Hierarchical rule development and binding for web application server firewall
First Claim
1. A method for operating a web application server firewall, said method comprising the steps of:
- building a plurality of HTTP message models for anticipated messages including HTTP request messages and HTTP response messages, said plurality of HTTP message models including at least a first HTTP message model and a second HTTP message model corresponding to an HTTP request message and an HTTP response message, respectively, and each of said plurality of HTTP message models comprising a plurality of message model sections;
intercepting at least one of said HTTP request message and said HTTP response message;
identifying a corresponding HTTP message model from among said plurality of HTTP message models, based on said intercepting step, said HTTP message model comprising a plurality of message model sections;
parsing a representation of said at least one of said HTTP request message and said HTTP response message into message sections in accordance with said message model sections of said HTTP message model;
binding a plurality of security rules to said message model sections, said plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding given one of said message sections; and
processing said at least one of said HTTP request message and said HTTP response message in accordance with said plurality of security rules.
2 Assignments
0 Petitions
Accused Products
Abstract
At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.
65 Citations
13 Claims
-
1. A method for operating a web application server firewall, said method comprising the steps of:
-
building a plurality of HTTP message models for anticipated messages including HTTP request messages and HTTP response messages, said plurality of HTTP message models including at least a first HTTP message model and a second HTTP message model corresponding to an HTTP request message and an HTTP response message, respectively, and each of said plurality of HTTP message models comprising a plurality of message model sections; intercepting at least one of said HTTP request message and said HTTP response message; identifying a corresponding HTTP message model from among said plurality of HTTP message models, based on said intercepting step, said HTTP message model comprising a plurality of message model sections; parsing a representation of said at least one of said HTTP request message and said HTTP response message into message sections in accordance with said message model sections of said HTTP message model; binding a plurality of security rules to said message model sections, said plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding given one of said message sections; and processing said at least one of said HTTP request message and said HTTP response message in accordance with said plurality of security rules. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An article of manufacture comprising a computer program product for operating a web application server firewall, said computer program product comprising:
- a computer readable storage medium, storing in a non-transitory manner computer readable program code, the computer readable program code comprising;
computer readable program code configured to build a plurality of HTTP message models for anticipated messages including HTTP request messages and HTTP response messages, said plurality of HTTP message models including at least a first HTTP message model and a second HTTP message model corresponding to an HTTP request message and an HTTP response message, respectively, and each of said plurality of HTTP message models comprising a plurality of message model sections; computer readable program code configured to intercept at least one of said HTTP request message and said HTTP response message; computer readable program code configured to identify a corresponding HTTP message model from among said plurality of HTTP message models, based on said intercepting step, said HTTP message model comprising a plurality of message model sections; computer readable program code configured to parse a representation of said at least one of said HTTP request message and said HTTP response message into message sections in accordance with said message model sections of said HTTP message model; computer readable program code configured to bind a plurality of security rules to said message model sections, said plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding given one of said message sections; and computer readable program code configured to process said at least one of said HTTP request message and said HTTP response message in accordance with said plurality of security rules. - View Dependent Claims (9, 10, 11, 12, 13)
- a computer readable storage medium, storing in a non-transitory manner computer readable program code, the computer readable program code comprising;
Specification