Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sudeshnapal12/Web-Application-Firewall

Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, XSS attacks and from unknown attacks by learning the legitimate traffic.
https://github.com/sudeshnapal12/Web-Application-Firewall

apache web-application-firewall

Last synced: 21 days ago
JSON representation

Designed and Implemented a Web Application Firewall as an Apache module that "sits" in-front of a web server. The WAF is designed to stop malicious requests from known attacks such as SQL Injection, XSS attacks and from unknown attacks by learning the legitimate traffic.

Awesome Lists containing this project

README

        


Web Application Firewall
Introduction
---------------------------------------------------------------

A Web Application Firewall (WAF) is an HTTP application firewall,
which sits in front of the application server and monitors all the
incoming traffic. The WAF has been implemented as an Apache Module.

Execution steps
---------------------------------------------------------------

-Load the module in the Apache server using the command
$ make all reload

-Change directory path to point to the module's folder in the script build.sh

-Set the module's handler in etc/apache2/apache2.conf
-"waf" is the name of the module.

SetHandler waf

-Run the following command to build the module.
$./build.sh

-To test the module on the local machine, open browser and type:
localhost/

Design
---------------------------------------------------------------
The WAF is implemented as an Apache module for Apache HTTP server.
The WAF filters out malicious requests in two phases, signature
checks for known attacks and anomaly detection for unknown attacks.

Signature:
The known attack formats are defined in the signatures file. The WAF
checks the request for malicious attacks based on the signatures and
guards against them. New signatures can be added in the file.

Anomaly Detection:
For never seen before attacks, we first collect information about
legitimate traffic and then later based on the collected information,
requests which look vastly different from the legitimate requests
are discarded.

Implementation
---------------------------------------------------------------
The signatures are defined in a file in an encoded format which are
used by the WAF to check for attacks.
For anomaly detection, the collected information about legitimate traffic
stored in file system. The data stored in files is encrypted so as to
avoid misuse of the data from the adversaries.

Contributors
---------------------------------------------------------------
Amogh Avadhani
Ankit Agrahari
Prachi Poddar
Sudeshna Pal

Passcode : CSE509PROJECT

-------------------Copyright 2016, All rights reserved----------------------------