Proceeding of the Faculty of technical Sciences, Novi Sad

Electrotechnical and Computer Engineering

Vol. 37 No. 11 (2022): Proceedings of Faculty of Technical Sciences

APPLICATION OF MODSECURITY WAF IN WEB APPLICATION PROTECTION

  • Леона Недељковић
DOI:
https://doi.org/10.24867/20BE27Nedeljkovic
Submitted
November 6, 2022
Published
2022-11-06

Abstract

This paper describes the ModSecurity WAF, shows the format of the rules it relies on and the configuration directives it supports. Then, on the example of a web application, it is shown how it can be used and what impact its application has on the performance of the application.

References

[1] Victor Clincy, Hossain Shahriar, „Web Application Firewall: Network Security Models and Configuration“, 42nd IEEE International Conference on Computer Software & Applications, 2018
[2] Abdul Razzaq, Ali Hur, Sidra Shahbaz, Muddassar Masood, H Farooq Ahmad, „Critical analysis on web application firewall solutions“, IEEE Eleventh International Symposium on Autonomous Decentralized Systems (ISADS), 2013.
[3] Web application firewall, https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/
[4] Lakhno, V., A. Blozva, D. Kasatkin, V. Chubaievskyi, Y. Shestak, D. Tyshchenko, R. Brzhanov. "Experimental studies of the features of using waf to protect internal services in the zero trust structure." Journal of Theoretical and Applied Information Technology 100, no. 3 (2022).
[5] Khandelwal, Shashank, Parthiv Shah, Mr Kaushal Bhavsar, and Dr Savita Gandhi. "Frontline techniques to prevent web application vulnerability." Int. J. Advanced Research in Comput. Sci. Electron. Eng 2, no. 2 (2013): 208.
[6] Mac, Hieu, Dung Truong, Lam Nguyen, Hoa Nguyen, Hai Anh Tran, Duc Tran. "Detecting attacks on web applications using autoencoder." In Proceedings of the ninth international symposium on information and communication technology, pp. 416-421., 2018
[7]ModSecurity, https://en.wikipedia.org/wiki/ModSecurity
[8] Modsecurity-apache, SpiderLabs, https://github.com/SpiderLabs/ModSecurity-apache
[9] Orlando, Kyle Richard. "Automating Virtual Patching via Application Security Testing Tools." Master's thesis, NTNU, 2021
[10] ModSecurity-apache, https://tahir.pro/ModSecurity-apache/
[11] Jeichande, Dauto Ussene. "Redundant firewalls for web applications." PhD diss., 2016
[12] Ahmad, Ali, Zahid Anwar, Ali Hur, Hafiz Farooq Ahmad. "Formal reasoning of web application Firewall rules through ontological modeling." In 2012 15th International Multitopic Conference (INMIC), pp. 230-237. IEEE, 2012.
[13] Ashlam, Ahmed Abadulla, Atta Badii, and Frederic Stahl. "A Novel Approach Exploiting Machine Learning to Detect SQLi Attacks." In 2022 5th International Conference on Advanced Systems and Emergent Technologies (IC_ASET), pp. 513-517. IEEE, 2022