WEB应用防护系统说明书

深信服虚拟化Web应用防火墙云WAF 用户手册产品版本8.0.28文档版本 01发布日期2021-03-12深信服科技股份有限公司版权所有©深信服科技股份有限公司 2020。

保留一切权利。

除非深信服科技股份有限公司（以下简称“深信服公司”）另行声明或授权，否则本文件及本文件的相关内容所包含或涉及的文字、图像、图片、照片、音频、视频、图表、色彩、版面设计等的所有知识产权（包括但不限于版权、商标权、专利权、商业秘密等）及相关权利，均归深信服公司或其关联公司所有。

未经深信服公司书面许可，任何人不得擅自对本文件及其内容进行使用（包括但不限于复制、转载、摘编、修改、或以其他方式展示、传播等）。

注意您购买的产品、服务或特性等应受深信服科技股份有限公司商业合同和条款的约束，本文档中描述的全部或部分产品、服务或特性可能不在您的购买或使用范围之内。

除非合同另有约定，深信服科技股份有限公司对本文档内容不做任何明示或默示的声明或保证。

由于产品版本升级或其他原因，本文档内容会不定期进行更新。

除非另有约定，本文档仅作为使用指导，本文档中的所有陈述、信息和建议不构成任何明示或暗示的担保。

前言关于本文档本文档针对深信服虚拟化Web应用防火墙产品，介绍了云WAF的架构、特性、安装和运维管理。

产品版本本文档以下列产品版本为基准写作。

后续版本有配置内容变更时，本文档随之更新发布。

读者对象本手册建议适用于以下对象：⚫网络设计工程师⚫运维人员符号约定在本文中可能出现下列标志，它们所代表的含义如下。

在本文中会出现图形界面格式，它们所代表的含义如下。

修订记录修订记录累积了每次文档更新的说明。

最新版本的文档包含以前所有文档版本的更新内容。

资料获取您可以通过深信服官方网站获取产品的最新资讯：获取安装/配置资料、软件版本及升级包、常用工具地址如下：深信服科技深信服技术服务技术支持用户支持邮箱：*******************.cn技术支持热线电话：400-630-6430（手机、固话均可拨打）深信服科技服务商及服务有效期查询：https:///plugin.php?id=service:query意见反馈如果您在使用过程中发现任何产品资料的问题，可以通过以下方式联系我们。

雷池（SafeLine）Web应用防火墙用户操作手册版本2.1目录1产品概述 (7)1.1产品介绍 (7)1.2核心优势 (7)1.2.1智能语义分析技术 (7)1.2.2 0day漏洞防护能力 (7)1.2.3高度自定义的扩展能力 (8)1.2.4上手简单、管理高效 (8)2登录 (9)2.1上传许可证 (9)2.2登录雷池管理后台 (10)2.2.1密码认证 (10)2.2.2证书认证 (10)3统计信息 (12)3.1防护状态总览 (12)3.1.1防护状态总览查看 (12)3.1.2数据展示详情介绍 (12)3.2防护报告导出 (20)3.2.1定时报告任务 (20)3.2.2防护报告 (22)3.3实时访问监控 (27)3.4攻击检测统计 (28)3.5实时大屏 (28)3.5.1大屏信息 (29)3.5.2大屏配置 (29)4网络管理 (31)4.1网络接口配置 (31)4.1.1网络接口管理 (31)4.1.2工作组管理 (34)4.1.3 19.09版本透明桥/流量镜像模式配置更新说明 (38)4.2管理服务配置 (39)4.2.1 SSH 管理 (40)4.2.2 SNMP 管理 (41)4.2.3 Web 管理 (45)4.2.4 PING 管理 (46)4.2.5管理时间配置 (46)4.3高可用配置 (48)4.3.1高可用配置 (49)4.3.2高可用状态 (49)4.4域名解析配置 (49)4.5路由管理 (51)4.5.1默认网关配置 (51)4.5.2路由表管理 (51)4.6网络诊断工具 (52)5网站防护 (56)5.1防护站点管理 (56)5.1.1防护站点详情 (59)5.1.2防护站点配置 (61)5.2防护策略管理 (69)5.2.1配置说明 (71)5.2.2攻击检测模块说明 (72)5.2.3防护策略管理常用操作指南 (82)5.3自定义规则 (83)5.3.1自定义规则检测说明 (84)5.3.2自定义规则配置说明 (85)5.3.3自定义规则高级选项配置 (89)5.3.4自定义规则操作说明 (90)5.3.5自定义规则的导入导出 (91)5.4访问频率控制 (92)5.4.1访问频率限制规则 (92)5.4.2不限制这些用户 (97)5.5SSL 证书管理 (99)5.6IP组管理 (101)5.6.1添加IP组 (101)5.6.2删除IP组 (102)5.6.3 IP组筛选 (103)5.7扩展插件管理 (104)5.8情报模块 (105)5.8.1情报同步配置 (106)5.8.2情报同步状态 (107)5.8.3情报同步信息 (107)5.8.4威胁情报-自定义规则 (108)6日志管理 (110)6.1攻击检测日志 (110)6.2频率访问日志 (119)6.3扩展插件日志 (120)6.4系统操作日志 (120)6.5日志归档管理 (120)6.5.1攻击检测日志归档 (120)6.5.2访问频率控制日志归档 (123)6.5.3扩展插件日志归档 (123)6.5.4系统操作日志归档 (123)7系统设置 (124)7.1告警收信配置 (124)7.1.1设置告警人接收人 (124)7.1.2设置SYSLOG发信格式 (126)7.1.3告警阈值配置 (132)7.1.4邮件发信配置 (134)7.2系统用户设置 (135)7.2.1查看和编辑用户信息 (135)7.2.2添加一个新用户 (137)7.2.3删除用户 (140)7.2.4用户管理配置 (141)7.3配置备份还原 (145)7.3.1查看及新建备份 (145)7.3.2下载及删除备份 (146)7.3.3还原备份 (147)7.4其他系统设置 (148)7.4.1上传及更新HTTPS证书 (148)7.4.2配置管理后端用户IP的获取方式 (149)7.4.3系统时间设置 (150)7.4.4数据重置 (151)8系统信息 (153)8.1节点状态 (153)8.1.1负载状态 (153)8.1.2网络状态 (153)8.1.3检测状态 (153)8.1.4转发状态 (153)8.1.5磁盘状态 (153)8.1.6历史数据查询 (154)8.2系统固件信息 (155)8.2.1当前固件版本 (155)8.2.2固件升级 (155)8.3许可证信息 (156)8.3.1当前许可证信息版本 (156)8.3.2许可证更新 (156)8.4关于产品 (156)9个人中心 (157)9.1个人信息 (157)9.2使用偏好 (157)9.3OPEN API (158)9.3.1查看和编辑OPEN API TOKEN (158)9.3.2添加OPEN API TOKEN (159)9.3.3删除OPEN API TOKEN (162)1产品概述1.1产品介绍雷池（SafeLine）是由长亭科技自主研发的全球首款基于智能语义分析技术的下一代Web 应用防护产品，曾入围Gartner 2018 《Web应用防火墙魔力象限报告亚太版》。

