| CPC H04L 63/0263 (2013.01) [H04L 63/0236 (2013.01); H04L 63/0245 (2013.01); H04L 63/168 (2013.01)] | 15 Claims |
|
1. A method, comprising:
at a first computer:
receiving a web application firewall rule;
analyzing the web application firewall rule, comprising:
generating a state machine from the web application firewall rule, and
executing one or more passes through the state machine to identify a class of inputs to the web application firewall rule that cannot trigger the web application firewall rule;
generating a test for detecting whether a given input is within the class of inputs, the test being distinct from the web application firewall rule;
exporting the test for delivery to a second computer;
at the second computer:
operating a firewall;
installing the web application firewall rule and the test in the firewall;
receiving an input message from a client device;
executing the test on one or more parts of the input message, wherein:
when the test indicates that the one or more parts of the input message cannot trigger the web application firewall rule, skipping the execution of the web application firewall rule on the one or more parts of the input message, and
when the test does not indicate that the one or more parts of the input message cannot trigger the web application firewall rule, executing the web application firewall rule on the one or more parts of the input message.
|