Hierarchical rule development and binding for web application server firewall
First Claim
1. A method of operating a central processor configuring a web application server firewall, which enabled inside a web application server, to process HTTP request messages and HTTP response messages received from at least one client computer in accordance with a plurality of security rules, said method comprising the steps of:
- building a plurality of HTTP message models having parent portions and child portions, said plurality of HTTP message models including a first HTTP message model configured to process said HTTP request messages and a second HTTP message model configured to process said HTTP response messages, each of said first and second HTTP message models comprising a plurality of message model sections;
developing said plurality of security rules, each security rule specifying at least one action responsive to a given condition, said given condition being based, at least in part, on a corresponding section of a message intercepted by said web application server firewall; and
binding said plurality of security rules to said message model sections, wherein said binding comprises inheriting, by at least one child portion of at least one of the plurality of HTTP message models, at least one of said plurality of security rules from at least one of the parent portions of said at least one of the plurality of HTTP message models.
2 Assignments
0 Petitions
Accused Products
Abstract
At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.
-
Citations
9 Claims
-
1. A method of operating a central processor configuring a web application server firewall, which enabled inside a web application server, to process HTTP request messages and HTTP response messages received from at least one client computer in accordance with a plurality of security rules, said method comprising the steps of:
-
building a plurality of HTTP message models having parent portions and child portions, said plurality of HTTP message models including a first HTTP message model configured to process said HTTP request messages and a second HTTP message model configured to process said HTTP response messages, each of said first and second HTTP message models comprising a plurality of message model sections; developing said plurality of security rules, each security rule specifying at least one action responsive to a given condition, said given condition being based, at least in part, on a corresponding section of a message intercepted by said web application server firewall; and binding said plurality of security rules to said message model sections, wherein said binding comprises inheriting, by at least one child portion of at least one of the plurality of HTTP message models, at least one of said plurality of security rules from at least one of the parent portions of said at least one of the plurality of HTTP message models. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An article of manufacture comprising a computer program product for configuring a web application server firewall, which enabled inside a web application server, to process HTTP request messages and HTTP response messages received from at least one client computer in accordance with a plurality of security rules, said computer program product comprising:
-
a non-transitory computer readable storage medium storing computer readable program code, said computer readable program code comprising; computer readable program code configured to build a plurality of HTTP message models having parent portions and child portions, said plurality of HTTP message models including a first HTTP message model configured to process said HTTP request messages and a second HTTP message model configured to process said HTTP response messages, each of said first and second HTTP message models comprising a plurality of message model sections; computer readable program code configured to develop said plurality of security rules, each security rule specifying at least one action responsive to a given condition, said given condition being based, at least in part, on a corresponding section of a message intercepted by said web application server firewall; and computer readable program code configured to bind said plurality of security rules to said message model sections, wherein said binding comprises inheriting, by at least one child portion of at least one of the plurality of HTTP message models, at least one of said plurality of security rules from at least one of the parent portions of said at least one of the plurality of HTTP message models. - View Dependent Claims (7, 8, 9)
-
Specification