Version2.8.3版本说明本手册包含了WAF_2.5版本以及后续版本的版本说明，主要介绍了各版本的新增功能、已知问题等内容。

l WAF2.8.3l WAF2.8l WAF_2.7.3l WAF_2.7.1l WAF_2.7l WAF_2.6.5l WAF_2.6l WAF_2.5.1l WAF_2.5WAF2.8.3发布日期：2021年11月19日本次发布主要支持如下功能：l新增WAF国产平台型号SG-6000-W5160-GC，采用飞腾8核处理器，性能更加强大。

l支持识别、转发非HTTP协议流量（HTTP站点）和非SSL协议流量（HTTPS站点），可精准防护HTTP协议流量，同时识别、转发非HTTP协议流量，兼顾用户的安全需求和业务需求。

l基于ARM架构的vWAF以及SG-6000-W5160-GC和SG-6000-W3060-GC支持漏洞扫描功能。

版本发布相关信息：https:///show_bug.cgi?id=25662平台和系统文件新增功能已解决问题已知问题浏览器兼容性以下浏览器通过了WebUI测试，推荐用户使用：l IE11l Chrome获得帮助Hillstone Web应用防火墙设备配有以下手册：请访问https://进行下载。

l《Web应用防火墙_WebUI用户手册》l《Web应用防火墙_CLI命令行手册》l《Web应用防火墙_硬件参考指南》l《Web应用防火墙典型配置案例手册》l《Web应用防火墙日志信息参考指南》l《Web应用防火墙SNMP私有MIB信息参考指南》l《vWAF_WebUI用户手册》l《vWAF_部署手册》l《WAF国产系列_硬件参考指南》服务热线：400-828-6655官方网址：https://WAF2.8发布日期：2021年9月17日本次发布主要支持如下功能：l vWAF支持部署在基于鲲鹏和飞腾架构的虚拟化平台上。

l支持多虚拟路由器模式，站点可通过绑定不同的虚拟路由器对Web网站进行精细化防护。

While web applications are now an integral part of every company’s core business infrastructure, they also provide a high profile target for malicious activities. These malicious activities can range from simple defacement attacks to more damaging denial of service attacks or data harvesting attacks. The more serious malicious activity can result in damage to customer confidence and loyalty, brand reputation, and corporate credibility. Mandated by the Payment Card and Industry Data Security Standard (PCI DSS) regulatory framework, the protection of web applications are a tremendous challenge that traditional security tools are unable to solve.The FortiWeb-1000B appliance protects web applications and web services from attacks and data loss. Using advanced techniques to protect against SQL injection, Cross site scripting and a range of other attacks, FortiWeb appliances help to prevent identity theft, financial fraud, and corporate espionage that can result in significant damage to a corporation’s bottom-line. With Web Application Firewall, XML Firewall, Web Traffic Acceleration, and Application Traffic Balancer capabilities built into one hardware accelerated platform, the FortiWeb-1000B appliance meets data security standards, reduces deployment effort, and offers cost-effective web application security for any medium or large enterprise.FortiWeb ™-1000BMedium Enterprise Large EnterpriseCombined Web Application and XML Firewall••••••••••••••••••Datasheet••••••••••••••••••Inline Reverse Proxy, Transparent, and Offline Deployment ModesAuto-Learning Security ProfilesFortiWeb-1000B (FWB-1000B)FLEXIBLE DEPLOYMENT OPTIONSFortiWeb supports inline reverse proxy, transparent, and offline deployment modes. It provides a totally flexible solution to introduce FortiWeb into existing network implementations without the need for a network-level redesign. The offline mode and transparent mode can monitor and analyze real time web traffic, without requiring changes to the existing web application or network infrastructure.Copyright© 2009 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.FWB1000B-DAT-R1-0909GLOBAL HEADQUARTERS Fortinet Incorporated1090 Kifer Road, Sunnyvale, CA 94086 USA Tel +1-408-235-7700 Fax +/sales EMEA SALES OFFICE-FRANCE Fortinet Incorporated 120 rue Albert Caquot06560, Sophia Antipolis, France Tel +33-4-8987-0510 Fax +33-4-8987-0501APAC SALES OFFICE-SINGAPORE Fortinet Incorporated 61 Robinson Road#09-04 Robinson Centre Singapore 068893Tel: +65-6513-3730Fax: +65-6223-6784。

