Professional Documents
Culture Documents
Abstract—Sophisticated technology in the world has been intermediary between the web server and client. Reverse
developing very rapidly, especially in terms of accessing all the Proxy is used to avoid burdens on the web server and to avoid
information that is on the web. Website is one of technological the web server if it has to send new content continuously to
sophistication that presents various kinds of information each client making a request. To secure the web server from
needed, from children to adults easily accessing websites on the hackers, a security system was built that uses ModSecurity as
internet. Unwittingly the number of accesses made by users a Web Application Firewall (WAF). WAF is able to monitor
around the world causes a web server or a place that provides a and prevent attacks caused by irresponsible parties who can
website will be weak and can occur down. When a web server steal data on the website for personal gain.
becomes weak, hackers will use it to attack the web server,
retrieve data, important information, and even more fatal is II. DESIGN AND REALIZATION
when user data is stolen and misused by hackers. The web
developers only focus on a website appearance but do not focus In this system a web server module modules are integrated
on access and security of the website. Therefore, we need an with each other and support each other to create a web server
optimal web server that can accommodate the many accesses that can optimize and also secure other web servers behind it
caused by users and the security of the web server to safeguard from hacker attacks, a system that will be made on the main
data and information stored. This research applies a package system of this research including the HTTP protocol version
namely Reverse Proxy which is used to optimize a web server 2 or HTTP / 2 which uses Apache and Nginx as a web server,
and Web Application Firewall which is used to maintain the Reverse Proxy, and Web Application Firewall (WAF).
security of a web server.
This research focuses on the system modules of Reverse
Keywords—hacker, reverse proxy, web application firewall, Proxy and Web Application Firewall which of these two
web developer, web server, website modules will be tested for their ability to optimize and secure
websites that are on the backend web server from hacker
I. INTRODUCTION
attacks, where websites will be tested using web cloud
Based on data released by the website (Nextcloud) as a testing tool in every system module that will
https://www.internetworldstats.com as of 30 June 2018 the be built.
number of internet users worldwide has reached
7,634,758,428 populations [1]. The increasing number of System Specifications
users creates many obstacles on the web server, such as an The tools that will be used in this study which include
increase in the performance of the web server processes that hardware and software that are used to meet the needs and
make the web server and many processes that run on the server achieve the objectives of the system will be specified in the
[2]. For web threats that occur as written in Table I.
https://www.ptsecurity.com in Q2 (2nd quartile) of 2017 states
that cybercrime through Cross- Site Scripting ranks first in
cybercrime that attacks web applications with 39%. In the
second place as much as 25% of cybercrime is SQL Injection
and followed by Path Traversal as much as 7% in cybercrime.
Increased requests on the site, causing the web server is
busy answering requests from clients and this will affect the
web server that is not able to serve requests from clients. This
can cause the web server to be overloaded, slowed, and finally
the web server will go down [3]. When a web server becomes
slow, the web server will become a target that is very easy for
hackers. Some threats that often occur in web applications
include SQL Injection, Cross-Site Scripting and Command
Execution [4].
Therefore, as a System Administrator it is necessary to
make a way to overcome the hacking action and also to make
a way so that the web server is not easy down if there is access Fig. 1. System Block Diagram
to an overloaded website. To improve the performance of a
web server is to use Reverse Proxy. Reverse Proxy acts as an
Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.
2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
In Fig. 1, it shows system block diagram, where the Reverse Proxy Testing
component includes main server, backend server and the Testing is divided into 2 stages, namely: The first test is
client. In Main server there are Ngix, reverse proxy, WAF done to access the backend website using IP Reverse Proxy.
anda also Bot Telegram. Meanwhile in the backend server The second test is testing the speed of access to web server
there will be Apache and web Cloud (Netcloud). services, starting from the request time, transfer time, and
connection time.
TABLE I. MINIMUM HARDWARE SPECIFICATIONS
1. Testing the Backend Web Server access
No. Device Specification Fig. 2 shows the backend web server access process with
1 Processor Single Core / Pentium IV IP Address 192.168.40.145 using Reverse Proxy IP Address,
2 HDD 80 GB 192.168.40.129. For pages that will be displayed, the backend
server web pages because the Reverse Proxy server only
3 RAM 1 GB processes the forward to the Backend web server.
456
Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.
2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
2. Testing for access to Web Server services Testing the Web Application Firewall
Testing of access to web server services is done using In the Web Application Firewall testing scenario, 4 testing
apache benchmark tools which are performed on nginx and scenarios with different attack scenarios are performed,
apache web servers as a comparison if using a reverse proxy including the SQL Injection attack simulation test, Cross-Site
and those that do not use a reverse proxy. Use the following Scripting (XSS), Local File Inclusion (LFI) attack and Remote
parameters: File Inclusion (RFI) attacks.
Request: 1000
Concurrent: 100-1000 1. SQL Injection attack simulation
#ab –c 100 –n 1000 http://192.168.40.129/nextcloud (web This test is done by inputting an example of the SQL
server nginx) Injection script in the browser, for example in Fig. 5 (p=1
#ab –c 100 –n 1000 http://192.168.40.145/nextcloud (web AND 2013 =1).
server apache)
Comparison of the time required between using a reverse
proxy and not using a reverse proxy, can be seen in Table IV,
Table V and Table VI.
457
Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.
