An Integrated Web Security Application: Integration Of Nginx Reverse Proxy, Fail2ban, Waf, Postgresql and Laravel

Öz

Recently, the increase in network-connected devices and the ability to run every application over the web has made web application security an issue that needs to be seriously considered. Although firewall solutions are used to protect networked systems and users, it seems that they are insufficient to ensure application security, especially in today's conditions. In this context, WAF (Web Application Firewall) systems have been developed and continue to be developed, especially to ensure the security of web applications. While the firewall filters traffic at the network layer, which is a lower layer, WAF protects at the application layer closest to the user. Network administrators intensively use WAF applications and the systems they create with new technologies integrated into these applications in order to maximize security. In this study, the WAF application, which is used together with Laravel, File2ban and Postgresql, is discussed, which we compiled and ran to protect the corporate network we manage from attacks and application vulnerabilities. In addition, it is thought that this study will guide other researchers working in this field and aims to open doors to produce more effective solutions.

Anahtar Kelimeler

• waf
• file2ban
• laravel
• postgresql

Kaynakça

1. [1] D. Mairaj Inamdar and S. Gupta, "A Survey on Web Application Security," Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol., vol. 3307, pp. 223-228, 2020, doi: 10.32628/cseit206543.
2. [2] E. Karaarslan, T. Tuğlular, and H. Şengonca, "Enterprise web security structure," in Akademik Bilişim, 2008, pp. 1-9.
3. [3] M. Baykara, R. Daş, and G. Tuna, "Web-based log analysis platform for detection of web attacks from web server access logs," Firat University Engineering Sci. Derg., vol. 28, no. 2, pp. 291-302, 2016.
4. [4] A. Tekerek, C. Gemci, and O. F. Bay, "Development of a hybrid web application firewall to prevent web based attacks," in 8th IEEE International Conference on Application of Information and Communication Technologies, AICT 2014 - Conference Proceedings, 2014, pp. 1-4, doi: 10.1109/ICAICT.2014.7035910.
5. [5] R. A. Muzaki, O. C. Briliyant, M. A. Hasditama, and H. Ritchi, "Improving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall," 2020 Int. Work. Big Data Inf. Secur. IWBIS 2020, pp. 85-90, 2020, doi: 10.1109/IWBIS50925.2020.9255601.
6. [6] H. Tan and A. Z. Aktas, "An approach for an organization's information system security," in Network and Information Security Symposium, 2011, pp. 34-39.
7. [7] V. Clincy and H. Shahriar, "Web Application Firewall: Network Security Models and Configuration," in Proceedings - International Computer Software and Applications Conference, 2018, vol. 1, pp. 835-836, doi: 10.1109/COMPSAC.2018.00144.
8. [8] F. Omar, D. Ahmed, O. Elnakib, et al., “Towards a User-Friendly Web Application Firewall.,” In: Proceedings - 11th IEEE International Conference on Intelligent Computing and Information Systems, ICICIS 2023. pp. 483–488. IEEE (2023).

9. [9] D. Aydogdu and M. Gündüz, "A Research on Web Application Security Vulnerabilities and Security Solutions," Uluslararası Uluslararası Bi̇lgi Güvenli̇ği Mühendi̇sliği Dergi̇si̇, vol. 2, no. 1, pp. 1-7, 2016, doi: 10.18640/ubgmd.56836.
10. [10] A. Coscia, V. Dentamaro, S. Galantucci, A. Maci, and G. Pirlo, “PROGESI: A PROxy Grammar to Enhance Web Application Firewall for SQL Injection Prevention.,” IEEE Access. vol. 12, no. August, pp. 107689–107703, 2024.
11. [11] Nginx: the High-Performance Web Server and Reverse Proxy, https://dl.acm.org/doi/fullHtml/10.5555/1412202.1412204.
12. [12] T. D. Sobola, P. Zavarsky, and S. Butakov, "Experimental Study of ModSecurity Web Application Firewalls," Proc. - 2020 IEEE 6th Intl Conf. Big Data Secur. Cloud, Big Data Security 2020, 2020 IEEE Intl Conf. High Perform. Smart Comput. HPSC 2020 2020 2020 IEEE Intl Conf. Intell. Data Secur. IDS 2020, pp. 209-213, 2020, doi: 10.1109/BigDataSecurity-HPSC-IDS49724.2020.00045.