Executive SummaryFortiWeb Cloud Web Application Firewall-as-a-Service (WAFaaS) deliversfull-featured, cost-effective security for web applications with a minimumof configuration and management. Delivered through major cloud platforms, including AWS, Azure, Google Cloud, and Oracle Cloud, FortiWeb Cloud features a high level of scalability as well as on-demand pricing. While FortiWeb Cloud can protect applications deployed in the data center or in the cloud, customers who host their applications on these public clouds can achieve benefits such as reduced latency, simplified compliance, and lower bandwidth costs. Securing Web ApplicationsCloud service providers and application owners share the responsibility for securing web applications deployed to the cloud. This arrangement has advantages in that providers typically deploy robust security for the platform itself, removing that burden from the application owner. However, securing the application itself rests squarely with the owner, a stipulation that AWS1 and other providers make clear in their service agreements.Best practices for web application security include the deployment of a WAF as the cornerstone of a comprehensive security solution. WAFs use a combination of rules, threat intelligence, and heuristic analysis of traffic to ensure that malicious traffic is detected and blocked before reaching web applications.The task of protecting on-premises application software typically falls to a security architect or other security professional within the CIO or CISO organization.In contrast, the DevOps team often fills this role for cloud-based applications, consistent with DevOps principles of end-to-end responsibility and cross-functional, autonomous teams. As a result, DevOps teams need the right tools to embed effective security controls into their process—simply repurposing traditional workflows and processes will not do the job. Also, the additional workload of managing WAFs consumes valuable time on the part of DevOps teams and can elongate time-to-release cycles and inhibit continuous improvement efforts.FortiWeb Cloud Features nn Advanced protection against OWASP Top 10 threats, zero-day threats, and morenn Purchasing flexibility—buy directly through a cloud marketplace or your preferred resellernn Easy deployment with a setup wizard and predefined policiesnn Streamlined management with an intuitive dashboard for end-to-end security visibility and managementnn Delivered on public cloud, including AWS, Azure, Google Cloud, and Oracle Cloud, which offers low latencyand unmatched elasticity and scalabilityCloud-native Solution for Web Application Security: FortiWeb Cloud WAF-as-a-Service for AWS, Azure, Google Cloud, and Oracle Cloud SOLUTION BRIEFThe Expanding Attack SurfaceThe threat landscape today can be daunting for organizations considering a move to the cloud. More than three-quarters of successful attacks are motivated by financial gain,2 which can take the form of ransomware, exfiltration of valuable personal information, or compromised intellectual property. Furthermore, breaches happen fast—87% take place in just minutes 3—and most go undiscovered for months or more (Figure 1).4Internet-facing web applications pose unique security challenges compared to traditional solutions deployed within theorganization’s network perimeter. Every time a company deploys a new internet-facing web application, the attack surface grows. As DevOps teams accelerate the rate of development and new releases, the attack surface evolves more rapidly than ever. This expanded attack surface challenges traditional approaches to application security.Enhanced Protection With FortiWebTo address the diverse needs of organizations for web application security, Fortinet offers the FortiWeb family of solutions.FortiWeb WAF provides advanced features that defend web applications from known and zero-day threats. Using an advanced multilayered and correlated approach, FortiWeb delivers complete security for external and internal web-based applications from the OWASP Top 10 and many other threats. At the heart of FortiWeb are its dual-layer artificial intelligence (AI)-based detection engines that intelligently detect threats with nearly no false-positive detections.FortiWeb Cloud WAF-as-a-ServiceDesigned for web applications that demand the highest level of protection, FortiWeb Cloud provides robust security that is simple to deploy, easy to manage, and cost effective. With FortiWeb Cloud, DevOps teams and security architects alike have access to the same proven detection techniques used in other FortiWeb form factors without the need for costly capitalinvestments. Unlike solutions that simply spin up virtual machines for each customer and increase the management workload, FortiWeb Cloud delivers a true Software-as-a-Service (SaaS) solution that leverages public cloud to offer highly scalable and low-latency application security.FortiWeb VMFortiWeb VM is an enterprise-class offering that provides the FortiWeb functionality in a virtual form factor. Designed forhybrid environments, the virtual version of FortiWeb includes protection for container-based applications. FortiWeb VM can be deployed in VMware, Microsoft Hyper-V, Citrix XenServer, Open Source Xen, VirtualBox, KVM, and Docker platforms.of breaches are financially removed.76%of compromise take minutes or less.87%30JAN of threats go undiscovered for a month or more.68%Figure 1: Threat statistics from recent published studies.uses machine learning (ML)-enabled technology to minimize false positives while accurately identifying real threats.Figure 3: FortiWeb Cloud dashboard.Attacks/ThreatsApplication C o r r e l a t i o n U s e r /D e v i c e T h r e a t S c o r i n gFigure 2: Common attack vectors and remediation techniques.Easy to Deploy and Manage FortiWeb Cloud enables rapid application deployments in the public cloud while addressing compliance standards and protecting business-critical web applications. To facilitate use by nonsecurity professionals, FortiWeb Cloud comes with a setup wizard and a default configuration that can be easily modified to meet individual requirements. FortiWeb Cloud delivers cloud-native application security that can be deployed in minutes. After going through the setup wizard, simply update your DNS setting and your web application is protected.Busy DevOps staff have no time for extensive WAF training. To address this issue, FortiWeb Cloud features an intuitive real-time dashboard that allows DevOps staff and other nonsecurity professionals to see and understand quickly the security status of their web applications (Figure 3).Copyright © 2021 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.April 6, 2021 11:46 PMInternet Data transfer fees included in FortiWeb subscription Intra-region data transfer feesCost-effective SecurityAs a cloud-native SaaS solution, FortiWeb Cloud features lower capital expenditures (CapEx) and operational expenditures (OpEx) compared to on-premises solutions. AWS, Azure, Google Cloud, and Oracle Cloud provide the hardware and software components of the infrastructure, virtually eliminating the need for capital investments as well as the operating costs associated with platform maintenance. By removing the burden of maintaining and upgrading the platform, customers can focus on improving the application and delivering business value to their organizations.The SaaS business model—pay only for what you use—gives customers flexibility in managing their security budgets as well as the ability to institute chargebacks and other cost-control measures. Customers who host their applications on these clouds can reduce costs significantly because they must only pay data transfer fees for traffic from the application to the WAF—as the data transfer costs for outbound traffic are included in the FortiWeb subscription (Figure 4).Figure 4: Data transfer fees for applications hosted on public clouds.Conclusion Utilizing a comprehensive, correlated, multilayer approach to web application security, FortiWeb Cloud protects web-based applications from all of the Top 10 OWASP security risks and many more. Unique among WAFs on the market, FortiWeb Cloud leverages ML capabilities to detect both known and unknown exploits targeting web applications with almost no false positives. Delivered via public cloud providers including AWS, Azure, Google Cloud, and Oracle Cloud, FortiWeb Cloud features low latency and high elasticity and can easily and quickly scale to accommodate changes in traffic. Further, FortiWeb Cloud keeps web applications safe from vulnerability exploits, bots, malware uploads, DDoS attacks, APTs, and zero-day attacks.1 “Shared Responsibility Model ,” AWS, accessed June 20, 2019.2 “2018 Data Breach Investigations Report ,” Verizon, accessed June 18, 2019.3Ibid.4 Ibid.5 “OWASP Top 10-2017: The Ten Most Critical Web Application Security Risks ,” OWASP, accessed May 25, 2018.。

H3C SecPath Web应用防火墙安全手册杭州华三通信技术有限公司资料版本：APW100-20150612Copyright © 2015 杭州华三通信技术有限公司及其许可者 版权所有，保留一切权利。

未经本公司书面许可，任何单位和个人不得擅自摘抄、复制本书内容的部分或全部，并不得以任何形式传播。

H3C 、、H3CS 、H3CIE 、H3CNE 、Aolynk 、、H 3Care 、、IRF 、NetPilot 、Netflow 、SecEngine 、SecPath 、SecCenter 、SecBlade 、Comware 、ITCMM 、HUASAN 、华三均为杭州华三通信技术有限公司的商标。

对于本手册中出现的其它公司的商标、产品标识及商品名称，由各自权利人拥有。

由于产品版本升级或其他原因，本手册内容有可能变更。

H3C 保留在没有任何通知或者提示的情况下对本手册的内容进行修改的权利。

本手册仅作为使用指导，H3C 尽全力在本手册中提供准确的信息，但是H3C 并不确保手册内容完全没有错误，本手册中的所有陈述、信息和建议也不构成任何明示或暗示的担保。

技术支持用户支持邮箱：***************技术支持热线电话：400-810-0504（手机、固话均可拨打）网址：资料获取方式您可以通过H3C 网站（ ）获取最新的产品资料：H3C 网站与产品资料相关的主要栏目介绍如下：•[服务支持/文档中心]：可以获取硬件安装类、软件升级类、配置类或维护类等产品资料。

•[产品技术]：可以获取产品介绍和技术介绍的文档，包括产品相关介绍、技术介绍、技术白皮书等。

•[解决方案]：可以获取解决方案类资料。

• [服务支持/软件下载]：可以获取与软件版本配套的资料。

资料意见反馈如果您在使用过程中发现产品资料的任何问题，可以通过以下方式反馈：E-mail ：************感谢您的反馈，让我们做得更好！环境保护本产品符合关于环境保护方面的设计要求，产品的存放、使用和弃置应遵照相关国家法律、法规要求进行。

密级：限定发布南墙WEB应用防火墙使用手册V1.8“不撞南墙不回头”版权声明© 2005-2022，有安科技本文中出现的任何文字叙述、文档格式、插图、照片、方法、过程等内容，除另有特别注明，版权均属有安科技所有，受到有关产权及版权法保护。

