Enhancing Web Application Security with Open-AppSec WAF on CDN Infrastructure

  • Andi Yusdar Al Imran Politeknik Negeri Ujung Pandang, Indonesia
  • Muhammad Nur Yasir Utomo Politeknik Negeri Ujung Pandang, Indonesia
  • Iin Karmila Yusri Politeknik Negeri Ujung Pandang, Indonesia
DOI: 10.51519/journalisi.v7i3.1218
Keywords: Open-Appsec, Web Application Firewall, CDN, Web Security, OWASP, Machine Learning

Abstract

The increasing number of cyberattacks targeting web applications has made security a critical concern, with vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Broken Authentication, and Cross-Site Request Forgery (CSRF) remaining prevalent in the OWASP Top 10. These threats can lead to data breaches, service disruption, and reputational damage if not properly mitigated. To address this issue, an infrastructure combining Open-AppSec Web Application Firewall (WAF) and Varnish Cache Content Delivery Network (CDN) was implemented on a Moodle-based e-learning platform within a virtualized Proxmox VE environment. Security testing was conducted using OWASP ZAP and Burp Suite under two scenarios: without WAF and with WAF. In the first scenario, OWASP ZAP detected multiple vulnerabilities, and Burp Suite confirmed successful exploitation with 200 OK responses. In the second scenario, all vulnerabilities were eliminated, and all simulated attacks returned 403 Forbidden responses, indicating complete mitigation. Performance tests revealed a manageable overhead, with throughput reaching 115.4 req/sec at 1000 concurrent users, accompanied by a slight increase in response time and latency. These results demonstrate that integrating Open-AppSec with CDN infrastructure can effectively protect against application-layer attacks while maintaining optimal content delivery performance. Limitations of this study include testing within a simulated environment; therefore, future work could validate these findings on larger-scale systems and with real-world traffic to assess broader generalizability.

Downloads

Download data is not yet available.

References

R. Riska and H. Alamsyah, “Penerapan Sistem Keamanan Web Menggunakan Metode Web Aplication Firewall,” J. Amplif. J. Ilm. Bid. Tek. ELEKTRO DAN Komput., vol. 11, no. 1, 2021, doi: 10.33369/jamplifier.v11i1.16683.

R. Irfan and C. Y. Pratama, “Improvement of Performance E-Learning Moodle Service in Vocational High School with Optimization of Web Server and Database Server,” Elinvo (Electronics, Informatics, Vocat. Educ., vol. 9, no. 1, pp. 52–63, 2024, doi: 10.21831/elinvo.v9i1.42878.

S. V. Pingale and S. R. Sutar, “Analysis of Web Application Firewalls, Challenges, and Research Opportunities,” Lect. Notes Electr. Eng., vol. 783, no. January 2022, pp. 239–248, 2022, doi: 10.1007/978-981-16-3690-5_21.

L. Gao and X. Zhu, “ICN-Based Enhanced Content Delivery for CDN,” Futur. Internet, vol. 15, no. 12, 2023, doi: 10.3390/fi15120390.

A. Ghasemi and A. Ahmadi, “Cache management in content delivery networks using the metadata of online social networks,” Comput. Commun., vol. 189, pp. 11–17, 2022, doi: 10.1016/j.comcom.2022.02.021.

A. H. Ibrahim, Z. T. Fayed, and H. M. Faheem, “Fog-based CDN framework for minimizing latency of web services using fog-based HTTP browser,” Futur. Internet, vol. 13, no. 12, 2021, doi: 10.3390/fi13120320.

V. Sathiyamoorthi, P. Suresh, N. Jayapandian, P. Kanmani, M. Deva Priya, and S. Janakiraman, “An intelligent web caching system for improving the performance of a web-based information retrieval system,” Int. J. Semant. Web Inf. Syst., vol. 16, no. 4, 2020, doi: 10.4018/IJSWIS.2020100102.

D. Laksmiati, "Implementasi Content Delivery Network (CDN) untuk optimasi kecepatan akses website," Akrab Juara: Jurnal Ilmu-ilmu Sosial, vol. 5, no. 1, pp. 49-56, 2020.

