http://www.aqtronix.com/윈도우 서버용 무료 웹방화벽
WebKnight
AQTRONIX WebKnight - Application Firewall for Web Servers
What is it?
AQTRONIX WebKnight is an application firewall for IIS and other web
servers and is released under the GNU General Public License. More
particularly it is an ISAPI filter that secures your web server by
blocking certain requests. If an alert is triggered WebKnight will take
over and protect the web server. It does this by scanning all requests
and processing them based on filter rules, set by the administrator.
These rules are not based on a database of attack signatures that
require regular updates. Instead WebKnight uses security filters as
buffer overflow, SQL injection, directory traversal, character encoding
and other attacks. This way WebKnight can protect your server against
all known and unknown attacks. Because WebKnight is an ISAPI filter it
has the advantage of working closely with the web server, this way it
can do more than other firewalls and intrusion detection systems, like
scanning encrypted traffic.
Features
These are some features of WebKnight.
- Open Source
WebKnight is free software under the terms of the GNU General Public License. - Logging
By default all blocked requests are
logged. In addition all allowed requests can be logged as well, or you
can run WebKnight in logging only mode. This last operation mode allows
you to see the attacks in the log files without blocking them.
WebKnight can also prevent blocked attacks from being logged to the web
server log files. This way your web server log files will be kept clean
and accurate. - Customizable
The firewall can be customized for any need,
including blocking certain 0-day exploits before the vendor released a patch. - Compatible with Web-Based Applications
WebKnight
is compatible with Frontpage Extensions, WebDAV, Flash, Cold Fusion,
Outlook Web Access, Outlook Mobile Access, SharePoint... - HTTP Error Logging
WebKnight can be configured
to log the HTTP errors from the web server. This way you can log common
errors like '404 Not Found' or more severe ones like '500 Server Error'
to the logfile. Doing so allows you to detect errors in scripts or
attacks on them. You can also use it to simply find broken links in
your web site or configuration mistakes. - SSL Protection
Unlike traditional firewalls, WebKnight can protect encrypted sessions over HTTPS. - Third-Party Application Protection
WebKnight
not only protects the web server, but can also be configured to protect
third-party web server applications, e-commerce web sites or your
custom web site. - RFC compliant
WebKnight is RFC compliant and also includes the ability to scan the requests for RFC compliance. - Low Total Cost of Ownership (TCO)
WebKnight
comes with a Windows Installer package and remote installation scripts
making it easy to deploy WebKnight in your enterprise. WebKnight also
comes with a graphical user interface for changing WebKnight settings. - Run-Time Update
Changes to the settings of
WebKnight do not require restarting the web server and can thus be done
without disrupting any services for your users. For performance
reasons, detecting these changes only occurs every 1 minute.
New in WebKnight 2.0
- Improved scanning
The scanning engine has been
improved and extended. It is now also possible to scan the Referrer
header and User Agent header for certain exploits or data. - Authentication scanning
Authentication
scanning allows to scan for brute force attacks on accounts or DoS
attacks on system accounts. It can also scan for weak passwords. - Connection control/monitoring
You can block or
monitor traffic coming from certain ip addresses or ranges. You can
also monitor access to certain important files or limit the number of
requests coming from a single IP address. - Blocking robots
A large robot database
makes it possible for blocking or only allowing certain types of
robots. It is also possible to set up a bot trap for bad robots and to
block aggressive robots. - Prevent hot linking
Hot linking or direct linking to certain types of files (like images or file downloads), can be prevented.
Download
WebKnight is a free open source tool that comes to the rescue in
many occasions and it helps administrators in their jobs, but to keep
up this good work, please consider a donation.
- WebKnight 2.2 (Release date: 2008.09.02)
This release is ready for IIS 7 and 64-bit. Fixed a few minor issues
and extended scanning for SQL injection in the referrer, extended
cookie scanning and certain XSS attacks. It is now also possible to
monitor or block an IP address after an alert has been triggered. A new
version of the config utility, log reader application and updated
robots database is also included in this release.
- Robots.xml:
the latest version of the Robots.xml file used by WebKnight. Download
and overwrite the existing file in your WebKnight folder to have the
latest database of known robots. WebKnight will automatically detect
the new file and load it.
- Older WebKnight downloads
How to install
Installation in IIS with Windows Installer: (for IIS 6.0 see note below!) (for IIS 7.0 see note below!)
Double click the file WebKnight.msi. This will launch Windows
Installer and install WebKnight on the local machine. This method will
install WebKnight as a global filter on the local machine. If Windows
Installer is not installed on your system, you can download it directly
from Microsoft:
Windows Installer 2.0 Redistributable for Windows NT 4.0 and 2000
Windows Installer 2.0 Redistributable for Windows 95, 98, and Me
Installation in IIS with scripts:
To install/uninstall WebKnight on the local or remote machine you
can use the file install.vbs/uninstall.vbs from the setup folder. This
method will install WebKnight as a global filter on the selected host
or localhost.