任何个人、机构未经书面授权许可，不得以任何方式复制或引用本文件的任何片断。

目录1产品概述 (1)1.1产品介绍 (1)1.2技术优势 (2)1.2.1先进语义引擎 (2)1.2.2智能0day防御 (2)1.2.3高级规则引擎 (2)2使用介绍 (3)2.1登录管理 (3)2.1.1登录界面 (3)2.1.2安全态势 (4)2.2功能介绍 (5)2.2.1规则管理 (5)2.2.2攻击查询 (6)2.2.3站点管理 (7)2.2.4用户设置 (7)2.2.5系统信息 (8)3规则介绍 (9)3.1高级规则 (9)4关于我们 (16)4.1技术能力 (16)4.2团队力量 (17)1产品概述1.1产品介绍南墙WEB应用防火墙（简称：uuWAF）是有安科技推出的一款全方位网站防护产品。

通过有安科技专有的WEB入侵异常检测等技术，结合有安科技团队多年应用安全的攻防理论和应急响应实践经验积累的基础上自主研发而成。

协助各级政府、企/事业单位全面保护WEB应用安全，实现WEB服务器的全方位防护解决方案。

手册适合的对象:《南墙WEB应用防火墙使用手册》适用于希望了解本产品功能，并熟练掌握产品的配置及日常操作维护的运维人员。

公司联系方式 :用户可以通过如下的联系方式详细了解该产品：⚫市场销售：邮箱：***************⚫支持服务：邮箱：***************⚫官方站点：网址：1.2技术优势1.2.1先进语义引擎南墙采用业界领先的SQL、XSS、RCE、LFI 4种基于语义分析的检测引擎，结合多种深度解码引擎可对base64、json、form-data等HTTP内容真实还原，从而有效抵御各种绕过WAF的攻击方式，并且相比传统正则匹配具备准确率高、误报率低、效率高等特点，管理员无需维护庞杂的规则库，即可拦截多种攻击类型。

网站防护体系说明书随着IT技术的革新，各种病毒层出不穷，服务器和网站受到的攻击方式也越来越多。

为了确保“XXXX”网站的安全运行，在维护时主要从网站源码、防火墙设置、安全软件等方面来加强网站的安全性和自主防御能力。

一、网站源码自身防御体系网站的防御需要从源码开始做起，在代码开发时，开发人员要根据常见的Web攻击原理，在源码中添加有针对性的防御代码，做好网站防御体系的最后一道防线。

（一）、SQL注入防护措施：1.对用户的输入进行校验，可以通过正则表达式，或限制长度；对单引号和双"-"进行转换等。

2.尽量少使用动态拼装sql语句，可以使用参数化的sql或者直接使用存储过程进行数据查询存取。

3.不要直接使用管理员权限的数据库连接，为每个应用使用单独的权限有限的数据库连接。

4.不要把机密信息直接存放，加密存放密码和敏感的信息。

5.应用的异常信息应该给出尽可能少的提示，最好使用自定义的错误信息对原始错误信息进行包装6.sql注入的检测方法一般采取辅助软件或网站平台来检测，比如MDCSOFTSCAN等。

使用国产服务器安全软件“服务器安全狗”可以有效的防御SQL 注入。

（二）、跨站脚本攻击(XSS)防护措施：1.对信息进行过滤和验证对用户提交的数据进行有效性验证，仅接受指定长度范围内并符合我们期望格式的的内容提交，阻止或者忽略除此外的其他任何数据。

比如：电话号码必须是数字和中划线组成，而且要设定长度上限。

过滤一些些常见的敏感字符，例如：<>‘“&#\javascriptexpression"onclick=""onfocus"；过滤或移除特殊的Html 标签，例如:<script>，<iframe>，&lt;for<，&gt;for>，&quotfor；过滤JavaScript事件的标签，例如"onclick="，"onfocus"等。

Version2.8.3Copyright2021Hillstone Networks.All rights reserved.Information in this document is subject to change without notice.The software described in this doc-ument is furnished under a license agreement or nondisclosure agreement.The software may be used or copied only in accordance with the terms of those agreements.No part of this publication may be reproduced,stored in a retrieval system,or transmitted in any form or any means electronic or mechanical,including photocopying and recording for any purpose other than the purchaser's per-sonal use without the written permission ofHillstone Networks.Hillstone Networks本文档禁止用于任何商业用途。

联系信息北京苏州地址：北京市海淀区宝盛南路1号院20号楼5层地址：苏州市高新区科技城景润路181号邮编：100192邮编：215000联系我们：https:///about/contact_Hillstone.html关于本手册本手册介绍山石网科的WAF产品的使用方法。

