Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A WAF reverse proxy method base on online traffic mirroring bypass

A reverse proxy and mirroring technology, applied in the field of network security, can solve the problem that WAF system testing cannot achieve both simulation and other problems

Active Publication Date: 2019-01-25
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF7 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a method of bypassing WAF reverse proxy based on online traffic mirroring, which is used to solve the problem that the test of WAF system in the prior art cannot not only simulate real business traffic but also not affect business

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A WAF reverse proxy method base on online traffic mirroring bypass

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] combined with figure 1 As shown, a method of bypassing WAF reverse proxy based on online traffic mirroring includes:

[0030] Step S100: configure a test server at the WAF system site;

[0031] Step S200: The test server mirrors the business traffic on the business server in real time:

[0032] Step S210: the user sends an http request to the load balancer;

[0033] Step S220: the load balancer forwards the http request to the service server;

[0034] Step S230: the business server mirrors the http request and the response to the http request to the test server through the network layer in real time by using a traffic mirroring program;

[0035] Step S300: The test server analyzes and preprocesses the requests and responses in the mirrored business traffic: preprocessing the requests includes assembling the TCP data packets of the same request, handling TCP out-of-order, packet loss, etc., and Add an xff header in the http header of the request to identify the real ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A WAF reverse proxy method base on on-line flow mirror image bypass is disclosed. That method comprise the following steps: step S100, configuring a test serv at a WAF system station; Step S200: The test server mirrors the service flow on the service server in real time; Step S300: The test server analyzes and pretreats the request and response in the service flow obtained by the mirror; Step S400: The test server sends the pre-processed request and response to the WAF system for security inspection. The invention adopts the bypass deployment mode, which can test the function of the WAF systemwithout affecting the on-line service, avoids modifying the existing network topology on the line, bypasses the on-line flow to obtain the real flow on the line and analyzes the on-line flow in realtime.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for bypassing WAF reverse proxy based on online traffic mirroring. Background technique [0002] With the prevalence of e-commerce, online banking, and e-government, the business value carried by WEB servers is getting higher and higher, and the security threats faced by WEB servers are also increasing. Therefore, defense against WEB application layers has become an inevitable trend. WAF (WebApplicationFirewall, WEB Application Firewall) products became popular. WAF products can be divided into three types according to the form, hardware, software and cloud services. Due to functional and performance defects, software WAF has been gradually eliminated by the market. Cloud WAF has only just emerged in the past two years, and its products and markets are still immature. Compared with the previous two forms, hardware WAF is relatively mature and perfect in all a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/26
CPCH04L43/50H04L63/02H04L63/0281H04L63/1408
Inventor 龚致
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com