Web的普及,也带来了针对Web攻击的爆发,如何保护Web服务不受攻击成为安全领域研究的热点。传统的网络安全设备主要是基于数据包检测的方式,工作于OSI模型的网络层和传输层,并不能在应用层上对Web进行有效防护。本文结合目前日益严重的Web应用安全问题和现有的网络安全产品,提出了Web应用防火墙技术可以保护Web应用程序免受普通攻击,并对Web应用防火墙的基本工作原理、组成模块和检测技术进行了描述。 The popularization of the Web also brings the outbreak of attacks against the Web. How to protect Web services against attacks has become a hot spot in the field of security research. Traditional network security devices are mainly based on the way of packet inspection. They work on the network layer and transport layer of the OSI model, and can not effectively protect the Web from the application layer. In this paper, combined with the current increasingly serious Web application security issues and existing network security products, proposed Web application firewall technology to protect Web applications from ordinary attacks, Web application firewall and the basic working principle of component modules and detection techniques The description.