1. Product introduction
South Wall WEB Application Firewall (Abbreviation: uuWAF) is a comprehensive website protection product launched by Youan Technology. It is independently developed through You'an Technology's proprietary WEB intrusion anomaly detection and other technologies, combined with the You'an Technology team's years of application security attack and defense theory and emergency response practical experience. Assist governments at all levels and enterprises/institutions to comprehensively protect WEB application security and implement comprehensive protection solutions for WEB servers.
2 Technical advantages
1.2.1 Advanced semantic engine
South Wall uses four industry-leading detection engines based on semantic analysis: SQL, XSS, RCE, and LFI. Combined with a variety of deep decoding engines, it can truly restore HTTP content such as base64, json, and form-data, thus effectively resisting various bypasses. WAF attack method, and compared with traditional regular matching, has the characteristics of high accuracy, low false positive rate, and high efficiency. Administrators do not need to maintain a complex rule base to intercept multiple attack types.
1.2.2 Intelligent 0day defense
Nanqiang innovatively uses machine learning technology, uses anomaly detection algorithms to distinguish between normal HTTP traffic and attack traffic, and performs whitelist threat modeling on normal traffic. The transformer algorithm automatically learns the parameter characteristics in normal traffic and converts them into the corresponding parameter whitelist rule library. When faced with various sudden 0-day vulnerabilities, the attack can be intercepted without adding rules, eliminating the need for website administrators to avoid vulnerabilities as soon as they occur. The pain of having to burn the midnight oil to fight escalates.
1.2.3 Advanced Rules Engine
Nanqiang actively uses the high performance of nginx and the high performance and high flexibility of luajit. In addition to providing the traditional rule creation mode that is more friendly to ordinary users, it also provides the Lua script rule writing function with high scalability and high flexibility. , allowing senior security administrators with certain programming skills to create a series of advanced vulnerability protection rules that traditional WAF cannot achieve. This makes it easier to intercept some complex vulnerabilities.
3 Introduction to use
2.1 Login management
For the login interface, visit https://ip:4443/. The username for first-time login is admin and the password is wafadmin. After entering, click Login to enter. The interface is as follows:
Login interface (Figure 1)
Home page interface (Figure 2)
2.2 Function introduction
2.2.1 Rule management
The rule management interface can add, edit, query and enable waf rules as shown in the figure below:
Rule management interface (Figure 3)
In the rule editing interface, the filtering stage can be divided into three stages: "request stage" (filtering data sent by the client), "return http header" (returned http header content), and "return page" (returned web page content) . The content of the rules is in dsl language or lua scripting language (for details, please refer to Chapter 3 -> Rule Introduction -> External Rules), as shown in the following figure:
2.2.2 Attack query
The attack query page can query attack events and export reports based on attack time, attack type, domain name and other information, as shown in the following figure:
Attack query interface (Figure 4)
2.2.3 Export report
The attack report can be exported based on the results of the attack query page. The attack report consists of attack statistics and attack details, as shown in the following figure:
Export report interface (Figure 5)
2.2.4 User settings
The user settings page allows you to modify the user name, password and other information of the waf management account, as shown in the figure below:
Version download:
「WAF」https://www.aliyundrive.com/s/GttM5jMuZYz Extraction code: 01bp
waf.v1.5.tgz installation package and documentation
*.txt md5
Currently in beta testing stage. Welcome to experience. Feedback and comments are welcome if encountered.
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/waf-internal-testing-for-enhanced-security-html
Comments(4)
Blogger, it seems that when I tried to install Ubuntu, a database error was reported and yum could not parse it.
@2331:This version does not support ubuntu yet, it is recommended to download the latest version.
Blogger, how do I get the dynamic verification code on the login interface?
@2331:Dynamic passwords need to apply for Google Authenticator configuration.