WAF Generation background

While web applications are becoming more and more abundant, web server has gradually become the main attack target with its powerful computing power, processing performance and high value. SQL injection, web page tampering, web page hanging horse and other security events occur frequently. Enterprises and other users generally use firewall as the first line of defense of the security system. However, in reality, there are various security problems in web servers and applications, and with the progress of hacker technology, it becomes more difficult to prevent, because these problems are difficult to detect and block by ordinary firewall, resulting in WAF (web application protection system). Web application firewall (WAF) represents a new type of information security technology to solve the web application security problem of traditional devices such as firewall. Different from the traditional firewall, WAF works in the application layer, so it has inherent technical advantages for web application protection. Based on the deep understanding of web application business and logic, WAF detects and verifies the content of various requests from web application clients to ensure their security and legitimacy, and blocks illegal requests in real time, so as to effectively protect various websites.

YDWAF introduction

YDWAF is a web firewall developed for web application protection based on the nginx source code of one of the best web servers. YDWAF has the following features:

Superior performance

C language development, rich man-machine verification modules, the same hardware conditions and stronger processing capacity.

Intelligent defense

Multiple strategy combinations, intelligent defense, SEO affinity, black-and-white list, SQL injection, and rich filtering rules to meet different application scenarios.

Two layer filtration

XDP module performs several times better than ipset through the IP blocking processing of the driver layer, and the single core processing capacity reaches 300000 QPS.

Bypass technology

YDWAF has kernel version and dpdk version. Dpdk version supports network throughput of more than 10000 m, and a single machine can cope with 5 million QPS processing interception capacity, so it is easy to build cloud WAF.

Update log

The following shows the recent updates of WAF.

WAF update January 24, 2022

  • 1.Optimize post protection
  • 3.Optimize the global black and white list
  • WAF update January 14, 2022

  • 1.ACL rules add authentication rules
  • 2.Add HTTP header authentication method to ACL rules
  • 4.WAF added rotating picture verification
  • 5.Optimized post attack interception
  • WAF update on December 13, 2021

  • 1.Webmaster tool SEO monitoring IP join the white list
  • 2.Chuangyu credit authentication monitoring IP added to the white list
  • WAF update on December 1, 2021

  • 1.Expand the capacity of WAF blocked IP pool
  • 2.Fix WAF regular rule
  • WAF update November 29, 2021

  • 1.Add low frequency request filtering rule
  • 2.Add HTTP request filtering and select the forbidden type
  • 3.Repair port CC protection filter
  • WAF update November 20, 2021

  • 1.Fix WAF head problem
  • WAF update November 9, 2021

  • 1.Public WAF policy update (shielding malicious spiders)
  • ......