APPLICATION OF MODSECURITY WAF IN WEB APPLICATION PROTECTION
DOI:
https://doi.org/10.24867/20BE27NedeljkovicKeywords:
ModSecurity, Web Application Firewall, Web applicationsAbstract
This paper describes the ModSecurity WAF, shows the format of the rules it relies on and the configuration directives it supports. Then, on the example of a web application, it is shown how it can be used and what impact its application has on the performance of the application.
References
[1] Victor Clincy, Hossain Shahriar, „Web Application Firewall: Network Security Models and Configuration“, 42nd IEEE International Conference on Computer Software & Applications, 2018
[2] Abdul Razzaq, Ali Hur, Sidra Shahbaz, Muddassar Masood, H Farooq Ahmad, „Critical analysis on web application firewall solutions“, IEEE Eleventh International Symposium on Autonomous Decentralized Systems (ISADS), 2013.
[3] Web application firewall, https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/
[4] Lakhno, V., A. Blozva, D. Kasatkin, V. Chubaievskyi, Y. Shestak, D. Tyshchenko, R. Brzhanov. "Experimental studies of the features of using waf to protect internal services in the zero trust structure." Journal of Theoretical and Applied Information Technology 100, no. 3 (2022).
[5] Khandelwal, Shashank, Parthiv Shah, Mr Kaushal Bhavsar, and Dr Savita Gandhi. "Frontline techniques to prevent web application vulnerability." Int. J. Advanced Research in Comput. Sci. Electron. Eng 2, no. 2 (2013): 208.
[6] Mac, Hieu, Dung Truong, Lam Nguyen, Hoa Nguyen, Hai Anh Tran, Duc Tran. "Detecting attacks on web applications using autoencoder." In Proceedings of the ninth international symposium on information and communication technology, pp. 416-421., 2018
[7]ModSecurity, https://en.wikipedia.org/wiki/ModSecurity
[8] Modsecurity-apache, SpiderLabs, https://github.com/SpiderLabs/ModSecurity-apache
[9] Orlando, Kyle Richard. "Automating Virtual Patching via Application Security Testing Tools." Master's thesis, NTNU, 2021
[10] ModSecurity-apache, https://tahir.pro/ModSecurity-apache/
[11] Jeichande, Dauto Ussene. "Redundant firewalls for web applications." PhD diss., 2016
[12] Ahmad, Ali, Zahid Anwar, Ali Hur, Hafiz Farooq Ahmad. "Formal reasoning of web application Firewall rules through ontological modeling." In 2012 15th International Multitopic Conference (INMIC), pp. 230-237. IEEE, 2012.
[13] Ashlam, Ahmed Abadulla, Atta Badii, and Frederic Stahl. "A Novel Approach Exploiting Machine Learning to Detect SQLi Attacks." In 2022 5th International Conference on Advanced Systems and Emergent Technologies (IC_ASET), pp. 513-517. IEEE, 2022
[2] Abdul Razzaq, Ali Hur, Sidra Shahbaz, Muddassar Masood, H Farooq Ahmad, „Critical analysis on web application firewall solutions“, IEEE Eleventh International Symposium on Autonomous Decentralized Systems (ISADS), 2013.
[3] Web application firewall, https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/
[4] Lakhno, V., A. Blozva, D. Kasatkin, V. Chubaievskyi, Y. Shestak, D. Tyshchenko, R. Brzhanov. "Experimental studies of the features of using waf to protect internal services in the zero trust structure." Journal of Theoretical and Applied Information Technology 100, no. 3 (2022).
[5] Khandelwal, Shashank, Parthiv Shah, Mr Kaushal Bhavsar, and Dr Savita Gandhi. "Frontline techniques to prevent web application vulnerability." Int. J. Advanced Research in Comput. Sci. Electron. Eng 2, no. 2 (2013): 208.
[6] Mac, Hieu, Dung Truong, Lam Nguyen, Hoa Nguyen, Hai Anh Tran, Duc Tran. "Detecting attacks on web applications using autoencoder." In Proceedings of the ninth international symposium on information and communication technology, pp. 416-421., 2018
[7]ModSecurity, https://en.wikipedia.org/wiki/ModSecurity
[8] Modsecurity-apache, SpiderLabs, https://github.com/SpiderLabs/ModSecurity-apache
[9] Orlando, Kyle Richard. "Automating Virtual Patching via Application Security Testing Tools." Master's thesis, NTNU, 2021
[10] ModSecurity-apache, https://tahir.pro/ModSecurity-apache/
[11] Jeichande, Dauto Ussene. "Redundant firewalls for web applications." PhD diss., 2016
[12] Ahmad, Ali, Zahid Anwar, Ali Hur, Hafiz Farooq Ahmad. "Formal reasoning of web application Firewall rules through ontological modeling." In 2012 15th International Multitopic Conference (INMIC), pp. 230-237. IEEE, 2012.
[13] Ashlam, Ahmed Abadulla, Atta Badii, and Frederic Stahl. "A Novel Approach Exploiting Machine Learning to Detect SQLi Attacks." In 2022 5th International Conference on Advanced Systems and Emergent Technologies (IC_ASET), pp. 513-517. IEEE, 2022
Downloads
Published
2022-11-06
Issue
Section
Electrotechnical and Computer Engineering
