2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)

Performance Analysis of Reverse Proxy and Web

Application Firewall with Telegram Bot as Attack
Notification On Web Server
Defiana Arnaldy, Tio Setia Hati
Informatics and Computer Engineering
State Polytechnic of Jakarta
Depok, Indonesia
defiana.arnaldy@tik.pnj.ac.id, tio.hati.tik15@mhsw.pnj.ac.id

Abstract—Sophisticated technology in the world has been intermediary between the web server and client. Reverse
developing very rapidly, especially in terms of accessing all the Proxy is used to avoid burdens on the web server and to avoid
information that is on the web. Website is one of technological the web server if it has to send new content continuously to
sophistication that presents various kinds of information each client making a request. To secure the web server from
needed, from children to adults easily accessing websites on the hackers, a security system was built that uses ModSecurity as
internet. Unwittingly the number of accesses made by users a Web Application Firewall (WAF). WAF is able to monitor
around the world causes a web server or a place that provides a and prevent attacks caused by irresponsible parties who can
website will be weak and can occur down. When a web server steal data on the website for personal gain.
becomes weak, hackers will use it to attack the web server,
retrieve data, important information, and even more fatal is II. DESIGN AND REALIZATION
when user data is stolen and misused by hackers. The web
developers only focus on a website appearance but do not focus In this system a web server module modules are integrated
on access and security of the website. Therefore, we need an with each other and support each other to create a web server
optimal web server that can accommodate the many accesses that can optimize and also secure other web servers behind it
caused by users and the security of the web server to safeguard from hacker attacks, a system that will be made on the main
data and information stored. This research applies a package system of this research including the HTTP protocol version
namely Reverse Proxy which is used to optimize a web server 2 or HTTP / 2 which uses Apache and Nginx as a web server,
and Web Application Firewall which is used to maintain the Reverse Proxy, and Web Application Firewall (WAF).
security of a web server.
This research focuses on the system modules of Reverse
Keywords—hacker, reverse proxy, web application firewall, Proxy and Web Application Firewall which of these two
web developer, web server, website modules will be tested for their ability to optimize and secure
websites that are on the backend web server from hacker
I. INTRODUCTION
attacks, where websites will be tested using web cloud
Based on data released by the website (Nextcloud) as a testing tool in every system module that will
https://www.internetworldstats.com as of 30 June 2018 the be built.
number of internet users worldwide has reached
7,634,758,428 populations [1]. The increasing number of System Specifications
users creates many obstacles on the web server, such as an The tools that will be used in this study which include
increase in the performance of the web server processes that hardware and software that are used to meet the needs and
make the web server and many processes that run on the server achieve the objectives of the system will be specified in the
[2]. For web threats that occur as written in Table I.
https://www.ptsecurity.com in Q2 (2nd quartile) of 2017 states
that cybercrime through Cross- Site Scripting ranks first in
cybercrime that attacks web applications with 39%. In the
second place as much as 25% of cybercrime is SQL Injection
and followed by Path Traversal as much as 7% in cybercrime.
Increased requests on the site, causing the web server is
busy answering requests from clients and this will affect the
web server that is not able to serve requests from clients. This
can cause the web server to be overloaded, slowed, and finally
the web server will go down [3]. When a web server becomes
slow, the web server will become a target that is very easy for
hackers. Some threats that often occur in web applications
include SQL Injection, Cross-Site Scripting and Command
Execution [4].
Therefore, as a System Administrator it is necessary to
make a way to overcome the hacking action and also to make
a way so that the web server is not easy down if there is access Fig. 1. System Block Diagram
to an overloaded website. To improve the performance of a
web server is to use Reverse Proxy. Reverse Proxy acts as an

978-1-7281-8247-6/20/$31.00 ©2020 IEEE 455

Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.
 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)

In Fig. 1, it shows system block diagram, where the Reverse Proxy Testing
component includes main server, backend server and the Testing is divided into 2 stages, namely: The first test is
client. In Main server there are Ngix, reverse proxy, WAF done to access the backend website using IP Reverse Proxy.
anda also Bot Telegram. Meanwhile in the backend server The second test is testing the speed of access to web server
there will be Apache and web Cloud (Netcloud). services, starting from the request time, transfer time, and
connection time.
TABLE I. MINIMUM HARDWARE SPECIFICATIONS
1. Testing the Backend Web Server access
No. Device Specification Fig. 2 shows the backend web server access process with
1 Processor Single Core / Pentium IV IP Address 192.168.40.145 using Reverse Proxy IP Address,
2 HDD 80 GB 192.168.40.129. For pages that will be displayed, the backend
server web pages because the Reverse Proxy server only
3 RAM 1 GB processes the forward to the Backend web server.

