Network application firewall method and apparatus

Abstract

The application aims to provides a network application firewall method and apparatus. The method comprises the following steps: configuring corresponding lead strategy information in a network apparatus according to application address information of a network application to be defended; receiving an access request about the network application led by the network apparatus on the basis of the lead strategy information, the a destination address of the access request being the application address information; converting the destination address of the access request into local address information corresponding to the firewall application; and utilizing the firewall application to carry out defense processing for the access request. Compared with the prior art, the network application firewall method and apparatus have the advantages that the access request of the destination address instead of that of the address information of the firewall application itself is led, corresponding defense processing is achieved, some key indicator information of an original network application will not be affected during data transmission, and attacks of several network applications are prevented from affecting other network applications accessed to the same firewall application.

Description

technical field [0001] The present application relates to the computer field, in particular to a network application protection technology. Background technique [0002] In the prior art, the access process of cloud WAF (website application protection system) is mostly complicated, which affects the original key indicator information of the user's website, and there are many defects in the website protection effect. For example, in the existing CNAME-WAF mode, by modifying the CNAME (alias record) information corresponding to the target application, the destination IP information corresponding to the original access request is modified to the IP information corresponding to the cloud WAF, thereby receiving the access request Into the cloud WAF, the change of the destination IP may affect the SEO (search engine optimization) ranking of the target application. In addition, when a domain name connected to the cloud WAF is attacked, because the attacker sees the The IP informat...

AI Technical Summary

Problems solved by technology

[0002] In the existing technology, the access process of cloud WAF (website application protection system) is mostly complicated, which affects the original key indicator information of the user website, and there are many defects in the website protection effect

For example, in the existing CNAME-WAF mode, by modifying the CNAME (alias record) information corresponding to the target application, the destination IP information corresponding to the original access request is modified to the IP information corresponding to the cloud WAF, thereby receiving the access request Into the cloud WAF, the change of the destination IP may affect the SEO (search engine optimization) ranking of the target application. In addition, when a domain name connected to the cloud WAF is attacked, because the attacker sees the The IP information corresponding to the above-mentioned cloud WAF cluster may have a certain impact on other applications connected to the WAF

Images