CN108667687A - A kind of WAF test methods based on Nginx - Google Patents

A kind of WAF test methods based on Nginx Download PDF

Info

Publication number
CN108667687A
CN108667687A CN201810343027.9A CN201810343027A CN108667687A CN 108667687 A CN108667687 A CN 108667687A CN 201810343027 A CN201810343027 A CN 201810343027A CN 108667687 A CN108667687 A CN 108667687A
Authority
CN
China
Prior art keywords
nginx
mirror
request
waf
location
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810343027.9A
Other languages
Chinese (zh)
Inventor
冯其
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201810343027.9A priority Critical patent/CN108667687A/en
Publication of CN108667687A publication Critical patent/CN108667687A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The WAF test methods based on Nginx that the invention discloses a kind of, belong to information security field.Including the following contents:When client is by Nginx proxy access Original, Nginx mirror modules are by client to a access request as Mirror of access request copy of Original;When request reaches Nginx, matching location can be removed inside Nginx, and different processing is made to request according to different location;When request is matched to Original location, while forwarding the request to Original in Original location modules, it can also generate a mirror request and go matching Mirror location modules.Actual services environment and real user request are mapped to backstage mirroring service by the present invention, can be simulated the running environment after WAF reaches the standard grade completely, can be tested WAF according to user's true request in the case where not influencing business on line.