The hardware used on the Dedicated Server (DS) in this

system is shown in Table II. The software used in this study is
in Table III

TABLE II. HARDWARE SPECIFICATIONS

No. Device Specification
1 Processor Intel i5 2400
2 RAM 4 GB DDR3 VGEN
4 GB DDR3 VGEN
3 HDD 500 GB Western Digital Blue
4 NIC Gigabit Ethernet 8151 Fig. 2. Access the Backend Web Server from IP Reverse Proxy
5 Mainboard Mobo socket 1155 chipset P63G
The results show that when a user or client accesses the IP
6 Interface I/O USB Keyboard and Mouse
Reverse Proxy the website page will open the appearance of
7 Case Type Avaris Predator Blue Orca the backend website. For more details, can be seen in Fig. 3
when the inspect element is generated is the nginx web server.
TABLE III. SOFTWARE SPECIFICATIONS
No. Device Version
1 Linux CentOS/7
2 Virtual Hypervisor/Windows Server 2016
Machine
3 Apache Apache/2.4.6
4 Nginx Nginx/1.13.4
5 PHP PHP/7.2.17
6 MySQL-Server MariaDB/5.5.60
7 Benchmark Apache Benchmark/-
8 ModSecurity OWASP/-
9 Webcloud Nextcloud/15 Fig. 3. Web Server Inspect Element Results
10 Putty Remote Tools/0.70
To be able to open the Nextcloud application, the path in
the URL must be directed to / nextcloud to 192.168.40.129/
III. ANALYSIS AND TESTING nextcloud. For more details can be seen in Fig. 4 Nextcloud
After the system is designed and realized, the next step is files stored on the backend server, for all storage, account
testing the system from Reverse Proxy and Web Application creation, data upload, file upload, can be done from IP Reverse
Firewall. Both systems will be tested according to the scenario Proxy.
created earlier to find out whether Reverse Proxy can help
reduce the burden on the web server and also for the Web
Application Firewall whether it can help for security on the
web server.
This research focuses on the system modules of Reverse
Proxy and Web Application Firewall which of these two
modules will be tested for their ability to optimize and secure
websites that are on the backend web server from hacker
attacks, where websites will be tested using web cloud
(Nextcloud) as a testing tool in every system module that will
be built.
Fig. 4. Access Nextcloud from IP Reverse Proxy

456

Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.
 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)

2. Testing for access to Web Server services
Testing of access to web server services is done using
apache benchmark tools which are performed on nginx and
apache web servers as a comparison if using a reverse proxy
and those that do not use a reverse proxy. Use the following
parameters:
Request: 1000
Concurrent: 100-1000
#ab –c 100 –n 1000 http://192.168.40.129/nextcloud (web
server nginx)
#ab –c 100 –n 1000 http://192.168.40.145/nextcloud (web
server apache)
Comparison of the time required between using a reverse
proxy and not using a reverse proxy, can be seen in Table IV,
Table V and Table VI.
Testing the Web Application Firewall
In the Web Application Firewall testing scenario, 4 testing
scenarios with different attack scenarios are performed,
including the SQL Injection attack simulation test, Cross-Site
Scripting (XSS), Local File Inclusion (LFI) attack and Remote
File Inclusion (RFI) attacks.
1. SQL Injection attack simulation
This test is done by inputting an example of the SQL
Injection script in the browser, for example in Fig. 5 (p=1
AND 2013 =1).

TABLE IV. TIME REQUEST REVERSE PROXY

Fig. 5. SQL Injection Testing
Concurrency With Reverse Without Reverse
Proxy (ms) Proxy (ms)
2. Cross-Site Scripting attacks simulation
100 129.3 52.3 This test is done by inputting an example of a Cross-Site
200 276.1 89.1 Scripting script in the browser, for example in Fig. 6
300 380.2 266.2 (<script>alert(XSS)</script>).
400 559.8 361.9
500 639.5 862.6
600 903.2 557.5
700 887.8 664.6
800 1167.1 766.1
900 1133.9 844.3
Fig. 6. XSS Testing
1000 1441.6 971.3
Average Time per Request 3. Local File Inclusion (LFI) attack simulation
751.85 543.59 This test is done by inputting an example from the Local
File Inclusion script in the browser, for example in Fig. 7
TABLE V. TIME TRANSFER REVEERSE PROXY
(p=../../../etc/passwd).
Concurrency Reverse Proxy Without Reverse
(Kbyte/sec) Proxy (Kbyte/sec)
100 428.39 899.37
200 401.09 1057.16
300 436.95 530.37
400 395.66 520.25
500 432.93 272.83
600 367.82 506.57
Fig. 7. LFI Testing
700 436.58 495.80
800 379.57 491.59
900 439.49 501.74 4. Remote File Inclusion (RFI) attacks simulation
1000 384.09 484.61 This test is done by inputting an example from the
Average Transfer 410.257 576.029 Remote File Inclusion script in the browser, for example
Rate in Fig. 8 (?p=http://google.com/a.txt??).

TABLE VI. TIME CONNECTION REVERSE PROXY

Concurrency Reverse Proxy Without Reverse
(ms) Proxy (ms)
100 303 85
200 418 427
Fig. 8. RFI Testing
300 565 877
400 978 900 Data Analysis
500 736 1702 After several tests, and the results of all tests, the following
600 1010 916 are the results of the analysis of the Reverse Proxy testing and
700 1156 934 Web Application Firewall as optimization and security on the
800 1316 928 web server.
900 1161 909
1. Reverse Proxy Testing Analysis
1000 1285 955 Fig. 9 shows a bar diagram of the time value of the request
Average Connection Times for access to the website (nextcloud) using Reverse Proxy and
892.8 863.3
without Reverse Proxy. Fig. 10 shows a bar diagram of the

457

Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.
 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)
transfer time value of access to the website (nextcloud) using
Reverse Proxy and without Reverse Proxy. Fig. 11 shows a
bar diagram of the connection time value of access to the
website (nextcloud) using Reverse Proxy and without Reverse
Proxy.
Fig. 9. Time Request Reverse Proxy and without Reverse Proxy
In Fig. 9 it can be seen that the result for using reverse
proxy, need more time than without reverse proxy. This is
because when using reverse proxy, the request need to direct
first to reverse proxy.
Fig. 10. Time Transfer Reverse Proxy and without Reverse Proxy
In Fig. 10, also can be seen that the pattern is same that the
time needed is more for the reverse proxy than without reverse
proxy, and it is same also for the connection time.
Fig. 11. Time Connection Reverse Proxy and without Reverse Proxy
2. Analysis of Web Application Firewall Testing
Based on the results of Web Application Firewall testing
that has been done by using SQL Injection attack techniques,
Cross-Site Scripting (XSS), Local File Inclusion (LFI), and
Remote File Inclusion (RFI) it can be concluded that the Web
Application Firewall can be a solution for security in web
server. Next is the log attached from the ModSecurity Web
Application Firewall.
Fig. 12 shows the SQL Injection log from ModSecurity
that was captured when the hacker tried to access the web
Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.
server and the log was sent directly from the Telegram Bot to
the author's handphone.
Fig. 12. Log SQL Injection from ModSecurity
Fig. 13 shows the Cross-Site Scripting log from Mod
Security that was caught when the hacker tried to access the
web server and the log was sent directly from the Telegram
Bot to the author's handphone.
Fig. 13. Log XSS Attack from ModSecurity
Fig. 14 shows the Remote File Inclusion log from Mod
Security that was captured when the hacker tried to access the
web server and the log was sent directly from the Telegram
Bot to the author's cell handphone.
Fig. 14. Log RFI Attack from ModSecurity
In Fig. 15, the Local File Inclusion log of Mod Security is
shown when the hacker tries to access the web server and the
log is sent directly from the Telegram Bot to the author's
cellphone sent from Bot Telegram to the author's handphone.
Fig. 15. Log LFI Attack from ModSecurity
IV. CONCLUSIONS
Based on the results of the analysis and testing of the
research conducted, the following conclusions can be drawn:
458
 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE)

