CN108667687A - A kind of WAF test methods based on Nginx - Google Patents
A kind of WAF test methods based on Nginx Download PDFInfo
- Publication number
- CN108667687A CN108667687A CN201810343027.9A CN201810343027A CN108667687A CN 108667687 A CN108667687 A CN 108667687A CN 201810343027 A CN201810343027 A CN 201810343027A CN 108667687 A CN108667687 A CN 108667687A
- Authority
- CN
- China
- Prior art keywords
- nginx
- mirror
- request
- waf
- location
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
Abstract
The WAF test methods based on Nginx that the invention discloses a kind of, belong to information security field.Including the following contents:When client is by Nginx proxy access Original, Nginx mirror modules are by client to a access request as Mirror of access request copy of Original;When request reaches Nginx, matching location can be removed inside Nginx, and different processing is made to request according to different location;When request is matched to Original location, while forwarding the request to Original in Original location modules, it can also generate a mirror request and go matching Mirror location modules.Actual services environment and real user request are mapped to backstage mirroring service by the present invention, can be simulated the running environment after WAF reaches the standard grade completely, can be tested WAF according to user's true request in the case where not influencing business on line.
Description
Technical field
Embodiments of the present invention are related to belonging to information security field, more specifically, embodiments of the present invention are related to one
WAF test method of the kind based on Nginx.
Background technology
With the continuous development of computer technology, web is using more and more extensive.Nginx takes as the Web of a lightweight
Business device, HTTP processing capacities and reverse proxy function with high performance are widely used as WAF deployment services devices.WAF is Web
The safety guarantee of application must comprehensively test its function and performance before reaching the standard grade.Currently, WAF tests can generally be passed through
Two steps are tested under line and are tested on line.WAF functions and performance are mainly tested under line, generally pass through the loopholes platform such as DVWA
Or line Imitating service environment detects WAF functions, surveys tool by Jmeter equipressures and detects WAF performances.By first under line
Pacing tries, and can probably understand the performance of WAF, excludes the mistakes of WAF functionally, but is not avoided that after WAF reaches the standard grade and produces
Raw wrong report and other unpredictable negative effects caused by business on line.So WAF will also pass through one section after reaching the standard grade when
Between line on test, to detect operating conditions of the WAF under actual services environment, exclude some specific operational wrong reports.But
It is that the influence that the wrong report generated after reaching the standard grade for WAF is brought is inevitable, it is likely that the normal fortune of business on line can be influenced
Row causes to use upper inconvenience to client, causes unnecessary loss.
As shown in FIG. 1, FIG. 1 is traditional WAF deployment way, WAF are deployed in Nginx servers, request passes through
Nginx reverse proxys are initiated to access to business source station, and requests all in this way will pass through WAF and detect.If request reaches WAF
Triggering is regular, then interception request.If not triggering rule, request passes through, and Nginx forwards the request to business source station.Service source
The response to request of standing similarly is passed through WAF and is detected, and client can be just sent to by not triggering the response of WAF rules.
Invention content
The purpose of the present invention is being directed to above-mentioned background technology, a kind of WAF test methods based on Nginx are provided, it is expected
How solution is tested WAF based on actual services data, because wrong report has an impact business on line after avoiding WAF from reaching the standard grade,
And others WAF reaches the standard grade the unpredictable negative effect brought.
To solve the above-mentioned problems, the present invention takes following technical scheme:A kind of WAF test methods based on Nginx, packet
Include the following contents:When client is by Nginx proxy access Original, Nginx mirror modules (ngx_http_mirror_
Modulek) by client to a access request as Mirror of access request copy of Original;When request reaches
When Nginx, matching location can be removed inside Nginx, and different processing is made to request according to different location;When asking
It asks when being matched to Original location, the same of Original is forwarded the request in Original location modules
When, it can also generate a mirror request and go matching Mirror location modules;When mirror request is matched to Mirror
When location, WAF can go detection mirror request in Mirror location, if not triggering WAF rules,
Mirror location forward requests to Mirror;After Mirror is responded, response also can be passed through first when reaching Nginx
WAF detections are crossed, if not triggering rule, response reaches the respective stage of Nginx processing responses by WAF.
