaded is made
For the main WAF equipment.
4. according to the method described in claim 1, it is characterized in that, the method further includes:
When the WAF equipment in the WAF groups is detached from the WAF groups as independent WAF equipment to work independently, the independent WAF
Equipment updates the interception rule of the independent WAF equipment according to the data interception statistical information itself counted after the WAF groups is detached from
Then.
5. according to the method described in claim 1, it is characterized in that, the method further includes:
When the WAF equipment in the WAF groups is detached from the WAF groups and other WAF group works are added, delete from former WAF
The interception rule that group obtains, and new interception rule is obtained from the WAF groups being newly added.
6. a kind of WAF groups, which is characterized in that include by multiple WAF equipment, wherein
Main WAF equipment in the WAF groups obtains the data interception statistical information sent from WAF equipment;
The main WAF equipment carries out cumulative statistics to the data interception statistical information respectively sent from WAF equipment, according to statistical result
Policy Updates notice is intercepted to described sent from WAF equipment;
It is described to receive interceptions Policy Updates notice from WAF equipment, and updated according to interceptions Policy Updates notice be somebody's turn to do from
The interception rule of WAF equipment;
When the main WAF equipment, which detects, has new WAF equipment to be added in the WAF groups, the interception that will be newly generated
Rule is sent to the new WAF equipment.
7. WAF groups according to claim 6, which is characterized in that
WAF equipment receives user configuration one of in the WAF groups, as the main WAF equipment to other WAF equipment
Notice is sent, other described WAF equipment is made to be sent out as from WAF device customizings by the data interception statistical information from WAF equipment
Give the main WAF equipment.
8. WAF groups according to claim 6, which is characterized in that at interval of a preset time, the WAF of the WAF groups
Equipment mutually notices operation loading condition;Each WAF equipment receives the operation loading condition of other WAF equipment transmission, will wherein transport
The WAF equipment of row most lightly loaded is as the main WAF equipment.
9. WAF groups according to claim 6, which is characterized in that when the WAF equipment in the WAF groups is as independent
When WAF equipment is detached from WAF groups autonomous working, which blocks according to what is itself counted after the disengaging WAF groups
Cut the interception rule that data statistics update the independent WAF equipment.
10. WAF groups according to claim 6, which is characterized in that be somebody's turn to do when the WAF equipment in the WAF groups is detached from
WAF groups and when other WAF group works are added, it is regular to delete the interception obtained from former WAF groups, and from the WAF being newly added
Group obtains new interception rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810235594.2A CN108494766A (en) | 2018-03-21 | 2018-03-21 | WAF regulation managements method and WAF groups |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810235594.2A CN108494766A (en) | 2018-03-21 | 2018-03-21 | WAF regulation managements method and WAF groups |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108494766A true CN108494766A (en) | 2018-09-04 |
Family
ID=63319016
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810235594.2A Pending CN108494766A (en) | 2018-03-21 | 2018-03-21 | WAF regulation managements method and WAF groups |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108494766A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109660548A (en) * | 2018-12-28 | 2019-04-19 | 北京奇安信科技有限公司 | Firewall rule generation method and server based on overall network topology structure |
| US20210194852A1 (en) * | 2019-12-19 | 2021-06-24 | Radware, Ltd. | System and method for analytics based waf service configuration |
| CN116192533A (en) * | 2023-04-24 | 2023-05-30 | 远江盛邦(北京)网络安全科技股份有限公司 | WAF deployment system, WAF deployment method, WAF deployment equipment and WAF deployment medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103095778A (en) * | 2011-11-07 | 2013-05-08 | 北京知道创宇信息技术有限公司 | Web application firewall and web application safety protection method |
| CN105391703A (en) * | 2015-10-28 | 2016-03-09 | 南方电网科学研究院有限责任公司 | Cloud-based WEB application firewall system and safety protection method thereof |
