作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2012, Vol. 38 ›› Issue (22): 114-118. doi: 10.3969/j.issn.1000-3428.2012.22.028

• 安全技术 • 上一篇    下一篇

基于分布式对等架构的Web应用防火墙

姚琳琳 a,b,何 倩 a,b,王 勇 a,b,赵 帮 a,b   

  1. (桂林电子科技大学 a. 认知无线电与信息处理教育部重点实验室;b. 广西可信软件重点实验室,广西 桂林 541004)
  • 收稿日期:2012-01-15 修回日期:2012-03-11 出版日期:2012-11-20 发布日期:2012-11-17
  • 作者简介:姚琳琳(1984-),男,硕士研究生,主研方向:网络安全;何 倩,副教授、博士;王 勇,教授、博士;赵 帮,硕士研究生
  • 基金资助:
    国家自然科学基金资助项目(61172053, 61201250);国家科技重大专项基金资助项目(2012ZX03006001-005);广西自然科学基金资助项目(2012GXNSFBA053174);广西青年科学基金资助项目(2012GXNSFBA053174)

Web Application Firewall Based on Distributed P2P Architecture

YAO Lin-lin a,b, HE Qian a,b, WANG Yong a,b, ZHAO Bang a,b   

  1. (a. Key Laboratory of Cognitive Radio and Information Processing of Ministry of Education; b. Guangxi Key Laboratory of Trusted Software, Guilin University of Electronic Technology, Guilin 541004, China)
  • Received:2012-01-15 Revised:2012-03-11 Online:2012-11-20 Published:2012-11-17

摘要: 为弥补单节点Web应用防火墙(WAF)在检测效率和稳定性方面的不足,采用反向代理技术,设计并实现一个基于分布式对等架构的WAF。通过反向代理响应客户端请求,各个节点运行相同的程序以实现对等架构,主节点与辅助节点可根据需求动态调整,主节点具有会话保持和负载均衡功能,辅助节点采用专家库和插件协同检测报文。实验结果表明,该应用防火墙能够有效阻止应用层攻击,相比单节点响应更加迅速和稳定。

关键词: 分布式对等架构, Web应用防火墙, 反向代理, 负载均衡, 架构设计

Abstract: In order to make up the insignificance of Web Application Firewall(WAF) with single node in detection efficiency and stability, a WAF based on distributed and P2P architecture is designed and implemented by using reverse proxy technology. Reverse proxy technology is used to response the Web request. Aiming to implementing P2P architecture, the same program is run on each node. Master and auxiliary nodes are determined dynamically by demands. The master node has the characteristics of session keeping and load balance, and auxiliary nodes detect messages by expert library and plug-in components. Experimental results show that the system can effectively prevent attacks from application layer, and it is more efficient and stable than single node.

Key words: distributed P2P architecture, Web Application Firewall(WAF), reverse proxy, load balance, architecture design

中图分类号: