Firewall with two-phase filtering

摘要

Two-phase filtering for a firewall is disclosed. In the first, general phase, a request is filtered to verify one or more of: that the request is pursuant to a supported protocol, that a command of the request is allowed, that the length of the request does not exceed the allowed maximum for the command, and that characters of the request are of an allowable type. Upon first-phase verification, a second phase is invoked that is particular to the protocol of the request. In the second, specialized phase, the request is filtered to verify one or more of the source, the destination, and the content of the request. Upon second-phase verification, the request is allowed to pass. If either first- or second-phase verification fails, then the request is denied.

主权项

1. A method performed on a security device comprising a first-phase filter and a second-phase filter, the method comprising:
first verifying, by the first-phase filter, a protocol of a request received by the security device, where the received request passes the first verifying based on the protocol being supported by the security device, where the received request originated from a source other than the security device and is destined for a target other than the security device; second verifying, by the second-phase filter in response to the protocol passing the first verifying, content of the received request, where the content passes the second verifying based on the content conforming to the supported protocol; forwarding, by the security device in response to the content passing the second verifying, the received request to the target; and denying, by security device in response to the protocol not passing the first verifying or in response to the content not passing the second verifying, the received request from proceeding to the target.