| US9380027B1 (en) * | 2015-03-30 | 2016-06-28 | Varmour Networks, Inc. | Conditional declarative policies |
| CN106027569A (en) * | 2016-07-19 | 2016-10-12 | 浪潮电子信息产业股份有限公司 | Firewall management methods, master node, slave node, and cluster |
| CN106657019A (en) * | 2016-11-24 | 2017-05-10 | 华为技术有限公司 | Network security protection method and device |
-
2018
- 2018-03-21 CN CN201810235594.2A patent/CN108494766A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103095778A (en) * | 2011-11-07 | 2013-05-08 | 北京知道创宇信息技术有限公司 | Web application firewall and web application safety protection method |
| US9380027B1 (en) * | 2015-03-30 | 2016-06-28 | Varmour Networks, Inc. | Conditional declarative policies |
| CN105391703A (en) * | 2015-10-28 | 2016-03-09 | 南方电网科学研究院有限责任公司 | Cloud-based WEB application firewall system and safety protection method thereof |
| CN106027569A (en) * | 2016-07-19 | 2016-10-12 | 浪潮电子信息产业股份有限公司 | Firewall management methods, master node, slave node, and cluster |
| CN106657019A (en) * | 2016-11-24 | 2017-05-10 | 华为技术有限公司 | Network security protection method and device |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109660548A (en) * | 2018-12-28 | 2019-04-19 | 北京奇安信科技有限公司 | Firewall rule generation method and server based on overall network topology structure |
| CN109660548B (en) * | 2018-12-28 | 2022-07-05 | 奇安信科技集团股份有限公司 | Firewall rule generation method based on global network topology structure and server |
| US20210194852A1 (en) * | 2019-12-19 | 2021-06-24 | Radware, Ltd. | System and method for analytics based waf service configuration |
| US11991149B2 (en) * | 2019-12-19 | 2024-05-21 | Radware, Ltd. | System and method for analytics based WAF service configuration |
| CN116192533A (en) * | 2023-04-24 | 2023-05-30 | 远江盛邦(北京)网络安全科技股份有限公司 | WAF deployment system, WAF deployment method, WAF deployment equipment and WAF deployment medium |
| CN116192533B (en) * | 2023-04-24 | 2023-07-21 | 远江盛邦(北京)网络安全科技股份有限公司 | WAF deployment system, WAF deployment method, WAF deployment equipment and WAF deployment medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20190373052A1 (en) | Aggregation of scalable network flow events | |
| US11095675B1 (en) | System and method for identifying system vulnerabilities | |
| US9338187B1 (en) | Modeling user working time using authentication events within an enterprise network | |
| CN108737447B (en) | User datagram protocol flow filtering method, device, server and storage medium | |
| CN109842694B (en) | Method for synchronizing MAC addresses, network equipment and computer readable storage medium | |
| CN102769549A (en) | Network security monitoring method and device | |
| CN108494766A (en) | WAF regulation managements method and WAF groups | |
| CN102870377A (en) | Monitoring method and device for virtual port | |
| CN104767634A (en) | Method and apparatus for managing flow table | |
| US11658863B1 (en) | Aggregation of incident data for correlated incidents | |
| CN103152390A (en) | Method and device and nodes and system for node configuration of distributed storage system | |
| CN103618733A (en) | Data filtering system and method applied to mobile internet | |
| CN106034054A (en) | Redundant access control list ACL rule file detection method and apparatus thereof | |
| CN105656684B (en) | Failure simulation method and device | |
| US10205813B2 (en) | Method and system for detecting abnormal contact information and server | |
| CN109450804A (en) | A kind of network resource control method | |
| CN107896196B (en) | Method and device for distributing messages | |
| CN103763323A (en) | Method and device for managing firewall rules | |
| CN105406989B (en) | Handle method, network interface card and system, the method and host of more new information of message | |
| CN105283864A (en) | Governing bare metal guests | |
| WO2020033404A1 (en) | Modeling anomalousness of new subgraphs observed locally in a dynamic graph based on subgraph attributes | |
| WO2016170664A1 (en) | Abnormal-packet filtering apparatus and abnormal-packet filtering method | |
| CN113114588B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN112398695B (en) | Large-scale terminal equipment control method, system, equipment and storage medium | |
| CN104539611A (en) | Method, device and system for managing shared file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant after: Beijing Zhichuangyu Information Technology Co., Ltd. Address before: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant before: Beijing Knows Chuangyu Information Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180904 |
|
| RJ01 | Rejection of invention patent application after publication |