Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Web application firewall system and computer storage medium

A web application and firewall technology, applied in the field of network security, can solve problems such as low efficiency, inability to exert the maximum performance of equipment, and performance redundancy.

Active Publication Date: 2020-10-27
北京长亭未来科技有限公司
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the traditional Web Application Firewall (WAF for short) system, all the functions of WAF are encapsulated in a single device, and the efficiency of CPU (central processing unit) and memory usage of the device is low, which makes the WAF device unable to play The maximum performance of the equipment, resulting in large performance redundancy and waste of idle resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Web application firewall system and computer storage medium
  • Web application firewall system and computer storage medium
  • Web application firewall system and computer storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] figure 1 is a schematic structural diagram of a firewall system according to an embodiment of the present invention, such as figure 1 As shown, the WAF system may include, but not limited to: a service module 110 for traffic forwarding, a service module 120 for traffic detection, and a service module 130 for traffic analysis.

[0039] Wherein, the service module 110 for traffic forwarding is used to obtain a user request, forward the request to the service module 120 for traffic detection, and perform a test according to the detection result returned by the service module 120 for traffic detection. The user request is processed. In this embodiment, the exemplary number of service modules 110 used for traffic forwarding is more than one, but the present invention is not limited thereto. According to the application environment of the firewall system, the firewall system can deploy any number of The service module 110 for traffic forwarding. In an optional implementati...

Embodiment 2

[0050] image 3 is an example of the firewall system according to the embodiment of the present invention, such as image 3 As shown, the firewall system described in the embodiments of the present invention has the architecture and modules described in the above embodiments, and also includes a distributed key-value storage system ETCD 200, which can be used to store all configuration information of the service module described above. Wherein, the configuration information of the service module may include but not limited to: node service type, node IP, node name, node ID, node information synchronization protocol channel. Among them, the node service types of the service modules with the same function are the same, and their node IPs are in the same network segment.

[0051] In this embodiment, the firewall system described in the implementation manner of the present invention performs distributed cluster management through the distributed key-value storage system ETCD. T...

Embodiment 3

[0056] Figure 4 is another example of the firewall system according to the embodiment of the present invention. Such as Figure 4 As shown, in addition to the modules and architecture described in any one of the above-mentioned embodiments, the firewall system described in the embodiment of the present invention also includes a basic platform module 300, which is used to manage the basic configuration information of the firewall system. The basic The configuration information may include configuration information of each service module stored in the distributed key-value storage system.

[0057] Optionally or further, the basic platform module 300 is also used for generating and updating service configurations of service modules. For example, generate Nginx configuration files based on site configuration.

[0058] Optionally or further, the basic platform module 300 is also used to provide high-availability support for each service module, and perform error recovery when t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a Web application firewall system and a computer storage medium. The Web application firewall system comprises: a Web application firewall system, at least oneservice module used for forwarding flow, at least one service module for flow detection and at least one service module for flow analysis. The service modules are divided into at least two groups. The groups are deployed on different servers in units of the groups. Each group comprises any one or more of the service modules, and one group of the service modules are deployed on one server. The Webapplication firewall system provided by the embodiment of the invention has a flow forwarding function. The flow detection function and the flow analysis function are respectively packaged into independent service modules, and the service modules are respectively deployed on different servers, so that the number of the different service modules in the system can be flexibly adjusted, and the maximum performance of the servers can be exerted.

Description

technical field [0001] The present invention relates to the technical field of network security, and more specifically, relates to a web application firewall system and a computer storage medium. Background technique [0002] In recent years, the scale and user volume of the Internet market have grown rapidly, which has promoted the overall upgrading of Internet services, and the innovation of the industrial chain of smart terminals such as mobile Internet and Internet of Things has promoted the rapid growth of information consumption. The main carrier has penetrated into various industries. [0003] With the rapid development of the Internet, the business volume and complexity of the web platform are getting higher and higher, and enterprises provide more and more web applications for external services, and suffer more and more web application attacks. The security of web services is facing an extremely serious situation: on the one hand, the operation of web services is s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 刘超刘金钊吴小庆张盛宇李扬王文璐
Owner 北京长亭未来科技有限公司
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com