seawaf-agent 一个开源的web应用程序防火墙组件

seawaf-agent 一个开源的web应用程序防火墙组件

seawaf-agent

An open source web application firewall component

why

Applications should not be delegating most of their runtime protection to the external devices. Applica-tions should be capable of self- protection (i.e., have protection features built into the application runtime environment). --by Gartner Joseph Feiman

features

exception manager counter,capture,protect quota manager limit max sessionslimit max sessions per userlimit max online userslimit max single url opened per session in self-define time unit attack defence SQL InjectionXSSclick jack muti-mode support

screenshots

how to

Adding the follow configuration to your web.xml

security-filter com.seawaf.filters.WafFilter security-filter /* com.seawaf.listeners.WafSessionAttrListener com.seawaf.listeners.WafSessionListener seawaf com.seawaf.SecurityCenter seawaf /seawaf

install validation

configuration

copy the following text to waf.xml and put it to /your/webapp/WEB-INF

EHR Human Resource Management System 192.168.1.131 8080 prd user name id true john@abc.com 1000 1 500 10/5s 5 http://127.0.0.1 true true global except names global except urls SQL SQL Inject Detect password replace XSS XSS Attack Detect |iframe|frame ]]> password replace dangerous-char Dangerous Char Detect password replace true john@abc.com 10 1 5 30/10s 5 http://127.0.0.1 enabled enabled global except names global except urls SQL SQL Inject Detect password warn XSS XSS Attack Detect |iframe|frame ]]> intercept dangerous-char Dangerous Char Detect ]]> replace

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。