基于ISAPI过滤器的Web防护系统

Design and Implementation of the Web Firewall System based on ISAPI Filter

随着Internet的发展,恶意用户利用Web应用程序存在的漏洞,对Web站点实施攻击,从而完成获取信息资料、植入病毒木马、伪装钓鱼网站、恶意插入广告等恶意操作,危害用户的利益,降低网站的可信度。随着Web攻击的日益增长,网站的安全风险达到了前所未有的高度。针对Web站点安全问题,在HTTP协议模型的基础上,结合URL解析技术及Web服务器核心扩展技术,文章设计并实现了一个基于ISAPI过滤器的Web防火墙系统。该系统可抵御常见网络攻击行为,为基于HTTP协议的IIS网站提供安全保障。系统主要包括3个组成部分:配置模块、过滤模块及日志模块。文章对系统过滤模块的设计与实现进行了详尽的阐述,系统的主要功能包括:过滤HTTP请求类型、限制头部长度、禁止SQL注入、禁止Cookie注入、禁止跨站攻击、防止敏感目录扫描、过滤请求文件类型以及IP黑名单。系统通过上述功能可以有效检测Web攻击行为并能做出正确处理,为Web网站安全提供有效保障。文章最后对系统进行功能测试,测试表明,系统可以对常见的Web攻击行为进行过滤处理并做出预期响应。系统符合设计目标,具有较高的实用价值。

With the development of Internet, malicious users attack Web sites by using leaks which exit in Web applications to achieve accessing to information, implanting trojans and virus, camouflaging fishing sites, inserting malicious advertising and other illegal operations. These malicious behaviours damage the profit of the legal users and reduce the credibility of the site.With the increasment of Web attacks , the security risks of websites have reached unprecedented levels. According to the security problems of Web sites, basing on the HTTP protocol model, combining with the URL parsed technique and core extension technique of Web server, the paper designs and implements the WAF system based on ISAPI filter. The system can resist a variety of network attacks, and can protect IIS Web sites basing on the HTTP protocol. The system contains three modules, they are configuration module, filtration module and log module. This paper introduces the design and implementation of the filtration module in detail. The system mainly implements the following functions： filtering the type of HTTP request, restricting the length of HTTP head, forbidding SQL injection, forbidding Cookie injection, forbidding XSS attack, prohibiting the scan of sensitive directory, filtering the type of files and IP blacklist. The System can detect Web attacks effectively and can response correctly. At last, the system testing environment is set up to achieve function test, The result of the test shows that the system can filter Web attacks and react as expected. The system can meet the requirement, and it has high practical value.