获得更多的文档资料，请访问：https://针对本文档的反馈，请发送邮件到：*************************山石网科https://TWNO:TW-WUG-WAF-2.8.3-CN-V1.0-11/19/2021目录目录1欢迎1入门指南3访问WebUI界面3安装向导4配置部署方式/接口5默认站点配置5配置DNS6配置系统时间6初始配置7安装许可证7创建系统管理员8创建可信主机9升级系统版本10特征库升级11恢复出厂配置12部署模式13串联模式15串联模式的网络拓扑15准备工作15配置步骤16常见问题Q&A20反向代理模式22反向代理模式的网络拓扑22准备工作22配置步骤23常见问题Q&A29单臂模式30单臂模式的网络拓扑30准备工作30配置步骤31常见问题Q&A37牵引模式38牵引模式的网络拓扑38准备工作38配置步骤39常见问题Q&A45监听模式47监听模式的网络拓扑47准备工作48配置步骤48常见问题Q&A53附录53 SSL/TLS证书及密钥的格式要求及转换方法53格式要求53密钥格式转换方法54证书格式转换55一、Linux环境下56二、Windows环境下57首页69攻击严重程度69受攻击站点排名TOP1070攻击源70威胁事件类型71站点篡改告警72系统概览72 Web应用安全投屏模式73站点76站点配置76搜索站点76查看概览信息76查看威胁详情77查看网页变更历史78白名单78黑名单79例外规则80站点配置82查看自学习模型82查看机器流量分析报告82外链改写82新建/配置站点82配置更多站点防护功能90配置站点加速90使用静态资源缓存技术90使用连接复用技术92报文压缩配置92配置网页防篡改93开启健康状态检测96自定义错误提示页面97配置站点负载均衡97配置站点自学习功能98配置自学习功能99查看自学习模型100 URL详情100 Cookie详情101机器流量分析101配置机器流量分析服务102查看设备指纹信誉表103查看机器流量分析报告104外链改写104配置外链改写105站点全局配置107配置全局白名单107配置全局黑名单108站点自发现110配置站点自发现110策略114策略类型114防护规则115更新防护规则116 IP防护策略116创建IP防护策略117 IP查询120访问控制策略121创建访问控制策略121 API防护策略126创建API防护策略127导入OpenAPI文件130虚拟补丁策略131新建虚拟补丁策略131编辑虚拟补丁策略132安全策略133创建安全策略133自学习策略154创建自学习策略154用户会话跟踪策略155创建用户会话跟踪策略156内容改写策略158创建内容改写策略158防护规则162预定义规则162规则检索163用户定义规则165威胁防护166网络安全防护167 ICMP Flood和UDP Flood攻击167 ARP欺骗攻击167 SYN Flood攻击167 WinNuke攻击167 IP地址欺骗（IP Spoofing）攻击168地址扫描与端口扫描攻击168 Ping of Death攻击168 Teardrop攻击防护168 Smurf攻击168 Fraggle攻击168 Land攻击169 IP Fragment攻击169 IP Option攻击169 Huge ICMP包攻击169 TCP Flag异常攻击169 DNS Query Flood攻击169 TCP Split Handshake攻击169配置攻击防护170监控180热点威胁情报180热点威胁情报展示182报表184报表汇总185自定义任务186新建自定义任务186快捷任务188生成报表文件188日志189日志的严重等级189日志信息输出目的地190日志信息格式190事件日志192网络日志193配置日志194 NAT日志194 Web访问日志195网页事件日志195网页安全日志197日志197智能日志分析200日志分析报告201 IP防护日志202访问控制日志202 API防护日志203网络安全日志204防篡改日志205自学习模型违背日志205日志管理206配置日志信息206日志配置选项说明206日志服务器配置217新建日志服务器217 Web邮件配置219设备名称配置220手机短信配置220对象221服务薄221预定义服务及预定义服务组221自定义服务221自定义服务组222地址簿222新建地址簿条目223查看地址簿条目详情224配置服务薄225配置自定义服务225配置自定义服务组227查看服务条目详情228监测对象229新建监测对象229时间表232周期计划232绝对计划233创建时间表233网络连接235安全域236配置安全域236接口238配置接口239新建Virtual Forward接口239新建回环接口243新建集聚接口247新建以太网子接口/集聚子接口252编辑VSwitch接口256编辑以太网接口/HA接口260接口组265新建接口组265 MGT接口266配置MGT接口266新建Virtual Forward接口266 DNS268配置DNS服务器268解析配置268 Virtual Wire270配置Virtual Wire270虚拟路由器272创建虚拟路由器272虚拟路由器全局配置273配置多虚拟路由器273多虚拟路由器模式配置示例273虚拟交换机275新建虚拟交换机275配置目的路由277新建目的路由277全局网络参数278 Bypass配置280 NAT280 NAT的基本转换过程280设备的NAT功能281配置源NAT281启用/禁用NAT规则287复制/粘贴源NAT规则287调整优先级287命中数288命中数清零288命中数检测289配置目的NAT289配置IP映射类型的目的NAT289配置端口映射类型的目的NAT290配置NAT规则的高级配置292启用/禁用NAT规则295调整优先级295命中数296命中数清零296命中数检测296系统管理298系统信息299查看系统信息299全局配置301全局参数配置301自定义错误页面管理303 AAA服务器304配置Radius服务器304配置TACACS+服务器306设备管理308管理员308新建管理员308修改默认管理员密码310可信主机311新建可信主机311管理接口312系统时间314设置系统时间315设置NTP315 NTP密钥316新建NTP密钥316设置及操作317重启系统319系统调试信息320配置文件管理321备份/恢复配置文件321 SNMP323配置SNMP代理323新建SNMP主机324 Trap主机326 V3用户组326 V3用户328升级管理330版本升级330特征库升级331信息库升级332 WAF历史数据升级333许可证335申请许可证335安装许可证336配置邮件服务器337配置邮件服务器337短信发送参数339短信Modem设备状态339认证短信发送参数339短信测试339集中管理341 HSM应用场景341集中管理342 PKI344创建PKI密钥345创建信任域345导入导出信任域的信息347分析诊断348测试工具349 DNS查询349 Ping349Traceroute350 Curl350诊断抓包351配置诊断抓包351诊断文件351高可靠性352 HA基础概念352 HA簇352 HA组353 HA Node353 HA组接口和虚拟MAC353 HA选举353 HA同步353配置HA355扫描358扫描任务358新建扫描任务359开启/停止/删除扫描任务363扫描报告363扫描报告363外部导入报告364导入外部扫描报告364添加/编辑虚拟补丁策略364欢迎感谢您选择山石网科产品！以下内容可以帮助您了解如何操作山石网科的Web应用防火墙（WAF）产品：典型案例l Web应用防火墙配置案例手册（PDF下载）Web应用防火墙（WAF）l《Web应用防火墙_WebUI用户手册》（PDF下载）l《Web应用防火墙_CLI命令行手册》（PDF下载）l《Web应用防火墙_硬件参考指南》（PDF下载）l《Web应用防火墙日志信息参考指南》（PDF下载）l《Web应用防火墙SNMP私有MIB信息参考指南》（PDF下载）虚拟Web应用防火墙l《vWAF_WebUI用户手册》（PDF下载）l《vWAF_部署手册》（PDF下载）国产化-Web应用防火墙l《WAF国产型号_硬件参考指南》（PDF下载）l《WAF国产型号_扩展模块参考指南》（PDF下载）你可以在以下网站获得更多产品信息：l官方网站:l技术文档：l技术支持：400-828-6655入门指南本入门指南帮助用户快速完成设备的上线，主要包含以下内容:l访问WebUI界面l安装向导l初始配置l恢复出厂配置访问WebUI界面设备的ethernet0/0接口配有默认IP地址192.168.1.1/24，并且该接口的SSH、HTTPS管理功能均为开启状态。