Description

A kind of WAF test methods based on Nginx
Technical field
Embodiments of the present invention are related to belonging to information security field, more specifically, embodiments of the present invention are related to one WAF test method of the kind based on Nginx.
Background technology
With the continuous development of computer technology, web is using more and more extensive.Nginx takes as the Web of a lightweight Business device, HTTP processing capacities and reverse proxy function with high performance are widely used as WAF deployment services devices.WAF is Web The safety guarantee of application must comprehensively test its function and performance before reaching the standard grade.Currently, WAF tests can generally be passed through Two steps are tested under line and are tested on line.WAF functions and performance are mainly tested under line, generally pass through the loopholes platform such as DVWA Or line Imitating service environment detects WAF functions, surveys tool by Jmeter equipressures and detects WAF performances.By first under line Pacing tries, and can probably understand the performance of WAF, excludes the mistakes of WAF functionally, but is not avoided that after WAF reaches the standard grade and produces Raw wrong report and other unpredictable negative effects caused by business on line.So WAF will also pass through one section after reaching the standard grade when Between line on test, to detect operating conditions of the WAF under actual services environment, exclude some specific operational wrong reports.But It is that the influence that the wrong report generated after reaching the standard grade for WAF is brought is inevitable, it is likely that the normal fortune of business on line can be influenced Row causes to use upper inconvenience to client, causes unnecessary loss.
As shown in FIG. 1, FIG. 1 is traditional WAF deployment way, WAF are deployed in Nginx servers, request passes through Nginx reverse proxys are initiated to access to business source station, and requests all in this way will pass through WAF and detect.If request reaches WAF Triggering is regular, then interception request.If not triggering rule, request passes through, and Nginx forwards the request to business source station.Service source The response to request of standing similarly is passed through WAF and is detected, and client can be just sent to by not triggering the response of WAF rules.
Invention content
The purpose of the present invention is being directed to above-mentioned background technology, a kind of WAF test methods based on Nginx are provided, it is expected How solution is tested WAF based on actual services data, because wrong report has an impact business on line after avoiding WAF from reaching the standard grade, And others WAF reaches the standard grade the unpredictable negative effect brought.
To solve the above-mentioned problems, the present invention takes following technical scheme:A kind of WAF test methods based on Nginx, packet Include the following contents:When client is by Nginx proxy access Original, Nginx mirror modules (ngx_http_mirror_ Modulek) by client to a access request as Mirror of access request copy of Original;When request reaches When Nginx, matching location can be removed inside Nginx, and different processing is made to request according to different location;When asking It asks when being matched to Original location, the same of Original is forwarded the request in Original location modules When, it can also generate a mirror request and go matching Mirror location modules;When mirror request is matched to Mirror When location, WAF can go detection mirror request in Mirror location, if not triggering WAF rules, Mirror location forward requests to Mirror;After Mirror is responded, response also can be passed through first when reaching Nginx WAF detections are crossed, if not triggering rule, response reaches the respective stage of Nginx processing responses by WAF.
Further technical solution is:The response Nginx of Original is transmitted to customer side, and the response of Mirror reaches It is then abandoned by Nginx when Nginx.
Http request can be copied to other by the present invention by the ngx_http_mirror_modulek modules of Nginx The response output of environment, the request of mirror image can be ignored by Nginx.Using this function, we can backstage deployment one with The same mirroring service environment of business, WAF is deployed in before this mirroring service on line, then will be real-time on service line Flowing of access copies Mirroring Environment to, thereby realizes the function that WAF is tested according to actual services flow.
Compared with prior art, the present invention having advantageous effect below:WAF test methods provided by the invention, pass through Actual services environment and real user request are mapped to backstage mirror image industry by the ngx_http_mirror_module modules of Nginx Business, can simulate the running environment after WAF reaches the standard grade completely, can be in the case where not influencing business on line according to user's true request WAF is tested, not only can report the influence brought by mistake to avoid because of WAF, moreover it is possible to be excluded other unpredictable after WAF reaches the standard grade Mistake.
Description of the drawings
Fig. 1 is that prior art tradition WAF disposes schematic diagram.
Fig. 2 is Nginx mirror modules principle schematic of the present invention;
Fig. 3 is that the present invention is based on the WAF of mirror module deployment and request processing procedure schematic diagrames.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
Embodiment
As shown in Fig. 2, Fig. 2 is Nginx mirror modules (ngx_http_mirror_module) principle, client passes through When Nginx reverse proxy access services source station (Original), ngx_http_mirror_module modules can be by client It is a as the access request to mirror image source station (Mirror) to the access request copy of Original.The response of Original Nginx can be transmitted to customer side, and the response of Mirror can then be abandoned when reaching Nginx by Nginx.
As shown in figure 3, Fig. 3 is WAF deployment and request processing procedure based on mirror module, this part is mainly to Nginx Internal processes are explained, and the part outside Nginx same Fig. 1, Fig. 2 are the same.When request reaches Nginx, inside Nginx Matching location can be removed, different processing is made to request according to different location.When request is matched in figure When Original location, while forwarding the request to industry source station in Original location modules, can also it generate One mirror request goes matching Mirror location modules.
When mirror request is matched to Mirror location, WAF can go detection mirror image to ask in Mirror location It asks, if not triggering WAF rules, Mirror location forward requests to mirroring service source station (Mirror).When After Mirror is responded, response can also first pass through WAF detections when reaching Nginx, if not triggering rule, response passes through WAF reaches the respective stage of Nginx processing responses, and General N ginx can lose the response of mirror request, only by the sound of Original Client should be returned to, the WAF tests based on real user request data had both been realized in this way, and had also avoided WAF test process In influence to business on line, and the wrong report after WAF reaches the standard grade and some other negative effects can also be excluded.
The mainly configuration of explanation Original location and Mirror location below.Configuration code is following (after # Content be explanatory notes):
Original location configuration instructions:The configuration service source station in Original location, when needs add Add and only needs to add original configuration codes shown in upper example in the configuration of the business source station of script when mirror module.It needs It should be noted that ngx_http_mirror_module modules only support Nginx1.13.4 and the above version, and ngx_http_ Mirror_module modules are default installations, need not individually compile installation.
When user URL is matched to original location, Nginx can be asked by normal flow processing, for For family and business source station, without any variation.Only when request matches original location, the backstages Nginx can lead to It crosses mirror instructions and request is replicated into portion to specified mirroring service source station.The response of mirroring service source station returns can quilt Nginx ignores, so by this deployment way, mirroring service source station will not impact the business source station on line.
Mirror location configuration instructions:When testing WAF, Mirror location can be deployed as and service source Website as standing, ensures that the reliability of test environment in this way, in addition request is to ask to replicate by user, It ensure that the authenticity of test data.And business on line will not be impacted in test process.When WAF is through after a period of time Test after, can location/mirror be directly changed to the uri that user really needs access, then will configuration in Internal instructions comment out, the WAF tested by real user access request data can be allowed directly to reach the standard grade input It uses, also need not separately dispose again, while simplifying WAF deployment, also ensure the smooth upgrade of business source station.
Although reference be made herein to invention has been described for explanatory embodiment of the invention, however, it is to be understood that ability Field technique personnel can be designed that a lot of other modification and implementations, these modifications and implementations will be fallen in the application public affairs Within the scope and spirit opened.It more specifically, can be to the group of theme combination layout in range disclosed in the present application A variety of variations and modifications are carried out at component and/or layout.In addition to variations and improvements to the component parts and or layout, To those skilled in the art, other purposes also will be apparent.

Claims (2)

1. a kind of WAF test methods based on Nginx, which is characterized in that including the following contents:
When client is by Nginx proxy access Original, Nginx mirror modules ask the access of Original client Seek a access request as Mirror of copy;When request reaches Nginx, matching location can be removed inside Nginx, Different processing is made to request according to different location;When request is matched to Original location, While forwarding the request to Original in Original location modules, it can also generate a mirror request and go to match Mirror location modules;When mirror request is matched to Mirror location, WAF meetings in Mirror location Detection mirror request is gone, if not triggering WAF rules, Mirror location forward requests to Mirror;When After Mirror is responded, response can also first pass through WAF detections when reaching Nginx, if not triggering rule, response passes through WAF reaches the respective stage of Nginx processing responses.
2. a kind of WAF test methods based on Nginx according to claim 1, which is characterized in that the response of Original Nginx is transmitted to customer side, and the response of Mirror is then abandoned by Nginx when reaching Nginx.
CN201810343027.9A 2018-04-17 2018-04-17 A kind of WAF test methods based on Nginx Pending CN108667687A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810343027.9A CN108667687A (en) 2018-04-17 2018-04-17 A kind of WAF test methods based on Nginx

