Araştırma Makalesi
Yıl 2025,
Cilt: 13 Sayı: 1, 106 - 111, 30.03.2025
Öz
Kaynakça
- [1] D. Mairaj Inamdar and S. Gupta, "A Survey on Web Application Security," Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol., vol. 3307, pp. 223-228, 2020, doi: 10.32628/cseit206543.
- [2] E. Karaarslan, T. Tuğlular, and H. Şengonca, "Enterprise web security structure," in Akademik Bilişim, 2008, pp. 1-9.
- [3] M. Baykara, R. Daş, and G. Tuna, "Web-based log analysis platform for detection of web attacks from web server access logs," Firat University Engineering Sci. Derg., vol. 28, no. 2, pp. 291-302, 2016.
- [4] A. Tekerek, C. Gemci, and O. F. Bay, "Development of a hybrid web application firewall to prevent web based attacks," in 8th IEEE International Conference on Application of Information and Communication Technologies, AICT 2014 - Conference Proceedings, 2014, pp. 1-4, doi: 10.1109/ICAICT.2014.7035910.
- [5] R. A. Muzaki, O. C. Briliyant, M. A. Hasditama, and H. Ritchi, "Improving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall," 2020 Int. Work. Big Data Inf. Secur. IWBIS 2020, pp. 85-90, 2020, doi: 10.1109/IWBIS50925.2020.9255601.
- [6] H. Tan and A. Z. Aktas, "An approach for an organization's information system security," in Network and Information Security Symposium, 2011, pp. 34-39.
- [7] V. Clincy and H. Shahriar, "Web Application Firewall: Network Security Models and Configuration," in Proceedings - International Computer Software and Applications Conference, 2018, vol. 1, pp. 835-836, doi: 10.1109/COMPSAC.2018.00144.
- [8] F. Omar, D. Ahmed, O. Elnakib, et al., “Towards a User-Friendly Web Application Firewall.,” In: Proceedings - 11th IEEE International Conference on Intelligent Computing and Information Systems, ICICIS 2023. pp. 483–488. IEEE (2023).
- [9] D. Aydogdu and M. Gündüz, "A Research on Web Application Security Vulnerabilities and Security Solutions," Uluslararası Uluslararası Bi̇lgi Güvenli̇ği Mühendi̇sliği Dergi̇si̇, vol. 2, no. 1, pp. 1-7, 2016, doi: 10.18640/ubgmd.56836.
- [10] A. Coscia, V. Dentamaro, S. Galantucci, A. Maci, and G. Pirlo, “PROGESI: A PROxy Grammar to Enhance Web Application Firewall for SQL Injection Prevention.,” IEEE Access. vol. 12, no. August, pp. 107689–107703, 2024.
- [11] Nginx: the High-Performance Web Server and Reverse Proxy, https://dl.acm.org/doi/fullHtml/10.5555/1412202.1412204.
- [12] T. D. Sobola, P. Zavarsky, and S. Butakov, "Experimental Study of ModSecurity Web Application Firewalls," Proc. - 2020 IEEE 6th Intl Conf. Big Data Secur. Cloud, Big Data Security 2020, 2020 IEEE Intl Conf. High Perform. Smart Comput. HPSC 2020 2020 2020 IEEE Intl Conf. Intell. Data Secur. IDS 2020, pp. 209-213, 2020, doi: 10.1109/BigDataSecurity-HPSC-IDS49724.2020.00045.
An Integrated Web Security Application: Integration Of Nginx Reverse Proxy, Fail2ban, Waf, Postgresql and Laravel
Öz
Recently, the increase in network-connected devices and the ability to run every application over the web has made web application security an issue that needs to be seriously considered. Although firewall solutions are used to protect networked systems and users, it seems that they are insufficient to ensure application security, especially in today's conditions. In this context, WAF (Web Application Firewall) systems have been developed and continue to be developed, especially to ensure the security of web applications. While the firewall filters traffic at the network layer, which is a lower layer, WAF protects at the application layer closest to the user. Network administrators intensively use WAF applications and the systems they create with new technologies integrated into these applications in order to maximize security.
In this study, the WAF application, which is used together with Laravel, File2ban and Postgresql, is discussed, which we compiled and ran to protect the corporate network we manage from attacks and application vulnerabilities. In addition, it is thought that this study will guide other researchers working in this field and aims to open doors to produce more effective solutions.