Transparent Inspection orTrue Transparent ProxyOf lne Mode orReverse Proxy• Multiple deployment optionsTransparent Inspection and True Transparent Proxy, Reverse Proxy and Offline Allow you to fit FortiWeb into any environ-ment.• Auto-Learn Security ProfilingAutomatically and dynamically build a security model of protected applications by continuously monitoring real time user activity. Eliminate the need for manual con-figuration of security profiles.• Authentication OffloadOffload your web server authentication to the Forti-Web platform while supporting different authentication schemes such as Local, LDAP, NTLM and Radius.• Policy wizard and pre-defined policiesAllows for one click deployments and greatly eases the process of policies creation.• High AvailabilityThe high availability mode provides configuration syn-chronization and allows for a network-level fail- overin the event of unexpected outage events. Integratedbypass interfaces provide additional fail open capability for single box deployments.• VirtualizationProvides a Virtual Appliance for VMware ESX and ESXi3.5/4.0/4.1 platforms mitigating blind spots in virtualenvironments.• Application Layer Vulnerability ProtectionProvide out of the box protection for the most complex attacks such as SQL Injection, Cross Site Scripting,CSRF and many others. Together with the Auto Learn profiling system and advanced abilities, FortiWeb is able to create rules down to the single application element.• Data Leak PreventionExtended monitoring and protection for credit cardleakage and application information disclosure by tightly monitoring all outbound traffic. Allow customers tocreate their own granular signatures and DLP patterns together with predefined rules for any type of events.• Application SupportStreamlined monitoring and protection for well-known applications and protocols such as Microsoft Exchange, SharePoint, ActiveSync and RPC over HTTP.• Anti Web DefacementUnique capabilities for monitoring protected applications for any defacement and ability to automatically and quickly revert to stored version.• Vulnerability AssessmentsAutomatically scans and analyzes the protected webapplications and detects security weaknesses, potential application known and unknown vulnerabilities to com-plete a comprehensive solution for PCI DSS.• HTTP RFC Compliance ValidationFortiWeb blocks any attacks manipulating the HTTPprotocol by maintaining strict RFC standards to prevent attacks such as encoding attacks, buffer overflows and other application specific attacks.• AntivirusScan file uploads using Fortinet’s Antivirus engine with regular FortiGuard updates.• PCI DSS complianceFortiWeb is the only product that provides a Vulnerabil-ity Scanner module within the web application firewall that completes a comprehensive solution for PCI DSS requirement 6.6.• Protects against OWASP top 10Incorporating a positive and a negative security modulebased on bidirectional traffic analysis and an embeddedbehavioral based anomaly detection engine FortiWeb fully protects against the OWASP TOP 10.• FortiGuard LabsUtilizing Fortinet’s renowned FortiGuard service FortiWebcustomers get up to date dynamic protection from the Forti-net Global Security Research Team, which researches and develops protection against known and potential application security threats.• Application Aware Load BalancingIntelligent, application aware layer 7 load balancingeliminates performance bottlenecks, reduces deploy-ment complexity and provides seamless applicationintegration.• Data CompressionAllows efficient bandwidth utilization and response time to users by compressing data retrieved from servers.• SSL OffloadWith the integration of award winning FortiASIC™ tech-nology, FortiWeb is able to process tens of thousands of web transactions by providing hardware accelerated SSL offloading.Cross Site Scripting SQL Injection Session Hijacking Cookie Tampering /PoisoningCross Site Request Forgery Command injection Remote File InclusionForms TamperingHidden Field Manipulation Outbound Data Leakage HTTP Request Smuggling Remote File Inclusion Encoding AttacksBroken Access Control Forceful Browsing Directory Traversal Site Reconnaissance Search Engine Hacking Brute Force Login Access Rate Control Schema PoisoningXML Parameter Tampering XML Intrusion PreventionWSDL Scanning Recursive Payload External Entity Attack Buffer Overflows Denial of Service.FortiWeb Protects Against a Wide Range of AttacksThe Auto-Learn profiling capability is completely transparent and does not require any changes to the application or network architecture. FortiWeb does not scan the application in order to build the profile, but rather analyzes the traffic as it monitors it flowing to the application. By creating a comprehensive security model of the application FortiWeb can now protect against any known or unknown vulnerabilities, zero day attacks.FortiWeb Auto-Learn ProfilingAnalyze user geographic location and web site access based on Hit, Data and Attack vectors.Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.GLOBAL HEADQUARTERSFortinet Incorporated1090 Kifer Road, Sunnyvale, CA 94086 USA Tel +1.408.235.7700 Fax +1.408.235.7737/salesEMEA SALES OFFICE – FRANCEFortinet Incorporated 120 rue Albert Caquot06560, Sophia Antipolis, France Tel +33.4.8987.0510Fax +33.4.8987.0501APAC SALES OFFICE – SINGAPOREFortinet Incorporated300 Beach Road 20-01, The Concourse Singapore 199555Tel: +65-6513-3734Fax: +65-6295-0015FWEB-DAT-R12-201206FST-PROD-DS-FWEBESXi 4.1 with 3GB of vRAM assigned to the 4 vCPU and 8 vCPU FortiWeb Virtual Appliance and 1GB of vRAM assigned to the 2 vCPU FortiWeb Virtual Appliance.。

天融信WEB应用安全防护系统TopWAF产品说明天融信TOPSEC®市海淀区上地东路1号华控大厦100085：+86传真：+87服务热线：+8610-400-610-5119+8610-800-810-5119http: //声明本手册的所有容，其属于天融信公司（以下简称天融信）所有，未经天融信许可，任何人不得仿制、拷贝、转译或任意引用。

本手册没有任何形式的担保、立场倾向或其他暗示。

若因本手册或其所提到的任何信息引起的直接或间接的资料流失、利益损失，天融信及其员工恕不承担任何责任。

本手册所提到的产品规格及资讯仅供参考，有关容可能会随时更新，天融信恕不承担另行通知之义务。

所有不得翻印© 1995-2012天融信公司商标声明本手册中所谈及的产品名称仅做识别之用。

手册中涉及的其他公司的注册商标或是属各商标注册人所有，恕不逐一列明。

TOPSEC®天融信公司信息反馈目录1. 产品概述 (1)2. 产品主要特性 (1)2.1先进的设计理念 (2)2.1.1“三高”设计理念 (2)2.1.2“一站式”解决方案 (2)2.1.3 “无故障运行时间提升”的核心原则 (2)2.2独有的核心技术 (2)2.2.1稳定、高效、安全的系统核 (2)2.2.2领先的多维防护体系 (2)2.2.3“主动式”应用安全加固技术 (2)2.3丰富的数据展现 (3)2.3.1多角度的决策支撑数据 (3)2.3.2多角色视角的数据展示 (3)2.3.3清晰详尽的阶段性报表 (3)3. 产品功能 (3)3.1产品核心功能 (4)3.1.1 WEB应用威胁防御 (4)3.1.2网页防篡改 (5)3.1.3抗拒绝服务攻击 (5)3.1.4 WEB应用漏洞扫描 (6)3.1.5 WEB应用加速 (6)3.1.6 业务智能分析 (6)3.2产品功能列表 (8)4. 产品部署 (11)4.1透明串接部署 (11)4.2反向代理部署 (12)4.3单臂部署 (13)5. 产品规格 (14)6. 产品资质 (15)7. 特别声明 (15)1. 产品概述天融信WEB 应用安全防护系统（以下简称TopWAF ）是天融信公司根据当前的互联网安全形势，并经过多年的技术积累，研制出品的专业级WEB 威胁防护类网络安全产品。

华为WAF5000系列Web应用防火墙网站作为商务贸易、客户交流、信息共享平台，承载着各类虚拟业务的运营，蕴含客户账号、交易记录等重要信息。

与此同时，由于攻击技术门槛低以及可带来的巨大商业利益，网站已成为各国黑客的主要攻击目标。

通常网络中会部署防火墙、IPS等安全产品，但是这类产品对于HTTP和HTTPS的Web应用层攻击往往无法察觉，不能起到理想的防护效果。

专门针对Web应用防护的WAF(Web Application Firewall)产品应运而生。

华为WAF专注于7层防护，采用最为先进的双引擎技术，用户行为异常检测引擎、透明代理检测引擎相结合的安全防护机制实现各类SQL注入、跨站、挂马、扫描器扫描、敏感信息泄露、盗链行为等攻击防护，并有效防护0day攻击，支持网页防篡改。

适用于PCI-DSS、等级保护、企业内控等规范中信息安全的合规建设。

同时，华为WAF支持Web应用加速，支持HA/Bypass部署配置以及维护。

此外，华为WAF支持透明模式、旁路监听模式、反向代理模式等部署模式，广泛适用于“金融、运营商、政府、公安、教育、能源、税务、工商、社保、卫生、电子商务”等涉及Web应用的各个行业。

