Research On The Web Security Gateway Technology Based On HTTP Reverse Proxy

With the development of mobile network, more and more internet application which based on HTTP protocol has changed peoples’ live. Because of the design of open features that HTTP protocol has may causes security problems, so if we use HTTP protocol to build our web applications, it will causes security problems easily like unauthorized access of resources, attack from network, traffic analysis and etc.. To prevent these security issues in traditional ways still stay on web server and web applications’ level. With the various of different network attack and system vulnerability appeared on base foundation software just like OpenSSL. To against the security problems become lag and the application developer cost much time to solve it and can not focus on application itself.The traditional security protection software in architecture usually as security module to embeded to web server, and the coupling with server, deployment difficulty and unreliable in the train of it. Most security protection software take a passive by use static features match way to defense HTTP attack traffic. With the development of AI more and more security protection algorithm try to use machine learning to detect the new attack type from network, but most of them just analysis the whole HTTP message as input data not processing the HTTP protocol deeply, so without consider the internal relationship of message will cause false negatives and false positives.So the traditional web security protection technology cannot prevent complex attack from network or not satisfied with the high concurrent, high-traffic and strict server reliable. This article start try to solve the architecture coupling, the module hard to extending and the performance bottlenecks problems, introducing a new web security gateway solution based on HTTP reverse proxy server and it’s related system design and implements of key technologies.In this article, it provides new concepts that called Security Detection & Validate Chain based on hierarchical tree structure, the Security Detection & Validate Chain can prevent network attacking on it’s extending structure. This architecture effectively solves the hard to extending in traditional web protection problems. The research also improve the traditional HTTP attack detection model from parse the protocol of requests’message based on Security Detection & Validate Chain. destruct and analysis the message in local. For detect and reject the request URL, meta data in request header and the body that attack payload may appear rightly use the N-gram features extract and filter on basis of information gain, with integrated of BP ANN train and detect which base on different learning database, The web security gateway also can filter users by black & white list, restrict the resource access that we need protected and match & prevent many kinds of network attacking based on rules.