1. Product introduction

South Wall WEB Application Firewall (Abbreviation: uuWAF) is a comprehensive website protection product launched by Youan Technology. It is independently developed through You'an Technology's proprietary WEB intrusion anomaly detection and other technologies, combined with the You'an Technology team's years of application security attack and defense theory and emergency response practical experience. Assist governments at all levels and enterprises/institutions to comprehensively protect WEB application security and implement comprehensive protection solutions for WEB servers.

2 Technical advantages

1.2.1 Advanced semantic engine

South Wall uses four industry-leading detection engines based on semantic analysis: SQL, XSS, RCE, and LFI. Combined with a variety of deep decoding engines, it can truly restore HTTP content such as base64, json, and form-data, thus effectively resisting various bypasses. WAF attack method, and compared with traditional regular matching, has the characteristics of high accuracy, low false positive rate, and high efficiency. Administrators do not need to maintain a complex rule base to intercept multiple attack types.

1.2.2 Intelligent 0day defense

Nanqiang innovatively uses machine learning technology, uses anomaly detection algorithms to distinguish between normal HTTP traffic and attack traffic, and performs whitelist threat modeling on normal traffic. The transformer algorithm automatically learns the parameter characteristics in normal traffic and converts them into the corresponding parameter whitelist rule library. When faced with various sudden 0-day vulnerabilities, the attack can be intercepted without adding rules, eliminating the need for website administrators to avoid vulnerabilities as soon as they occur. The pain of having to burn the midnight oil to fight escalates.

1.2.3 Advanced Rules Engine

Nanqiang actively uses the high performance of nginx and the high performance and high flexibility of luajit. In addition to providing the traditional rule creation mode that is more friendly to ordinary users, it also provides the Lua script rule writing function with high scalability and high flexibility. , allowing senior security administrators with certain programming skills to create a series of advanced vulnerability protection rules that traditional WAF cannot achieve. This makes it easier to intercept some complex vulnerabilities.

3 Introduction to use

2.1 Login management

For the login interface, visit https://ip:4443/. The username for first-time login is admin and the password is wafadmin. After entering, click Login to enter. The interface is as follows:

Login interface (Figure 1)

Home page interface (Figure 2)

2.2 Function introduction

2.2.1 Rule management

The rule management interface can add, edit, query and enable waf rules as shown in the figure below:

Rule management interface (Figure 3)

In the rule editing interface, the filtering stage can be divided into three stages: "request stage" (filtering data sent by the client), "return http header" (returned http header content), and "return page" (returned web page content) . The content of the rules is in dsl language or lua scripting language (for details, please refer to Chapter 3 -> Rule Introduction -> External Rules), as shown in the following figure:

2.2.2 Attack query

The attack query page can query attack events and export reports based on attack time, attack type, domain name and other information, as shown in the following figure:

Attack query interface (Figure 4)

2.2.3 Export report

The attack report can be exported based on the results of the attack query page. The attack report consists of attack statistics and attack details, as shown in the following figure:

Export report interface (Figure 5)

2.2.4 User settings

The user settings page allows you to modify the user name, password and other information of the waf management account, as shown in the figure below:

Version download:

「WAF」https://www.aliyundrive.com/s/GttM5jMuZYz Extraction code: 01bp

waf.v1.5.tgz installation package and documentation

*.txt md5

Currently in beta testing stage. Welcome to experience. Feedback and comments are welcome if encountered.