Manual installation as a global filter in IIS:
- Copy all the files in the Setup folder to a local folder on the server (e.g. C:\Program Files\AQTRONIX WebKnight).
- Open the IIS snap-in.
- Right-click the server name (not the site name) (in IIS 6
right-click Web Sites) under Internet Information Services in the MMC,
and then select Properties.
- Verify that WWW Service is displayed in the Master Properties
drop-down list, and click the Edit button. For IIS 6 go to next step.
- Choose the ISAPI Filters tab, and then click the Add button.
- In the Filter Properties window, type WebKnight, and enter the full path to WebKnight.dll in the Executable box.
- Select OK to close each dialog.
- Review any settings of WebKnight, by running config.exe that you copied locally.
- Restart IIS.
Manual installation as a site filter in IIS:
- Copy all the files in the Setup folder to a local folder on the server (e.g. C:\Program Files\AQTRONIX WebKnight\W3SVC1). Note: it is important to have a unique folder for each WebKnight installation!
- Open the IIS snap-in.
- Right-click the site name (not the server name) under Internet Information Services in the MMC, and then select Properties.
- Choose the ISAPI Filters tab, and then click the Add button.
- In the Filter Properties window, type WebKnight, and enter the full path to WebKnight.dll in the Executable box.
- Select OK to close each dialog.
- Review any settings of WebKnight, by running config.exe that you
copied locally. (Make sure global filter capabilities are disabled:
uncheck 'Is Installed As Global Filter')
- For IIS 6 you need to make sure that each site for which you
installed WebKnight as a site filter, has its own application pool.
This is because only one instance of WebKnight can be run in any
application pool. By default all sites are run in the DefaultAppPool
and can only contain one instance of WebKnight, so you can only have
one site filter, unless you specify a different application pool for
any additional site on which you are running WebKnight as a site filter.
- Restart IIS.
If you want to import your settings from urlscan,
you can do that by copying the file urlscan.ini to the WebKnight
directory. Delete WebKnight.xml (or rename it) and your settings from
urlscan.ini will be imported in a new WebKnight.xml file when you
restart your web server. This can be useful if you experienced problems
with your urlscan installation and you had to customize the settings of
urlscan and want to keep using these settings. If you want to load the
default settings again, you can do that by deleting the files
WebKnight.xml and urlscan.ini in the directory WebKnight and a new
WebKnight.xml will be made with the default settings when you restart
your web server.
Installation is IIS 5 and previous:
You don't need to do anything extra, just follow one of the installation methods above.
Installation in IIS 6.0: to run WebKnight as a global filter in IIS 6.0, you have two options:
- Run IIS in IIS 5.0 Isolation mode (recommended)
- Continue running IIS in worker process mode but
without the global filtering capabilities of WebKnight, and you need a
unique log file per process. So you have to make sure you:
- uncheck 'Is Installed As Global Filter' under Global Filter Capabilities
- check 'Per Process Logging' under Logging (each
application pool will load its own instance of WebKnight, if you only
have one pool, this is not required.)
- Make sure the account NETWORK SERVICE (or whatever account(s) you set the application pool(s) to use) has change permission on the WebKnight folder and subfolders
- Restart IIS after doing the above changes.
Warning: There is
a known issue
with running WebKnight 1.3 and previous versions in IIS 6. You need to
uncheck "Change Server Header" and uncheck "Remove Server Header" (in
"Headers" section). WebKnight 2.0 does not have this issue.
Installation in IIS 7.0
- Allow ISAPI filters in IIS7 (by default this is not installed)
- The MSI package provided with WebKnight 2.2 and later supports IIS
7 (do not use the install.vbs script). Previous versions of WebKnight
can only be installed manually and also unless you uncheck "Is
Installed As Global Filter" in the global filter capabilities. If in
addition you want to install a 32-bit version of WebKnight on a 64-bit
operating system, you need to set the 32bitness precondition for the
isapi filter (see your IIS documentation).
- The IIS account needs to have change permission on the WebKnight folder (see the install note for installing WebKnight in
IIS6 when using Worker Process mode).
- WebKnight is not yet ready for IPv6, but this is currently not a
major issue because the Internet is still using IPv4 (only the
localhost loopback uses IPv6)
Non-IIS: Look at the documentation of your web server (Note: only web servers with ISAPI filter support can run WebKnight).
| Published: 20/08/2002 | Document Type: General |
| Last modified: 2/09/2008 | Target: General |
| Visibility: Public | Language: English |
애슐리
2008/11/19 17:40
#
M/D
Reply
ㅡㅡ 네이버여 공유하자 ㅋ