Fine grained and efficient rule prote呢知ction
Ngwaf identifies and
defends various一為 known attacks through the rule 大通base, and meets the common
security去我 risks and pain points of busin月又ess systems, so as to realize
h如樹igh-fine-grained and efficient rule pro媽為tection.
The rule base
includes:
SQL injection attack,
XSS atta笑聽ck, CSRF Cross Site Request Fo月新rgery;
HTTP header injection
attack, di農哥rectory traversal attack, remo西鄉te file inclusion attack;
Brute force attack,
web crawler, w微外eb Trojan horse attack;
DDoS attack, session
hijacking, ses門不sion fixation;
LDAP injection, PHP
mail injection,月新 HTTP parameter pollution vulner地線ability;
Web sensitive
information disc行內losure vulnerability, HTTP response開看 header splitting attack;
X-forwarded-for
header forgery and fil行行e upload attack;
The authentication
function is missing,司草 the static file is not detected b鐘懂y WAF, and the request
method / reques哥草t parameters are limited;
It also supports
configurable rules 小話(request method limit, HTTP protoc年小ol limit, illegal request
header det小但ection, upload file size limit, reques討章t parameter limit) and custom
rule libr森看ary.
Automatic dynamic modeling
The
Web Application Firewall Based 紅廠on the rule feature base can solve雨學 a large
number of web application ris門金ks, but due to the unique "delay" of th一這e
rule base, it can only solve th少員e known security risks and is po線如werless to
defend against 0day vulnerab購要ilities and new attacks. In add區得ition, there will be
some errors in 外時the accuracy of the conventional f船書eature library model, because
it do對人es not know the user's business他長 logic. The unique application匠輛 dynamic
modeling technology o弟的f ngwaf can fully understand the user'聽你s business behavior
and fully d冷區isplay the user's business logic飛還 through automatic learning of the
appl近都ication, so as to completely solve 區她the above problems. Automatic 國兒modeling
is not limited to the followi如老ng contents: access URL, applicat事討ion system path,
HTTP request parame也在ters, number, type, name, valu我林e range, etc. Through the
modeling res車但ults, the white list defense mod是業el can effectively solve various
0民機day vulnerabilities, new business attac下影ks and unauthorized operations.