产品图华为WAF5000系列Web应用防火墙包括四款硬件型号WAF5110、WAF5250、WAF5260和WAF5510，满足不同处理性能要求。

此外，还支持WAF5000-V系列软件形态WAF产品。

华为WAF5000系列Web应用防火墙华为WAF5000系列Web 应用防火墙黑白名单•通过安全白名单检测引擎快速识别正常访问业务流量并快速转发，提供网站最优访问体验。

•通过黑名单检测引擎实现HTTP 协议完整还原，对疑似攻击流量深入检测，从根源上避免绕过及穿透攻击。

•黑白名单双引擎架构协同工作，既能有效识别和阻断Web 攻击又不影响正常的Web 业务运营。

全面检测•多项专利技术保障识别能力，精确识别OWASP Top 10等各种Web 通用攻击。

Hillstone Networks,Inc. Version2.5目录目录1介绍4文档内容4目标读者4产品信息4 Cloud-init的功能5许可证6许可证机制6平台类许可证6订阅类许可证7功能服务类许可证7申请许可证7安装许可证8许可证校验8在Xen平台上部署vWAF11系统要求11部署vWAF11步骤一：获取防火墙软件包11步骤二：导入镜像文件11步骤三：首次登录防火墙13访问vWAF的WebUI界面14升级vWAF14在AWS上部署vWAF15 AWS介绍15位于AWS的vWAF16准备您的VPC16第一步：登录AWS账户17第二步：为VPC添加子网17第三步：为子网添加路由18在亚马逊云AWS上部署vWAF19创建vWAF实例19第一步：创建EC2实例19第二步：为实例选择AMI模板20第三步：选择实例类型20第四步：配置实例详细信息21第五步：添加存储21第六步：标签实例21第七步：配置安全组21第八步：启动实例22配置子网和接口23分配弹性IP地址23在主控台查看实例24购买并申请许可证24访问vWAF24使用PuTTy访问CLI管理界面24步骤一：使用PuTTYgen转换密钥对24步骤二：使用PuTTY访问CLI界面25访问WebUI界面27介绍山石网科的虚拟Web应用防火墙，简称为vWAF（Virtual Web Application Firewall），是一个纯软件形态的产品，是运行在虚拟机上的WAF系统。

文档内容本手册介绍如何将vWAF部署到不同的环境中，包括Xen、AWS亚马逊云环境中。

本文仅讲述vWAF和初始的联网操作，WAF系统本身的功能将不做讲解。

如果您需要了解WAF系统的详细功能，请参考WAF的相关文档（点击此处）。

目标读者本文的目标读者为企业的网络管理员或对山石网科虚拟化感兴趣的读者。

部署之前，根据不同的部署场景，用户需要相应地熟悉Xen、AWS亚马逊云的组件及使用。

FAQFortiWeb: Web Application Firewall (WAF) Comprehensive, High-Performance Web Application SecurityCan’t an IPS or Firewall provide protection for hosted web-based applications?Next Generation and Application Aware IPS firewalls extend and enhance protection and add additional functionality but the majority ofthe ‘application aware’ functionality is focused on securing/restricting internal clients when accessing the internet but not securing internal applications from external threats. Web Application Firewalls are different as they protect internal web applications from sophisticated application layer external attacks. They provide both a positive and negative security model and protect against the major threats to applications today (SQL Injection, Cross Site Scripting, URL Access, CSRF, Injection attacks and more).Why is FortiWeb’s AI-based Machine Learning threat detection superior to other threat detection methods?Other vendors use application learning using an observational method to automate profile creation for web-based application protection. Application learning is a good detection method, but it has many drawbacks. These include:n high false-positive detectionsnnn labor-intensive to fine tunenn unobserved legitimate traffic creates anomaliesn aggressive tuning lets attacks slip through more easilynnn changes to the application require substantial re-learning to prevent false-positive detectionsFortiWeb’s behavioral detection uses two layers of AI-based machine learning and statistical probabilities to detect anomalies and threats separately. With machine learning FortiWeb is able to deliver near 100% application threat detection accuracy with virtually no resources required to manage it. AI-based machine learning for FortiWeb creates nearly a “set and forget” web application firewall that doesn’t sacrifice accuracy for ease of management.What size WAF do I need?There are many factors that determine WAF sizing ranging from application throughput, numbers of users, and number of sites to be protected. We strongly recommend discussing your requirements with a Fortinet Partner to find the best option to meet your needs.How does FortiWeb Cloud differ from an on-prem FortiWeb deployment?FortiWeb Cloud is a ‘skinny’ WAF solution offering negative security model rules while the FortiWeb platform is a full blown WAF offering both positive and negative security models. Most customers using a Cloud WAF are looking for a set-it-and-forget type solution that they can quickly configure and use without having to manage daily. By offering a subset of what FortiWeb on-prem offers but with a simple, straightforward configuration and management FortiWeb Cloud addresses these requirements.Do I need a WAF if I already have a Secure Web Gateway (SWG)?Yes. A SWG protects users within the organization from accessing infected external websites or undesirable content hosted outside of the organization. A WAF protects hosted web-based applications from attacks that are initiated by external attackers. A simplified view is the SWGs protect users and WAFs protect applications.1Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be February 19, 2019 9:51 AM Mac:Users:susiehwang:Desktop:Egnyte:Egnyte:Shared:Creative Services:Team:Susie-Hwang:Egnyte:Shared:CREATIVE SERVICES:Team:Susie-Hwang:2019:FAQ-FortiWeb:FAQ-FortiWeb-021919-950am FAQ | FortiWeb: Web Application Firewall (WAF)358956-0-0-EN FortiWeb WAF vs. WAF in an ADCA dedicated WAF appliance will not decrease performance, plus an appliance like FortiWeb has the processing power to perform behavior-based detection of application attacks. Most WAF modules on ADCs offer only basic WAF protection for applications.Can a FortiWeb permanently patch application vulnerabilities?Yes it can. FortiWeb can provide temporary application patching until development teams are able deploy permanent patches forvulnerabilities, or it can permanently patch them. It is usually recommended to permanently fix a known vulnerability, however there are many situations where that isn’t possible or practical, such as inherited applications or older applications that are about to be retired.。

天融信网络卫士入侵防御系统—Web网站防护网关用户手册天融信TOPSEC®北京市海淀区上地东路1号华控大厦 100085电话：+8610-82776666传真：+8610-82776677服务热线：+8610-8008105119版权声明 本手册中的所有内容及格式的版权属于北京天融信公司（以下简称天融信）所有，未经天融信许可，任何人不得仿制、拷贝、转译或任意引用。

版权所有不得翻印© 2009 天融信公司商标声明 本手册中所谈及的产品名称仅做识别之用。

手册中涉及的其他公司的注册商标或是版权属各商标注册人所有，恕不逐一列明。

TOPSEC® 天融信公司信息反馈目录1安装 (1)1.1安装网站防护集中管理平台 (1)1.1.1启动安装程序 (1)1.1.2MySQL的安装 (1)1.1.3Apach Tomcat的安装。