Anahtar Kelimeler
Kaynakça
- [1] D. Mairaj Inamdar and S. Gupta, "A Survey on Web Application Security," Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol., vol. 3307, pp. 223-228, 2020, doi: 10.32628/cseit206543.
- [2] E. Karaarslan, T. Tuğlular, and H. Şengonca, "Enterprise web security structure," in Akademik Bilişim, 2008, pp. 1-9.
- [3] M. Baykara, R. Daş, and G. Tuna, "Web-based log analysis platform for detection of web attacks from web server access logs," Firat University Engineering Sci. Derg., vol. 28, no. 2, pp. 291-302, 2016.
- [4] A. Tekerek, C. Gemci, and O. F. Bay, "Development of a hybrid web application firewall to prevent web based attacks," in 8th IEEE International Conference on Application of Information and Communication Technologies, AICT 2014 - Conference Proceedings, 2014, pp. 1-4, doi: 10.1109/ICAICT.2014.7035910.
- [5] R. A. Muzaki, O. C. Briliyant, M. A. Hasditama, and H. Ritchi, "Improving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall," 2020 Int. Work. Big Data Inf. Secur. IWBIS 2020, pp. 85-90, 2020, doi: 10.1109/IWBIS50925.2020.9255601.
- [6] H. Tan and A. Z. Aktas, "An approach for an organization's information system security," in Network and Information Security Symposium, 2011, pp. 34-39.
- [7] V. Clincy and H. Shahriar, "Web Application Firewall: Network Security Models and Configuration," in Proceedings - International Computer Software and Applications Conference, 2018, vol. 1, pp. 835-836, doi: 10.1109/COMPSAC.2018.00144.
- [8] F. Omar, D. Ahmed, O. Elnakib, et al., “Towards a User-Friendly Web Application Firewall.,” In: Proceedings - 11th IEEE International Conference on Intelligent Computing and Information Systems, ICICIS 2023. pp. 483–488. IEEE (2023).
- [9] D. Aydogdu and M. Gündüz, "A Research on Web Application Security Vulnerabilities and Security Solutions," Uluslararası Uluslararası Bi̇lgi Güvenli̇ği Mühendi̇sliği Dergi̇si̇, vol. 2, no. 1, pp. 1-7, 2016, doi: 10.18640/ubgmd.56836.
- [10] A. Coscia, V. Dentamaro, S. Galantucci, A. Maci, and G. Pirlo, “PROGESI: A PROxy Grammar to Enhance Web Application Firewall for SQL Injection Prevention.,” IEEE Access. vol. 12, no. August, pp. 107689–107703, 2024.
- [11] Nginx: the High-Performance Web Server and Reverse Proxy, https://dl.acm.org/doi/fullHtml/10.5555/1412202.1412204.
- [12] T. D. Sobola, P. Zavarsky, and S. Butakov, "Experimental Study of ModSecurity Web Application Firewalls," Proc. - 2020 IEEE 6th Intl Conf. Big Data Secur. Cloud, Big Data Security 2020, 2020 IEEE Intl Conf. High Perform. Smart Comput. HPSC 2020 2020 2020 IEEE Intl Conf. Intell. Data Secur. IDS 2020, pp. 209-213, 2020, doi: 10.1109/BigDataSecurity-HPSC-IDS49724.2020.00045.
Toplam 12 adet kaynakça vardır.
Ayrıntılar
| Birincil Dil | İngilizce |
|---|---|
| Konular | Bilgisayar Yazılımı, Yazılım Mühendisliği (Diğer) |
| Bölüm | Araştırma Makalesi |
| Yazarlar | |
| Erken Görünüm Tarihi | 19 Mayıs 2025 |
| Yayımlanma Tarihi | 30 Mart 2025 |
| Gönderilme Tarihi | 11 Eylül 2024 |
| Kabul Tarihi | 6 Mart 2025 |
| Yayımlandığı Sayı | Yıl 2025 Cilt: 13 Sayı: 1 |
All articles published by BAJECE are licensed under the Creative Commons Attribution 4.0 International License. This permits anyone to copy, redistribute, remix, transmit and adapt the work provided the original work and source is appropriately cited.Creative Commons Lisans