Improving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall

The use of web applications has been undergoing rapid increase. Many individuals, groups, organizations or governments use web applications as a means to exchange information or support business-related tasks. Despite the increased adoption, web applications use is however directly associated with comparable threats and attacks. With the increasing threats and attacks on web applications, organizations require a more effective concept of web application security. Web Application Firewall (WAF) is a security concept that can be used to prevent various threats and attacks on web applications. WAF has the ability to filter packets, block dangerous HTTP requests, and also do logging. This paper demonstrates and proposes the implementation of WAF on a web-based application using ModSecurity and the Reverse Proxy method. From the tests carried out e.g. cross-site scripting, SQL injection and unauthorized vulnerability web scanning, all threats were successfully thwarted by ModSecurity and reverse proxy method implemented in the WAF.