摘要
SQL注入式攻击是目前互联网常见的攻击方式之一,它利用Web应用程序的缺陷实现对应用程序、数据、服务器等的攻击。该IIS防火墙软件与Web服务器IIS紧密结合,通过过滤和记录客户端与Web服务器之间的数据来保护Web服务器的安全。介绍了该防火墙软件的功能,重点介绍了该防火墙软件的实现方法,包括工作流程和核心函数的实现,最后介绍了该防火墙软件的安装及使用方法。通过测试,该防火墙软件可以实现SQL注入检测、过滤IP地址、防止数据库文件下载功能,并能够在日志中记录攻击行为。
SQL injection attack, as one of the common attacks against the Internet, makes use of the defects of Web application and implements the attacks on the application, data, server and so on. The IIS firewall software, in combination with the Web server IIS, and via filtering and recording the data of between the client and the Web server, protects the security of Web server. The functions of this firewall software are described, with focus on the implementation method of the firewall software, including realization of the work- flow and core functions. Finally, the installation and use of this firewall software is discussed. Experiment indicates that this firewall software can realize SQL injection detection, filter IP address, prevent database file download, and record the attack behaviors in the log.
出处
《信息安全与通信保密》
2016年第8期101-104,共4页
Information Security and Communications Privacy
