IMHO, what you're asking for is not really a firewall, but an application
that runs on the web server that locks down the http server. I've seen a
few products that *claim* to do this, (don't have them handy, sorry) I'm
skeptical though. I prefer to build the security in at the ground level,
and design the whole website with security in mind. Just my .02 worth...
Later,
Michael Sorbera
Webmaster
----- Original Message -----
From: "M M" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 20, 2001 4:58 PM
Subject: HTTP aware firewalls?
> I run a medium sized web site and am looking for a
> firewall/application gateway solution to secure the
> site. I am looking for something more than the typical
> Checkpoint style packet filtering firewall though (we
> already run a Checkpoint firewall). I'd prefer
> something that can protect against malicious
> manipulation of web applications, for example,
> repeated attempts to log into the site with
> random passwords, or malicious data in a posted form,
> or cookie reverse eng. These attacks pass right
> through the open http port on the packet filter or
> application gateway firewall.
>
> Basically, I need something that secures applications
> by enforcing security policy at the application layer
> through _semantic_ rules. For example, a browser will
> not be allowed to GET a url that was never sent to it
> in some html response earlier. Or POST a form with
> hidden fields changed, or send back a cookie that was
> not issued to it by the server etc.
>
> Performance is fairly important -- we get a few
> hundred requests per second at peak load and the
> firewall must be able to handle that.
>
> Thanks for any leads in this space,
> M
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great prices!
http://auctions.yahoo.com/
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