1. The application of Reverse Proxy as an optimization for [10] Telegram Group, u.d. Telegram. [Online]. Website:
the web server was successfully carried out by accessing https://modsecurity.org/about.html accessed on 21 April 2019
the Reverse IP Proxy and testing the web server access [11] Irawan A. S., Pramukantoro, E. S. & Kusyanti, A., 2018. Developers
of Intrusion Detection System for SQL Injection using the Learning
services such as testing the request time, transfer time Vector Quantization Method. Jurnal Pengembangan Teknologi
and connection time on the Reverse Proxy. Informasi dan Ilmu Komputer, Vol 2, pp. 2295-2301.
2. The application of Web Application Firewall as a [12] Putra, S. S. H., 2017. Tackling XSS, CSRF, SQL Injection Using the
BlackBox Method in the IVENMU Marketplace. Jurnal Pendidikan
security for a web server using Mod Security was dan Teknologi Informasi, Vol 4, pp. 289-300.
successfully tested by conducting Penetration Testing or [13] Sadaphule, P. o.a., 2017. Prevention of Website Attack Based on
called attack techniques using SQL Injection hacking Remote File Inclusion-A Survey. International Journal of Advance
techniques, Cross-site Scripting (XSS), Local File Engineering and Research Development, 4(5), pp. 2348-4470.
Inclusion (LFI), and Remote File Inclusion (LFI) RFI).
3. Integration of syslog attacks on Web Application
Firewall (WAF) using Mod Security on a telegram bot as
a notification has been fully completed and successfully
tested, by making a telegram bot that has been integrated
with the server using the TOKEN bot on the telegram
notification script, so the attack notification can run in
real- time every time there is hacking activity on the web
server.
Suggestions and recommendations that need to be
developed for further research in this test are as follows:
1. Implementation of Reverse Proxy and Web Application
Firewall (WAF) can be done with other Operating
Systems besides Linux, including FreeBSD, Macintosh.
2. Implementation of Reverse Proxy and Web Application
Firewall (WAF) can be done using Raspberry Pi, and so
on.
3. To optimize web server, not only use Reverse Proxy
application, you can use Load Balancer, and HAProxy.
4. For security on the web server not only uses Mod
Security, can use more secure and certainly paid
applications such as Comodo Web Application Firewall,
and so on.
5. Notification of attacks on the Web Application Firewall
can also be used by other methods such as e-mail.
REFERENCES
[1] Miniwatts Marketing Group, 2018. Internet World Stats. Website:
https://www.internetworldstats.com/stats.htm, access on 28 October
2018.
[2] Noviyanto, A.B., Erna, K. & Amir, H., 2015. DESIGN AND
IMPLEMENTATION OF LOAD BALANCING REVERSE PROXY
USING HAPROXY IN WEB APPLICATION. Jurnal JARKOM
ISBN:2338-6313, Vol III.
[3] Prismana, I. G. L. P. E., 2016. IMPLEMENTATION OF LOAD
BALANCING ON WEB SERVER USING APACHE, Surabaya:
Jurnal Manajemen Informatika.
[4] Jamain, R. Y., Periyadi & Ismail, S. J. I., 2015. IMPLEMENTATION
OF WEB APPLICATION SECURITY WITH WEB APPLICATION
FIREWALL. E-Proceeding of Applied Science, Vol 1, p. 2191.
[5] Nginx Corporate Inc., 2018. Nginx. [Online]. Website:
https://www.nginx.com/resources/glossary/reverse-proxy-server/
access on 18 October 2018.
[6] Saha, S., 2018. Web Application Firewall-Dot Defender. International
Journal of Computer Science and Mobile Computing, 7(3), pp. 43-50.
[7] Trustwave SpiderLabs, 2019. ModSecurity. [Online]. Website:
https://modsecurity.org/about.html accessed on 21 April 2019
[8] PT Cloud Hosting Indonesia, 2015. Id CloudHost. [Online]. Website:
https://idcloudhost.com/pengertian-web-server-dan-fungsinya/
accessed on 28 October 2018
[9] Aziz, A. & Tampati, T., 2015. Web Server Analysis for Institutional
Hosting Server Development. MULTINETICS, Vol. 1.

459

Authorized licensed use limited to: Univ of Calif Santa Barbara. Downloaded on May 18,2021 at 09:35:09 UTC from IEEE Xplore. Restrictions apply.