375
URL parameter filtering
Large quantities of webpages are dynamic, connected with databases, and supporting data query and
modification through web requests. This makes it possible to fabricate special SQL statements in web
requests to obtain confidential data from databases or break down databases by modifying database
information repeatedly. This kind of attack is called "SQL injection attack."
To address this problem, the router compares the URL parameters in a web request against SQL
statement keywords and some other characters that may constitute SQL statements. If a match is found,
the router regards the request as an SQL injection attack and denies it. This protection mechanism is
called "URL parameter filtering."
Web requests transmit parameters mainly by the "GET" and "POST" methods. The method used for
transmitting parameters determines the positions of the URL parameters. The router obtains the
parameters based on the parameter transmission method and then performs filtering. The router supports
URL parameter filtering of web requests with the GET, POST or PUT method.
Processing procedure
After receiving a web request containing URL parameters, the router obtains the parameters according to
the parameter transmission method and then processes the request accordingly:
•
If the parameters are transmitted by a method other than GET, POST and PUT, the router directly
forwards the web request.
•
If the parameters are transmitted by the method of GET, POST or PUT, the router obtains the URL
parameters from the web request and compares the URL parameters against the configured filtering
entries. If a match is found, the router denies the request. Otherwise, the router forwards the
request.
Java blocking
Java blocking can protect networks from being attacked by malicious Java applets.
After the Java blocking function is enabled, all requests for Java applets of webpages are filtered. If Java
applets in some webpages are expected, configure ACL rules to permit requests to Java applets of these
webpages.
Processing procedure
•
If the Java blocking function is enabled but no ACL is configured for it, the router replaces suffixes
".class" and ".jar" with ".block" in all web requests and then forwards the requests.
•
If the Java blocking function is enabled and an ACL is configured for it, the router determines
whether to replace suffixes ".class" and ".jar" with ".block" in web requests according to the ACL
rules. If the destination server in a web request is a server permitted by the ACL, no replacement
occurs, and the request is forwarded. Otherwise, the suffix in the request is replaced with ".block,"
and then the request is forwarded.
•
In addition to the default suffixes ".class" and ".jar," add Java blocking suffixes (that is, the
filename suffixes to be replaced in web requests) through command lines.