Further technical solution is:The response Nginx of Original is transmitted to customer side, and the response of Mirror reaches
It is then abandoned by Nginx when Nginx.
Http request can be copied to other by the present invention by the ngx_http_mirror_modulek modules of Nginx
The response output of environment, the request of mirror image can be ignored by Nginx.Using this function, we can backstage deployment one with
The same mirroring service environment of business, WAF is deployed in before this mirroring service on line, then will be real-time on service line
Flowing of access copies Mirroring Environment to, thereby realizes the function that WAF is tested according to actual services flow.
Compared with prior art, the present invention having advantageous effect below:WAF test methods provided by the invention, pass through
Actual services environment and real user request are mapped to backstage mirror image industry by the ngx_http_mirror_module modules of Nginx
Business, can simulate the running environment after WAF reaches the standard grade completely, can be in the case where not influencing business on line according to user's true request
WAF is tested, not only can report the influence brought by mistake to avoid because of WAF, moreover it is possible to be excluded other unpredictable after WAF reaches the standard grade
Mistake.
Description of the drawings
Fig. 1 is that prior art tradition WAF disposes schematic diagram.
Fig. 2 is Nginx mirror modules principle schematic of the present invention;
Fig. 3 is that the present invention is based on the WAF of mirror module deployment and request processing procedure schematic diagrames.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
Embodiment
As shown in Fig. 2, Fig. 2 is Nginx mirror modules (ngx_http_mirror_module) principle, client passes through
When Nginx reverse proxy access services source station (Original), ngx_http_mirror_module modules can be by client
It is a as the access request to mirror image source station (Mirror) to the access request copy of Original.The response of Original
Nginx can be transmitted to customer side, and the response of Mirror can then be abandoned when reaching Nginx by Nginx.
As shown in figure 3, Fig. 3 is WAF deployment and request processing procedure based on mirror module, this part is mainly to Nginx
Internal processes are explained, and the part outside Nginx same Fig. 1, Fig. 2 are the same.When request reaches Nginx, inside Nginx
Matching location can be removed, different processing is made to request according to different location.When request is matched in figure
When Original location, while forwarding the request to industry source station in Original location modules, can also it generate
One mirror request goes matching Mirror location modules.
When mirror request is matched to Mirror location, WAF can go detection mirror image to ask in Mirror location
It asks, if not triggering WAF rules, Mirror location forward requests to mirroring service source station (Mirror).When
After Mirror is responded, response can also first pass through WAF detections when reaching Nginx, if not triggering rule, response passes through
WAF reaches the respective stage of Nginx processing responses, and General N ginx can lose the response of mirror request, only by the sound of Original
Client should be returned to, the WAF tests based on real user request data had both been realized in this way, and had also avoided WAF test process
In influence to business on line, and the wrong report after WAF reaches the standard grade and some other negative effects can also be excluded.
The mainly configuration of explanation Original location and Mirror location below.Configuration code is following (after #
Content be explanatory notes):
Original location configuration instructions:The configuration service source station in Original location, when needs add
Add and only needs to add original configuration codes shown in upper example in the configuration of the business source station of script when mirror module.It needs
It should be noted that ngx_http_mirror_module modules only support Nginx1.13.4 and the above version, and ngx_http_
Mirror_module modules are default installations, need not individually compile installation.
When user URL is matched to original location, Nginx can be asked by normal flow processing, for
For family and business source station, without any variation.Only when request matches original location, the backstages Nginx can lead to
It crosses mirror instructions and request is replicated into portion to specified mirroring service source station.The response of mirroring service source station returns can quilt
Nginx ignores, so by this deployment way, mirroring service source station will not impact the business source station on line.
