Iguard6.0 - appropriate website protection system

With the emergence of new Internet technologies , The architecture technology and resources involved in the website are becoming more and more diverse and complex . This also puts forward higher challenges and more fine-grained requirements for the protection of various resources of the website .

The real needs of users we often encounter include ：

1. my CMS Production system , Will you publish web files with problematic content ？
2. My website allows you to upload pictures and attached files , Will these functions be utilized , Cause the bad guys to secretly upload Trojan files ？
3. What if a malicious script file is fake as a picture file ？
4. Except for web files , Other key documents ( Such as configuration files ) It's also important. , Will it be changed ？ ……

These problems are essentially determined by the characteristics of different resources , Different resources need different inspection elements . Try to list the common resource file inspection elements as follows ：

• General resource files (html/css/js etc. )

Whether there are sensitive words in the web content ？ Whether the source is normal ？

• Script files (php/jsp/asxp etc. )

Whether the file will be placed in an unmanageable location outside the website directory ？ Whether the existing script has been illegally tampered with ？

• User generated files (UGC file )

Whether the file type is Web Application allowed ？ If the type is OK , Whether the content is harmful ？

• The configuration file (config Class )

Whether the modification method is reasonable ？ It's best to have detailed modification records .

Summarize the protection concerns of several common resource files ——

iGuard6.0 Webpage tamper proof system It can provide rich information for the above user scenarios 、 Modular inspection method , It can realize all-round protection of website resources through flexible and free configuration .

The following screenshots are for example only , The actual scene must be more complex and diverse . Let's see iGuard6.0 How to solve the above Web Protection needs .

General documents

Whether the source is normal , have access to iGuard6.0 Of Trusted updates or Specify updates modular , Setting the directory of the website can only be legally written by a specific user and a specific process , Reject all other update channels .

Whether the content text is normal , You can go through iGuard6.0 Of Publish scan or Drive scan modular , Set the keyword text that needs to filter warnings . except iGuard6.0 Built in filtered text , Users can also set their own filtering and monitoring text .

Script files

Because the script file has the ability of code execution , So whether the key script files will be placed outside the website directory , It is also often paid special attention by website administrators . have access to iGuard6.0 Of Drive filter modular , Set globally to prohibit the generation of a ( high ) some ( dangerous ) Script file of type . Only approved processes can update script files in the website directory , All other operations are considered ultra vires , Can be directly prohibited .

Integrity of existing script files , have access to iGuard6.0 Of Inline comparison modular , By comparing with the content summary of the original document , Ensure that existing files are not illegally tampered with .

User files

At a time of increasing interactivity , Websites inevitably have files generated by user interaction , Filtering and protection of such documents , It has always been an important part of website security . Concerns about such resources mainly focus on ： Whether the file type uploaded by the user exceeds the set range ; Even if the file type does not exceed the limit , Whether to disguise files or hide high-risk content .

iGuard6.0 Careful consideration has been made in both aspects . Such as through Drive filter modular , Strictly limit the types of files that middleware processes are allowed to generate , The middleware process can only be uploaded in the specified directory , Generate low-risk files that cannot be executed as scripts , As shown in the figure below .gif、.jpg and .doc.

If you want to more closely review the contents of uploaded files , Enable Drive scan modular , When files are generated in the upload directory , The actual type and content of the file , Do further checks , And different subsequent processing can be set .

The configuration file

The configuration file does not belong directly to the web page file , But they are also an integral part of website resources . In practice Web In the case of safe penetration , There are many ways to modify the website configuration file , So as to achieve the effect of tampering with the website . therefore , This website resource that is easy to be ignored , It should also be included in protection and monitoring .

Control of configuration files , It depends on the actual situation , Can be loose or strict . A relaxed scenario can only monitor changes to the configuration file , But each modification can have a snapshot backup ; Strictly, you can limit that only specific processes and specific users can modify the configuration file , In addition, any combination operation will be rejected directly .

The above examples are the most basic use cases , In the real world ,iGuard6.0 Web page tamper proof system according to specific requirements , There can be more complex combinations , Provide more overall protection for website resource protection .（ Zhu Xiaodan | Tiancun information ）