摘要： 为弥补单节点Web应用防火墙(WAF)在检测效率和稳定性方面的不足，采用反向代理技术，设计并实现一个基于分布式对等架构的WAF。通过反向代理响应客户端请求，各个节点运行相同的程序以实现对等架构，主节点与辅助节点可根据需求动态调整，主节点具有会话保持和负载均衡功能，辅助节点采用专家库和插件协同检测报文。实验结果表明，该应用防火墙能够有效阻止应用层攻击，相比单节点响应更加迅速和稳定。

关键词: 分布式对等架构, Web应用防火墙, 反向代理, 负载均衡, 架构设计

Abstract: In order to make up the insignificance of Web Application Firewall(WAF) with single node in detection efficiency and stability, a WAF based on distributed and P2P architecture is designed and implemented by using reverse proxy technology. Reverse proxy technology is used to response the Web request. Aiming to implementing P2P architecture, the same program is run on each node. Master and auxiliary nodes are determined dynamically by demands. The master node has the characteristics of session keeping and load balance, and auxiliary nodes detect messages by expert library and plug-in components. Experimental results show that the system can effectively prevent attacks from application layer, and it is more efficient and stable than single node.

Key words: distributed P2P architecture, Web Application Firewall(WAF), reverse proxy, load balance, architecture design

中图分类号: 

• TP393