Mirror location configuration instructions:When testing WAF, Mirror location can be deployed as and service source
Website as standing, ensures that the reliability of test environment in this way, in addition request is to ask to replicate by user,
It ensure that the authenticity of test data.And business on line will not be impacted in test process.When WAF is through after a period of time
Test after, can location/mirror be directly changed to the uri that user really needs access, then will configuration in
Internal instructions comment out, the WAF tested by real user access request data can be allowed directly to reach the standard grade input
It uses, also need not separately dispose again, while simplifying WAF deployment, also ensure the smooth upgrade of business source station.
Although reference be made herein to invention has been described for explanatory embodiment of the invention, however, it is to be understood that ability
Field technique personnel can be designed that a lot of other modification and implementations, these modifications and implementations will be fallen in the application public affairs
Within the scope and spirit opened.It more specifically, can be to the group of theme combination layout in range disclosed in the present application
A variety of variations and modifications are carried out at component and/or layout.In addition to variations and improvements to the component parts and or layout,
To those skilled in the art, other purposes also will be apparent.
Claims (2)
1. a kind of WAF test methods based on Nginx, which is characterized in that including the following contents:
When client is by Nginx proxy access Original, Nginx mirror modules ask the access of Original client
Seek a access request as Mirror of copy;When request reaches Nginx, matching location can be removed inside Nginx,
Different processing is made to request according to different location;When request is matched to Original location,
While forwarding the request to Original in Original location modules, it can also generate a mirror request and go to match
Mirror location modules;When mirror request is matched to Mirror location, WAF meetings in Mirror location
Detection mirror request is gone, if not triggering WAF rules, Mirror location forward requests to Mirror;When
After Mirror is responded, response can also first pass through WAF detections when reaching Nginx, if not triggering rule, response passes through
WAF reaches the respective stage of Nginx processing responses.
2. a kind of WAF test methods based on Nginx according to claim 1, which is characterized in that the response of Original
Nginx is transmitted to customer side, and the response of Mirror is then abandoned by Nginx when reaching Nginx.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810343027.9A CN108667687A (en) | 2018-04-17 | 2018-04-17 | A kind of WAF test methods based on Nginx |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810343027.9A CN108667687A (en) | 2018-04-17 | 2018-04-17 | A kind of WAF test methods based on Nginx |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108667687A true CN108667687A (en) | 2018-10-16 |
Family
ID=63783551
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810343027.9A Pending CN108667687A (en) | 2018-04-17 | 2018-04-17 | A kind of WAF test methods based on Nginx |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108667687A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112600837A (en) * | 2020-12-11 | 2021-04-02 | 四川长虹电器股份有限公司 | Intranet honeypot drainage method based on nginx |
CN114915578A (en) * | 2021-02-08 | 2022-08-16 | 中国电信股份有限公司 | WAF test method and device |
CN115776414A (en) * | 2023-02-10 | 2023-03-10 | 天翼云科技有限公司 | Monitoring method, monitoring device, electronic equipment and readable storage medium |
CN117395082A (en) * | 2023-12-11 | 2024-01-12 | 深圳市移卡科技有限公司 | Service processing method, electronic device and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103580943A (en) * | 2012-08-03 | 2014-02-12 | 亿赞普(北京)科技有限公司 | Network software online testing method and system |
CN105227571A (en) * | 2015-10-20 | 2016-01-06 | 福建六壬网安股份有限公司 | Based on web application firewall system and its implementation of nginx+lua |
CN105281963A (en) * | 2014-06-05 | 2016-01-27 | 腾讯科技(深圳)有限公司 | nginx server vulnerability detection method and device |
CN107634964A (en) * | 2017-10-13 | 2018-01-26 | 杭州迪普科技股份有限公司 | A kind of method of testing and device for WAF |
-
2018
- 2018-04-17 CN CN201810343027.9A patent/CN108667687A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103580943A (en) * | 2012-08-03 | 2014-02-12 | 亿赞普(北京)科技有限公司 | Network software online testing method and system |
CN105281963A (en) * | 2014-06-05 | 2016-01-27 | 腾讯科技(深圳)有限公司 | nginx server vulnerability detection method and device |
CN105227571A (en) * | 2015-10-20 | 2016-01-06 | 福建六壬网安股份有限公司 | Based on web application firewall system and its implementation of nginx+lua |
CN107634964A (en) * | 2017-10-13 | 2018-01-26 | 杭州迪普科技股份有限公司 | A kind of method of testing and device for WAF |
Non-Patent Citations (1)
Title |
---|
姚琳琳等: "基于分布式对等架构的Web应用防火墙", 《计算机工程》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112600837A (en) * | 2020-12-11 | 2021-04-02 | 四川长虹电器股份有限公司 | Intranet honeypot drainage method based on nginx |
CN114915578A (en) * | 2021-02-08 | 2022-08-16 | 中国电信股份有限公司 | WAF test method and device |
CN114915578B (en) * | 2021-02-08 | 2024-04-30 | 中国电信股份有限公司 | WAF test method and device |
CN115776414A (en) * | 2023-02-10 | 2023-03-10 | 天翼云科技有限公司 | Monitoring method, monitoring device, electronic equipment and readable storage medium |
CN115776414B (en) * | 2023-02-10 | 2023-04-07 | 天翼云科技有限公司 | Monitoring method, monitoring device, electronic equipment and readable storage medium |
CN117395082A (en) * | 2023-12-11 | 2024-01-12 | 深圳市移卡科技有限公司 | Service processing method, electronic device and storage medium |
CN117395082B (en) * | 2023-12-11 | 2024-03-22 | 深圳市移卡科技有限公司 | Service processing method, electronic device and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108667687A (en) | A kind of WAF test methods based on Nginx | |
US7844692B2 (en) | Web server multiplier for analyzing resource leaks | |
US20180219896A1 (en) | Computer-implemented system and method for creating an environment for detecting malicious content | |
CN106357696B (en) | SQL injection attack detection method and system | |
US10182068B2 (en) | Determine vulnerability using runtime agent and network sniffer | |
US20050021791A1 (en) | Communication gateway apparatus, communication gateway method, and program product | |
JP2023021223A (en) | Attack state visualization device, attack state visualization method and program | |
CN112468360A (en) | Asset discovery identification and detection method and system based on fingerprint | |
CN106354634A (en) | Interface testing method and device | |
CN109167792A (en) | A kind of novel WAF design method based on Nginx | |
CN110048932A (en) | Validation checking method, apparatus, equipment and the storage medium of mail Monitoring function | |
Gowtham et al. | PhishTackle—a web services architecture for anti-phishing | |
US7984501B2 (en) | Component-oriented system and method for web application security analysis | |
Wang et al. | Towards IP-based geolocation via fine-grained and stable webcam landmarks | |
Song et al. | Rule-based verification of network protocol implementations using symbolic execution | |
US9904662B2 (en) | Real-time agreement analysis | |
CN110032872A (en) | A kind of service logic leak detection method and device | |
US20120317073A1 (en) | Replication Support for Procedures with Arguments of Unsupported Types | |
CN115827500A (en) | Debugging method, device, equipment and storage medium for cloud native application | |
Badawi et al. | Automatic detection and analysis of the “Game Hack” Scam | |
Hounsel et al. | Supporting early and scalable discovery of disinformation websites | |
KR102079785B1 (en) | computer system test method and apparatus | |
RU2697951C2 (en) | System and method of terminating functionally restricted application, interconnected with website, launched without installation | |
CN113641935B (en) | Method for improving anonymous network webpage fingerprint monitoring capability by utilizing data enhancement | |
US12001549B1 (en) | Cybersecurity incident response techniques utilizing artificial intelligence |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181016 |