Hierarchical rule development and binding for web application server firewall
First Claim
1. A web application server executing a web application and a web application server firewall, the web application server comprising:
- an interface to a communications network, the communications network passing a plurality of messages between at least one client computer and the web application;
a connector module executing on at least one processor of the web application server and intercepting a plurality of HTTP request messages of the plurality of messages and a plurality of HTTP response messages of the plurality of messages, wherein the HTTP request messages and HTTP response messages;
a message handler module executing on the at least one processor of the web application server and parsing the HTTP request messages and the HTTP response messages into a plurality of message sections in accordance with a plurality of message model sections of a HTTP message model;
a runtime engine module executing on the at least one processor of the web application server and processing the HTTP request messages and the HTTP response messages in accordance with the message sections and a plurality of bound security rules, wherein the bound security rules are each bound to one or more message model sections of the HTTP message model, and at least one bound security rule is fired upon determining that a given message includes a message section matching at least one of the message model sections to which the at least one bound security rule is bound; and
a memory storing a plurality of security rules including unbound security rules and the bound security rules, wherein at least one of the bound security rules corresponding to a parent portion of the HTTP message model and is inherited by a child portion of the HTTP message model.
2 Assignments
0 Petitions
Accused Products
Abstract
At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.
36 Citations
4 Claims
-
1. A web application server executing a web application and a web application server firewall, the web application server comprising:
-
an interface to a communications network, the communications network passing a plurality of messages between at least one client computer and the web application; a connector module executing on at least one processor of the web application server and intercepting a plurality of HTTP request messages of the plurality of messages and a plurality of HTTP response messages of the plurality of messages, wherein the HTTP request messages and HTTP response messages; a message handler module executing on the at least one processor of the web application server and parsing the HTTP request messages and the HTTP response messages into a plurality of message sections in accordance with a plurality of message model sections of a HTTP message model; a runtime engine module executing on the at least one processor of the web application server and processing the HTTP request messages and the HTTP response messages in accordance with the message sections and a plurality of bound security rules, wherein the bound security rules are each bound to one or more message model sections of the HTTP message model, and at least one bound security rule is fired upon determining that a given message includes a message section matching at least one of the message model sections to which the at least one bound security rule is bound; and a memory storing a plurality of security rules including unbound security rules and the bound security rules, wherein at least one of the bound security rules corresponding to a parent portion of the HTTP message model and is inherited by a child portion of the HTTP message model. - View Dependent Claims (2, 3, 4)
-
Specification