Web servers are computers that are used to provide access to various resources, e.g. Web pages, for various client devices such as browsers. Typically, an individual uses a client device to provide an input string, such as a URL, to the Web server. The URL indicates to the Web server the location of the particular resource of interest. The Web server then locates the resource using the URL and returns the resource to the client device so that it can be displayed for the individual. Other types of input strings can be provided to the Web server by the client, e.g. input strings in the form of HTTP verb requests (e.g. POST requests) including WebDAV requests.
In the past, malicious individuals have used input strings that are intended for use by Web servers to attack the servers. These individuals will typically try to find an input string that causes the Web server or, perhaps its operating system, to perform in a manner that is inconsistent with simply processing legitimate client requests and returning authorized resources to the client. Input strings that have been used in the past to attack Web servers seem to come in an ever-changing number of varieties and formats. The various attacks that can be waged against a Web server can be categorized as disclosure attacks, integrity attacks, and denial of service attacks.
A disclosure attack takes place when an individual attacks a web site and attempts to read information that they are not authorized to read. For example, there may be some executable code at the server that an individual is not authorized to view. Yet, by providing an input string that causes the server to malfunction, the individual actually gets to view the executable code. Consider, for example, Active Server Pages. Active Server Pages can allow Web developers to use scripting languages like Visual Basic Script and JScript to pass information to various components that contain logic for accessing databases, instruct the components to perform a programmed action, and return the results of the programmed action. The individual is only authorized, and supposed to view the results of the programmed action. Yet, by using particular inappropriate input strings it may be possible for the individual to view the code that produces the results.
An integrity attack is similar to a disclosure attack in that an individual can gain access to unauthorized information. In addition to gaining access to the information, however, integrity attacks involve the manipulation of data or information that is being viewed. This is particularly problematic because the changed, now-invalid information can potentially further compromise an already-compromised Web server.
A denial of service attack is an attack that can cause a decrease in the quality of service or, ultimately, can cause the server to crash. This can adversely impact the server's ability to service other legitimate clients thereby leading to undesirable downtime and customer dissatisfaction.
Many of these types of attacks can be traced directly to the mishandling of an input string that was provided to the Web server. A need exists to deal with problematic input strings in a flexible, quick and convenient manner. Accordingly, this invention arose out of concerns associated with providing improved methods and systems for recognizing problematic input strings and dealing with them before they adversely affect the Web server.