WSF: An HTTP-Level Firewall for Hardening Web Servers
نویسندگان
چکیده
Due to both complexity of administration, insufficient checks on input data in many web applications, as well as lack of a single place to enforce security policy, web servers remain prone to external tampering. This paper proposes WSF (web server firewall) to protect web systems with three new mechanisms. First, WSF provides a language for specifying fine grained access control policy and enforcing it at the perimeter of a web server. Second, to prevent abuse of web application with malicious parameters, WSF allows web application developers to specify the restriction on application running parameters, rather than requiring them to enumerating all possible invalid input patterns, which substantially simplify input validation. Finally, WSF collects web user behavior statistics, which helps administrators to detect abnormal activities and adjust the access control policy heuristically. KEYWORD: Firewall, Attack Signature
منابع مشابه
Security considerations with Squid proxy server
Securing and controlling workstation access to the web has never been an easy task for security professionals. Firewalls and access control list on routers alone may not bring an acceptable level of security for your organization. Even if their primary role is to reduce network traffic and improve performance, HTTP proxy servers (also called cache servers) are likely to be installed as an addit...
متن کاملModular System for Mitigating Flood Attacks
Denial-of-Service (DoS) flooding attacks have become a serious threat to the reliability of the Internet. Web servers face all kinds of users; some of them engage malicious activities to degrade or completely block network services, such as flooding attacks. As a result, lots of resource and bandwidth on web sites might be wasted. While many approaches exist to filter network-level attacks, the...
متن کاملLoad Balancing Approaches for Web Servers: A Survey of Recent Trends
Numerous works has been done for load balancing of web servers in grid environment. Reason behinds popularity of grid environment is to allow accessing distributed resources which are located at remote locations. For effective utilization, load must be balanced among all resources. Importance of load balancing is discussed by distinguishing the system between without load balancing and with loa...
متن کاملPreserving State on the World Wide Web Using Dynamic Argument Embedding
The HTTP protocol which is used for communicating over the World Wide Web is stateless; every request from a client to a server is treated independently. We have developed a new method for preserving state on the World Wide Web known as dynamic argument embedding. The technique has advantages over HTML forms and Netscape cookies, which are two commonly used state preservation techniques. Unlike...
متن کاملTranslation Servers: Gateways Between Stateless and Stateful Information Systems
Public information systems offering access to the network community can be divided into two groups: those with stateful protocols and those with stateless protocols. Evolving client-server protocols like the Hypertext Transfer Protocol (HTTP) of the World-Wide Web (W3) are stateless. In this case the reaction of the information server depends on the request only. To access the server, special c...
متن کامل