HIERARCHICAL RULE DEVELOPMENT AND BINDING FOR WEB APPLICATION SERVER FIREWALL
First Claim
1. A method for operating a web application server firewall, said method comprising the steps of:
- intercepting at least one of an HTTP request message and an HTTP response message;
identifying a corresponding HTTP message model, based on said intercepting step, said HTTP message model comprising a plurality of message model sections;
parsing a representation of said at least one of an HTTP request message and an HTTP response message into message sections in accordance with said message model sections of said HTTP message model;
binding a plurality of security rules to said message model sections, said plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding given one of said message sections; and
processing said at least one of an HTTP request message and an HTTP response message in accordance with said plurality of security rules.
2 Assignments
0 Petitions
Accused Products
Abstract
At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.
223 Citations
22 Claims
-
1. A method for operating a web application server firewall, said method comprising the steps of:
-
intercepting at least one of an HTTP request message and an HTTP response message; identifying a corresponding HTTP message model, based on said intercepting step, said HTTP message model comprising a plurality of message model sections; parsing a representation of said at least one of an HTTP request message and an HTTP response message into message sections in accordance with said message model sections of said HTTP message model; binding a plurality of security rules to said message model sections, said plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding given one of said message sections; and processing said at least one of an HTTP request message and an HTTP response message in accordance with said plurality of security rules. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for developing rules for a web application server firewall, said method comprising the steps of:
-
anticipating at least one of an HTTP request message and an HTTP response message likely to be processed by said web application server firewall; building a corresponding HTTP message model, based on said anticipating step, said HTTP message model comprising a plurality of message model sections; developing a plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding section of an actual message; and binding said plurality of security rules to said message model sections. - View Dependent Claims (9, 10, 11, 12)
-
-
13. An article of manufacture comprising a computer program product for operating a web application server firewall, said computer program product comprising:
a computer readable storage medium, storing in a non-transitory manner computer readable program code, the computer readable program code comprising; computer readable program code configured to intercept at least one of an HTTP request message and an HTTP response message; computer readable program code configured to identify a corresponding HTTP message model, based on said intercepting step, said HTTP message model comprising a plurality of message model sections; computer readable program code configured to parse a representation of said at least one of an HTTP request message and an HTTP response message into message sections in accordance with said message model sections of said HTTP message model; computer readable program code configured to bind a plurality of security rules to said message model sections, said plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding given one of said message sections; and computer readable program code configured to process said at least one of an HTTP request message and an HTTP response message in accordance with said plurality of security rules. - View Dependent Claims (14, 15, 16, 17, 18)
-
19. An article of manufacture comprising a computer program product for developing rules for a web application server firewall, said computer program product comprising:
a computer readable storage medium, storing in a non-transitory manner computer readable program code, the computer readable program code comprising; computer readable program code configured to build an HTTP message model, said HTTP message model comprising a plurality of message model sections, said HTTP message model being based on at least one of an HTTP request message and an HTTP response message anticipated as likely to be processed by said web application server firewall; computer readable program code configured to develop a plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding section of an actual message; and computer readable program code configured to bind said plurality of security rules to said message model sections. - View Dependent Claims (20, 21, 22)
Specification