2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
transfer time value of access to the website (nextcloud) using server and the log was sent directly from the Telegram Bot to
Reverse Proxy and without Reverse Proxy. Fig. 11 shows a the author's handphone.
bar diagram of the connection time value of access to the
website (nextcloud) using Reverse Proxy and without Reverse
Proxy.
Fig. 9. Time Request Reverse Proxy and without Reverse Proxy Fig. 12. Log SQL Injection from ModSecurity
In Fig. 9 it can be seen that the result for using reverse Fig. 13 shows the Cross-Site Scripting log from Mod
proxy, need more time than without reverse proxy. This is Security that was caught when the hacker tried to access the
because when using reverse proxy, the request need to direct web server and the log was sent directly from the Telegram
first to reverse proxy. Bot to the author's handphone.
Fig. 10. Time Transfer Reverse Proxy and without Reverse Proxy Fig. 14 shows the Remote File Inclusion log from Mod
Security that was captured when the hacker tried to access the
In Fig. 10, also can be seen that the pattern is same that the web server and the log was sent directly from the Telegram
time needed is more for the reverse proxy than without reverse Bot to the author's cell handphone.
proxy, and it is same also for the connection time.
458
Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.
2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
1. The application of Reverse Proxy as an optimization for [10] Telegram Group, u.d. Telegram. [Online]. Website:
the web server was successfully carried out by accessing https://modsecurity.org/about.html accessed on 21 April 2019
the Reverse IP Proxy and testing the web server access [11] Irawan A. S., Pramukantoro, E. S. & Kusyanti, A., 2018. Developers
of Intrusion Detection System for SQL Injection using the Learning
services such as testing the request time, transfer time Vector Quantization Method. Jurnal Pengembangan Teknologi
and connection time on the Reverse Proxy. Informasi dan Ilmu Komputer, Vol 2, pp. 2295-2301.
2. The application of Web Application Firewall as a [12] Putra, S. S. H., 2017. Tackling XSS, CSRF, SQL Injection Using the
BlackBox Method in the IVENMU Marketplace. Jurnal Pendidikan
security for a web server using Mod Security was dan Teknologi Informasi, Vol 4, pp. 289-300.
successfully tested by conducting Penetration Testing or [13] Sadaphule, P. o.a., 2017. Prevention of Website Attack Based on
called attack techniques using SQL Injection hacking Remote File Inclusion-A Survey. International Journal of Advance
techniques, Cross-site Scripting (XSS), Local File Engineering and Research Development, 4(5), pp. 2348-4470.
Inclusion (LFI), and Remote File Inclusion (LFI) RFI).
3. Integration of syslog attacks on Web Application
Firewall (WAF) using Mod Security on a telegram bot as
a notification has been fully completed and successfully
tested, by making a telegram bot that has been integrated
with the server using the TOKEN bot on the telegram
notification script, so the attack notification can run in
real- time every time there is hacking activity on the web
server.
Suggestions and recommendations that need to be
developed for further research in this test are as follows:
1. Implementation of Reverse Proxy and Web Application
Firewall (WAF) can be done with other Operating
Systems besides Linux, including FreeBSD, Macintosh.
2. Implementation of Reverse Proxy and Web Application
Firewall (WAF) can be done using Raspberry Pi, and so
on.
3. To optimize web server, not only use Reverse Proxy
application, you can use Load Balancer, and HAProxy.
4. For security on the web server not only uses Mod
Security, can use more secure and certainly paid
applications such as Comodo Web Application Firewall,
and so on.
5. Notification of attacks on the Web Application Firewall
can also be used by other methods such as e-mail.
REFERENCES
[1] Miniwatts Marketing Group, 2018. Internet World Stats. Website:
https://www.internetworldstats.com/stats.htm, access on 28 October
2018.
[2] Noviyanto, A.B., Erna, K. & Amir, H., 2015. DESIGN AND
IMPLEMENTATION OF LOAD BALANCING REVERSE PROXY
USING HAPROXY IN WEB APPLICATION. Jurnal JARKOM
ISBN:2338-6313, Vol III.
[3] Prismana, I. G. L. P. E., 2016. IMPLEMENTATION OF LOAD
BALANCING ON WEB SERVER USING APACHE, Surabaya:
Jurnal Manajemen Informatika.
[4] Jamain, R. Y., Periyadi & Ismail, S. J. I., 2015. IMPLEMENTATION
OF WEB APPLICATION SECURITY WITH WEB APPLICATION
FIREWALL. E-Proceeding of Applied Science, Vol 1, p. 2191.
[5] Nginx Corporate Inc., 2018. Nginx. [Online]. Website:
https://www.nginx.com/resources/glossary/reverse-proxy-server/
access on 18 October 2018.
[6] Saha, S., 2018. Web Application Firewall-Dot Defender. International
Journal of Computer Science and Mobile Computing, 7(3), pp. 43-50.
[7] Trustwave SpiderLabs, 2019. ModSecurity. [Online]. Website:
https://modsecurity.org/about.html accessed on 21 April 2019
[8] PT Cloud Hosting Indonesia, 2015. Id CloudHost. [Online]. Website:
https://idcloudhost.com/pengertian-web-server-dan-fungsinya/
accessed on 28 October 2018
[9] Aziz, A. & Tampati, T., 2015. Web Server Analysis for Institutional
Hosting Server Development. MULTINETICS, Vol. 1.
459
Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.