Home Publications Research Grants Inventions & Patents Awards Additional Research Activities Faculties & Institutions Research Areas

Towards a Framework of Configuring and Evaluating ModSecurity WAF on Tomcat and Apache Web Servers

Abdullahi I, Abdullahi B, Adesina S (2019)

---

Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2019

Publisher: IEEE

Conference Proceedings Title: 2019 15th International Conference on Electronics, Computer and Computation (ICECCO)

Event location: Abuja, Nigeria

ISBN: 978-1-7281-5160-1

URI: https://ieeexplore.ieee.org/document/9043209

DOI: 10.1109/ICECCO48375.2019.9043209

Abstract

Open-source software has slowly infiltrated the enterprise space because the products tend to be cheaper, flexible, and secure in comparison to propriety products. However, open-source software incurs the cost of beavering to acquire professionals to, customize the product in meeting expectations, support fixes and in extending the product to a wide range of capabilities. ModSecurity is an open-source web application firewall (WAF) developed explicitly for Apache, and technically only listens to HTTP port 80. This study utilized the agility and flexibility property of open-source software to design a framework of configuring Apache module ModSecurity WAF to communicate with Tomcat server (which runs explicitly on HTTP port 8080). Furthermore, using suitable penetration testing methodology, this study investigates and compares the effectiveness of ModSecurity WAF in both Apache and Tomcat environments. ModSecurity WAF limitations were also investigated. In addition to providing a framework for configuring ModSecurity on Tomcat server, this study provides an understanding of web application vulnerabilities, the techniques used to exploit them and the mitigation mechanisms to address them.

Authors with CRIS profile

Additional Organisation(s)

How to cite

APA:

Abdullahi, I., Abdullahi, B., & Adesina, S. (2019). Towards a Framework of Configuring and Evaluating ModSecurity WAF on Tomcat and Apache Web Servers. In 2019 15th International Conference on Electronics, Computer and Computation (ICECCO). Abuja, Nigeria: IEEE.

MLA:

Abdullahi, Imrana, Babangida Abdullahi, and Steve Adesina. "Towards a Framework of Configuring and Evaluating ModSecurity WAF on Tomcat and Apache Web Servers." Proceedings of the 2019 15th International Conference on Electronics, Computer and Computation (ICECCO), Abuja, Nigeria IEEE, 2019.

BibTeX: Download