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810343027.9A CN108667687A (en) 2018-04-17 2018-04-17 A kind of WAF test methods based on Nginx

Publications (1)

Publication Number Publication Date
CN108667687A true CN108667687A (en) 2018-10-16

Family

ID=63783551

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810343027.9A Pending CN108667687A (en) 2018-04-17 2018-04-17 A kind of WAF test methods based on Nginx

Country Status (1)

Country Link
CN (1) CN108667687A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112600837A (en) * 2020-12-11 2021-04-02 四川长虹电器股份有限公司 Intranet honeypot drainage method based on nginx
CN114915578A (en) * 2021-02-08 2022-08-16 中国电信股份有限公司 WAF test method and device
CN115776414A (en) * 2023-02-10 2023-03-10 天翼云科技有限公司 Monitoring method, monitoring device, electronic equipment and readable storage medium
CN117395082A (en) * 2023-12-11 2024-01-12 深圳市移卡科技有限公司 Service processing method, electronic device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103580943A (en) * 2012-08-03 2014-02-12 亿赞普(北京)科技有限公司 Network software online testing method and system
CN105227571A (en) * 2015-10-20 2016-01-06 福建六壬网安股份有限公司 Based on web application firewall system and its implementation of nginx+lua
CN105281963A (en) * 2014-06-05 2016-01-27 腾讯科技(深圳)有限公司 nginx server vulnerability detection method and device
CN107634964A (en) * 2017-10-13 2018-01-26 杭州迪普科技股份有限公司 A kind of method of testing and device for WAF

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103580943A (en) * 2012-08-03 2014-02-12 亿赞普(北京)科技有限公司 Network software online testing method and system
CN105281963A (en) * 2014-06-05 2016-01-27 腾讯科技(深圳)有限公司 nginx server vulnerability detection method and device
CN105227571A (en) * 2015-10-20 2016-01-06 福建六壬网安股份有限公司 Based on web application firewall system and its implementation of nginx+lua
CN107634964A (en) * 2017-10-13 2018-01-26 杭州迪普科技股份有限公司 A kind of method of testing and device for WAF

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
姚琳琳等: "基于分布式对等架构的Web应用防火墙", 《计算机工程》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112600837A (en) * 2020-12-11 2021-04-02 四川长虹电器股份有限公司 Intranet honeypot drainage method based on nginx
CN114915578A (en) * 2021-02-08 2022-08-16 中国电信股份有限公司 WAF test method and device
CN114915578B (en) * 2021-02-08 2024-04-30 中国电信股份有限公司 WAF test method and device
CN115776414A (en) * 2023-02-10 2023-03-10 天翼云科技有限公司 Monitoring method, monitoring device, electronic equipment and readable storage medium
CN115776414B (en) * 2023-02-10 2023-04-07 天翼云科技有限公司 Monitoring method, monitoring device, electronic equipment and readable storage medium
CN117395082A (en) * 2023-12-11 2024-01-12 深圳市移卡科技有限公司 Service processing method, electronic device and storage medium
CN117395082B (en) * 2023-12-11 2024-03-22 深圳市移卡科技有限公司 Service processing method, electronic device and storage medium

Similar Documents

Publication Publication Date Title
CN108667687A (en) A kind of WAF test methods based on Nginx
US7844692B2 (en) Web server multiplier for analyzing resource leaks
US20180219896A1 (en) Computer-implemented system and method for creating an environment for detecting malicious content
CN106357696B (en) SQL injection attack detection method and system
US10182068B2 (en) Determine vulnerability using runtime agent and network sniffer
US20050021791A1 (en) Communication gateway apparatus, communication gateway method, and program product
JP2023021223A (en) Attack state visualization device, attack state visualization method and program
CN112468360A (en) Asset discovery identification and detection method and system based on fingerprint
CN106354634A (en) Interface testing method and device
CN109167792A (en) A kind of novel WAF design method based on Nginx
CN110048932A (en) Validation checking method, apparatus, equipment and the storage medium of mail Monitoring function
Gowtham et al. PhishTackle—a web services architecture for anti-phishing
US7984501B2 (en) Component-oriented system and method for web application security analysis
Wang et al. Towards IP-based geolocation via fine-grained and stable webcam landmarks
Song et al. Rule-based verification of network protocol implementations using symbolic execution
US9904662B2 (en) Real-time agreement analysis
CN110032872A (en) A kind of service logic leak detection method and device
US20120317073A1 (en) Replication Support for Procedures with Arguments of Unsupported Types
CN115827500A (en) Debugging method, device, equipment and storage medium for cloud native application
Badawi et al. Automatic detection and analysis of the “Game Hack” Scam
Hounsel et al. Supporting early and scalable discovery of disinformation websites
KR102079785B1 (en) computer system test method and apparatus
RU2697951C2 (en) System and method of terminating functionally restricted application, interconnected with website, launched without installation
CN113641935B (en) Method for improving anonymous network webpage fingerprint monitoring capability by utilizing data enhancement
US12001549B1 (en) Cybersecurity incident response techniques utilizing artificial intelligence

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181016