Método para la detección y prevención de ataques web mediante la parametrización de un proxy reverso basado en software libre.

Abstract

The aim was to propose a method to detect and prevent the more common web attacks through parameterizing directives and rules on a web server to function as a reverse proxy based on free software. The infrastructures used as a reverse proxy were; Apache+Mod_Security, Nginx+Naxsi and Hiawatha, these have characteristics of security that were studied, analysed and validated through laboratory tests in different scenarios. When comparing the three protected infrastructures, it was observed that the Apache+Mood_security tool is the one that offers a greater capacity of detection and prevention to the types of web attacks carried out such as; SQLi, XSS, brute force, command injection, CSRF, among others, since it detected the 90% of the attacks and neutralized the 80% of them. Unlike the Nginx+Naxsi tool detects and corrects 60% of attacks and Hiawatha that does so in 70% of cases. It was concluded that the reverse proxy was based on infrastructure Apache+Mod_security provided greater benefits for the detection and prevention of the most critical risks in web applications according to the top 10 of the OWASP principle, therefore, it was created a package that contains the parameterization of the mentioned tool based on free software, and thus provide to the computer security immersed staff a method that serves to improve the defence of dynamic sites against web attacks. The use of the reverse proxy is recommended as complementary security, but not as a main security in front of a web application. The main security must be approached in the development phase of a web application.