Learn
how
to
configure
NGMOD
from
the
above
menus
Hacking attacks on a large scale on web service providers (such as the PHF CGI attack in 1996) led to research on security models to support web programs. In the information and communication security field, due to the increasing growth of web attacks and the inadequate efficiency of intrusion diagnostic systems (IPS/IDS), a new product, that is called "Web Application Firewall" (WAF), developed to counter these attacks.
According to active institutions' reports on Cyber security analysis, over 70 % of Internet attacks are being carried out through the web to infiltrate the Web Service providers of Organizations. Therefore, web programs are one of the catchy targets for attackers to infiltrate an organization's Information infrastructure. Failure to provide web security for organizations has consequences such as financial and credit losses, internal information leaks, and website manipulation. Usually, firewalls and intrusion detection systems at the network layer do not examine communication packets at the application layer; therefore, there are unable to protect the web server very much. On the other hand, a web application firewall is used to identify and prevent attacks (such as XSS, SQL injection, etc.) on web applications and leakage of organizations' sensitive information.
By 2006, a handful of large companies dominated the WAF market, focusing only on web-based application layer security. From then on, the WAF market has been firmly directed towards integrating WAF products with other security and performance technologies such as loading balance, application service provider, network products, etc., to initiate a rapid wave of commercial signage change renaming and changing the position of WAF applications.
Web application firewalls detect web attacks and prevent hackers from infiltrating websites by deploying alongside organization web servers and focusing on web traffic.
Focusing on the messages sent in the network application layer and web-related protocols, Waf Web Application Firewalls detect attacks that remain hidden from the view of ordinary firewalls and intrusion detection systems in lower layers and adopt an appropriate reaction against them. The company's WAF product, which operates in reverse proxy mode, allows protection against most of the current attacks and the vulnerabilities introduced by OWASP.
The Waf system reviews each web transaction in five separate phases. Each phase has a specific process, and the only related rules to that phase are executed. In this way, each transaction in its life cycle goes through the following five phases:
1. Request header: The implementation of rules related to the package header rules (without reviewing the body of requests, which may have much overhead) is at this phase. In addition, these rules implementation may add indications in demands that are useful for processing the body of requests.
2. Request body: The body content review, which is the most significant phase of the inspection, is done immediately after receiving the body of a request. The active rules in this phase provide all the parameters in the request, which are necessary for processing and decision-making.
3. Response header: In addition to reviewing incoming requests, it is necessary to check the responses to prevent leakage and sending unwanted responses. In this phase, as in Phase 1, only the response header is examined so that security policies would apply without the computational load required to check the body of responses. Furthermore, given that response heads are usually made available independently and much earlier than their body, making security decisions at this stage increases the processing speed significantly.
4. Response body: Like phase 2 of this phase, having all the response parameters is essential in analyzing responses.
5. Logging: By using the rules of this phase, several policies can be adopted for registering reports on various requests, which makes it possible to pay more attention to specific transactions.
Waf software package contains two management and service parts. The management section is introduced as a web interface. On the other hand, the server package is placed as an Appliance with a Linux operating system in a network of organizations. The following provides the installation method of the management program and using the server.