ModSecurity Web应用防火墙可用性的探索与改进

2021 International Conference on Information Security and Cryptology (ISCTURKEY) Pub Date : 2021-12-02 DOI:10.1109/ISCTURKEY53027.2021.9654294

Murat Alagoz, Mevlut Serkan Tok, K. Bicakci

{"title":"ModSecurity Web应用防火墙可用性的探索与改进","authors":"Murat Alagoz, Mevlut Serkan Tok, K. Bicakci","doi":"10.1109/ISCTURKEY53027.2021.9654294","DOIUrl":null,"url":null,"abstract":"ModSecurity is an open-source web application firewall. The correct configuration is key to its effective operation but could be tricky since usability flaws could lead to errors and misconfiguration, threatening the security and availability. In this study, we first conduct the usability inspection of ModSecurity through a hybrid approach consisting of heuristic evaluation and cognitive walkthrough. We find out that ModSecurity has no feedback for semantic errors or successful rule implementation during the rule entry process, and the webserver goes down if there is a syntax error in any implemented rule. We propose a rule checking and feedback mechanism to mitigate these drawbacks. Then, we perform a between-subjects user study to evaluate the effectiveness and usability of our proposed method. The results indicate that unsuccessful rule entry rate and syntax error-related web server downtime significantly reduced with the rule checking and feedback mechanism introduced to ModSecurity. Thereby, we improve ModSecurity’s effectiveness as well as the level of security and availability of ModSecurity-protected web servers.","PeriodicalId":383915,"journal":{"name":"2021 International Conference on Information Security and Cryptology (ISCTURKEY)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Exploring and Improving the Usability of ModSecurity Web Application Firewall\",\"authors\":\"Murat Alagoz, Mevlut Serkan Tok, K. Bicakci\",\"doi\":\"10.1109/ISCTURKEY53027.2021.9654294\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ModSecurity is an open-source web application firewall. The correct configuration is key to its effective operation but could be tricky since usability flaws could lead to errors and misconfiguration, threatening the security and availability. In this study, we first conduct the usability inspection of ModSecurity through a hybrid approach consisting of heuristic evaluation and cognitive walkthrough. We find out that ModSecurity has no feedback for semantic errors or successful rule implementation during the rule entry process, and the webserver goes down if there is a syntax error in any implemented rule. We propose a rule checking and feedback mechanism to mitigate these drawbacks. Then, we perform a between-subjects user study to evaluate the effectiveness and usability of our proposed method. The results indicate that unsuccessful rule entry rate and syntax error-related web server downtime significantly reduced with the rule checking and feedback mechanism introduced to ModSecurity. Thereby, we improve ModSecurity’s effectiveness as well as the level of security and availability of ModSecurity-protected web servers.\",\"PeriodicalId\":383915,\"journal\":{\"name\":\"2021 International Conference on Information Security and Cryptology (ISCTURKEY)\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Information Security and Cryptology (ISCTURKEY)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCTURKEY53027.2021.9654294\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Information Security and Cryptology (ISCTURKEY)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCTURKEY53027.2021.9654294","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

ModSecurity是一个开源的web应用防火墙。正确的配置是其有效操作的关键，但也可能很棘手，因为可用性缺陷可能导致错误和错误配置，从而威胁到安全性和可用性。在本研究中，我们首先通过启发式评估和认知演练的混合方法对ModSecurity进行可用性检查。我们发现，在规则输入过程中，ModSecurity对语义错误或成功的规则实现没有反馈，如果在任何实现的规则中存在语法错误，web服务器就会关闭。我们提出了一种规则检查和反馈机制来减轻这些缺点。然后，我们进行了一个受试者之间的用户研究来评估我们提出的方法的有效性和可用性。结果表明，引入规则检查和反馈机制后，规则输入失败率和语法错误相关的web服务器停机时间显著减少。因此，我们提高了ModSecurity的有效性，以及ModSecurity保护的web服务器的安全性和可用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Exploring and Improving the Usability of ModSecurity Web Application Firewall

ModSecurity is an open-source web application firewall. The correct configuration is key to its effective operation but could be tricky since usability flaws could lead to errors and misconfiguration, threatening the security and availability. In this study, we first conduct the usability inspection of ModSecurity through a hybrid approach consisting of heuristic evaluation and cognitive walkthrough. We find out that ModSecurity has no feedback for semantic errors or successful rule implementation during the rule entry process, and the webserver goes down if there is a syntax error in any implemented rule. We propose a rule checking and feedback mechanism to mitigate these drawbacks. Then, we perform a between-subjects user study to evaluate the effectiveness and usability of our proposed method. The results indicate that unsuccessful rule entry rate and syntax error-related web server downtime significantly reduced with the rule checking and feedback mechanism introduced to ModSecurity. Thereby, we improve ModSecurity’s effectiveness as well as the level of security and availability of ModSecurity-protected web servers.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 International Conference on Information Security and Cryptology (ISCTURKEY)

自引率

0.00%

发文量