(12)1.1.4Java的安装 (18)1.1.5Apach Tomcat的安装 (22)1.1.6安装网站防护集中管理中心 (28)1.2安装天融信网站防护系统客户端 (30)1.2.1Windows 版客户端 (30)1.2.2Linux客户端 (35)1.3安装说明及注意事项 (37)1.3.1Windows终端 (37)1.3.2Linux终端 (38)2集中管理端的操作使用 (39)2.1集中管理平台的配置与使用 (39)2.1.1集中管理平台登录 (39)2.1.2信息安全管理员 (39)2.1.2.1登录 (39)2.1.2.2修改密码 (40)2.1.2.3添加账号管理员 (41)2.1.2.4删除账号管理员 (41)2.1.2.5添加安全管理员 (41)2.1.2.6添加系统管理员 (42)2.1.2.7添加安全审计员 (42)2.1.3系统管理员 (43)2.1.3.1管理员登录 (43)2.1.3.2平台状态信息管理 (43)2.1.3.2.1平台运行信息 (44)2.1.3.2.2修改平台信息 (44)2.1.3.2.3策略更新 (45)2.1.3.2.4删除平台信息 (45)2.1.3.2.5攻击报警设置 (46)2.1.4安全管理员 (46)2.1.4.1安全管理员登录 (46)2.1.4.2策略管理 (47)2.1.4.2.1硬件性能监控 (47)2.1.4.2.2受控目录列表管理 (47)2.1.4.2.3非受控目录列表管理 (49)2.1.4.2.4可信进程列表管理 (51)2.1.5安全审计员 (52)2.1.5.1安全审计员登录 (52)2.1.5.2审计信息 (53)2.1.5.2.1网站攻击审计信息 (53)2.1.5.2.2网页修改审计信息 (53)2.1.5.2.3异常进程审计信息 (53)2.1.5.2.4平台审计信息 (54)2.1.6说明 (54)3天融信网站防护系统客户端配置与使用 (55)3.1W INDOWS终端 (55)3.1.1界面的启动 (55)3.1.2用户登录 (55)3.1.3密码修改 (55)3.1.4详细配置 (57)3.1.5软件安装 (60)3.1.6异常程序 (62)3.1.7可信程序 (63)3.1.8审计记录 (64)3.2L INUX终端 (65)3.2.1说明 (65)3.2.2配置 (65)3.2.2.1配置受控目录 (65)3.2.2.2配置非受控目录 (65)3.2.2.3配置可信进程 (65)3.2.2.4配置通信端口 (66)3.2.2.5白名单生成说明 (66)3.2.2.5.1说明 (66)3.2.2.5.2方法一 (66)3.2.2.5.3方法二 (66)4WEBWALL的配置与使用 (67)4.1管理员登录 (67)4.2W EB W ALL的配置 (68)4.2.1系统 (68)4.2.1.1系统配置 (68)4.2.1.2更新规则 (69)4.2.1.3数据保存 (69)4.2.1.4设置时间 (69)4.2.1.5恢复出厂设置 (70)4.2.1.6重启动 (70)4.2.1.7关机 (70)4.2.2网络 (70)4.2.2.1接口 (70)4.2.2.2路由表 (71)4.2.2.3网桥配置 (72)4.2.2.4双机热备 (73)4.2.2.5初始化设备 (74)4.2.3用户配置 (74)4.2.3.1管理用户 (74)4.2.3.2普通用户 (75)4.2.4防跨站攻击 (76)4.2.4.1标准安全等级 (76)4.2.4.2高安全等级 (76)4.2.5抗攻击设置 (77)4.2.5.1速率限制链接 (77)4.2.5.2特征值匹配 (78)4.2.6规则配置 (79)4.2.6.1SQL 关键字过滤 (79)4.2.7SSL终止 (80)4.2.7.1服务器地址 (80)4.2.7.2本地附加地址 (81)4.2.7.3证书管理 (82)5卸载程序 (84)5.1卸载网站防护集中管理平台 (84)5.2卸载天融信网站防护系统WINDOWS终端 (85)5.3卸载天融信网站防护系统LINUX终端 (87)5.4卸载说明 (87)1安装1.1安装网站防护集中管理平台1.1.1启动安装程序将光盘放入服务器光驱中，启动网站防护集中管理平台的安装平台。

web应用防护系统是什么？实际上，可以看做是互联网的一道防护墙。

web应用防护系统因其功能强大，效果显著，被广泛应用。

防护系统重要的一点就是能够发现网络可疑现象，及时止损。

web应用防护系统用户手册主要包含该系统的功能介绍、防护范围等。

铱迅Web应用防护系统（也称：铱迅网站应用级入侵防御系统，英文：Yxlink Web Application Firewall，简称：Yxlink WAF）是铱迅信息结合多年在应用理论与应急响应实践经验积累的基础上，自主研发的一款应用级防护系统。

在提供Web应用实时深度防御的同时，实现Web应用加速与防止敏感信息泄露的功能，为Web应用提供多方位的防护解决方案。

产品致力于解决应用及业务逻辑层面的问题，广泛适用于“政府、金融、运营商、公安、能源、税务、工商、社保、交通、卫生、教育、电子商务”等所有涉及Web应用的各个行业。

部署铱迅Web应用防护系统，可以帮助用户解决目前所面临的各类网站问题，如：注入攻击、跨站攻击、脚本木马、缓冲区溢出、信息泄露、应用层CC攻击、DDoS攻击等常见问题。

功能简介Web应用安全防护防御黑客Web攻击：如SQL注入、XSS跨站脚本、CSRF、远程包含漏洞利用、Cookie劫持防御非法HTTP请求：如PUT、COPY、MOVE等危险HTTP请求防御脚本木马上传：如上传ASP/PHP/JSP/脚本木马防御目录遍历、源代码泄露：如目录结构、脚本代码数据库信息泄露：SQL语句泄露防御服务器漏洞：如IIS代码执行漏洞、Lotus缓冲区溢出漏洞等防御网站挂马：如IE极光漏洞防御扫描器扫描：如WVS、Appscan等扫描器的扫描防御DDOS攻击：自动进行流量建模，自定义阈值，抵御SYN Flood、UDP Flood、ICMP Flood、ACK Flood、RST Flood等防御CC攻击：如HTTP Flood、Referer Flood，抵御Web页面非法采集URL自学习建模保护自动网站结构抓取：自动抓取网页结构并建立相关模型访问流量自学习：根据正常访问流量建立模型自动建立URL模型：自动建立可信的URL数据模型与提交参数模型URL模型自定义：支持模型自定义以及对自动建立模型的修改网页防篡改实时监控网页请求的合法性，拦截篡改攻击企图，保障网站公信度；防篡改模块运行在WAF中，不占用主机资源，隐藏自身，提高安全性应用层ACL访问控制设置准确到URL级别的目的、来源IP的访问控制支持针对防御规则的访问控制：具有5种状态控制内置50多种搜索引擎保护策略可制定计划任务，根据时间段进行访问控制网络虚拟化支持使用单个公网IP地址，绑定多个主机头名。