Z. Li and W. Meng, “Mind the Amplification: Cracking Content Delivery Networks via DDoS Attacks,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2021. doi: 10.1007/978-3-030-86130-8_15.

R. A. Muzaki, O. C. Briliyant, M. A. Hasditama, and H. Ritchi, “Improving Security of Web-Based Application Using ModSecurity and Reverse Proxy in Web Application Firewall,” 2020 Int. Work. Big Data Inf. Secur. IWBIS 2020, no. December, pp. 85–90, 2020, doi: 10.1109/IWBIS50925.2020.9255601.

I. D. Wiradyaksa, D. H. Putri, R. M. Iqbal, N. H. Astari, N. Karna, and F. Dewanta, "Design and Implementation of Automated Web Application Firewall, Rate Limiting, and Intrusion Detection System for Cyber Defense," in 2024 8th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE), Aug. 2024, pp. 256-261.

F. Vrbić, "Analiza mogućnosti različitih API vatrozida i testiranje njihove primjene za PSD2," Ph.D. dissertation, University of Zagreb, Faculty of Electrical Engineering and Computing, 2024.

D. Laksmiati, “Implementasi Content Delivery Network (Cdn) Untuk Optimasi Kecepatan Akses Website,” Akrab Juara, vol. 5, no. 1, 2020.

M. N. Y. Utomo, E. Tungadi, and W. Khartika, "Enhancing web performance for e-learning platform using content delivery network (CDN) and varnish cache," Journal of Information Systems and Informatics, vol. 7, no. 1, pp. 831-847, 2025, doi: 10.51519/journalisi.v7i1.993.

R. Chandra and A. T. Sitorus, "Virtualisasi Server menggunakan Proxmox untuk mengoptimalkan Resource Server pada SMK Bhakti Persada," Jurnal Multidisiplin Ilmu Akademik, vol. 1, no. 2, pp. 69-80, 2024.

S. Dwiyatno, E. Rachmat, A. P. Sari, and O. Gustiawan, “Implementasi Virtualisasi Server Berbasis Docker Container,” PROSISKO J. Pengemb. Ris. dan Obs. Sist. Komput., vol. 7, no. 2, 2020, doi: 10.30656/prosisko.v7i2.2520.

A. R. Ekaputra and A. S. Affandi, “Pemanfaatan layanan cloud computing dan docker container untuk meningkatkan kinerja aplikasi web,” J. Inf. Syst. Appl. Dev., vol. 1, no. 2, pp. 138–147, 2023, doi: 10.26905/jisad.v1i2.11084.

S. Applebaum, T. Gaber, and A. Ahmed, “Signature-based and Machine-Learning-based Web Application Firewalls: A Short Survey,” Procedia CIRP, vol. 189, no. 2019, pp. 359–367, 2021, doi: 10.1016/j.procs.2021.05.105.

I. Gusti, N. Bagus, D. Wiradyaksa, N. Bogi, and A. Karna, “Desain Dan Implementasi Web Application Firewall Dan Rate Limiting Untuk Cyber Defense,” eProceedings Eng., vol. 11, no. 6, pp. 1–5, 2024.

G. H. A. Kusuma, “Perancangan Skema Sistem Keamanan Jaringan Web Server menggunakan Web Application Firewall dan Fortigate untuk Mencegah Kebocoran Data di Masa Pandemi Covid-19,” J. Informatics Adv., vol. 2, no. 2, pp. 1–4, 2021.

R. Laipaka, “Menerapkan Teknik Firewall Aplikasi Web (WAF) Pada Aplikasi SINTEL Untuk Mengatasi Serangan Siber,” Pros. Semin. Nas. Inov. dan Adopsi Teknol., vol. 4, no. 1, pp. 1–10, 2024, doi: 10.35969/inotek.v4i1.407.

S. Karanam, "Ransomware detection using windows API calls and machine learning," Ph.D. dissertation, Virginia Tech, 2023.

M. Encep, A. Hidayatullah, H. Hidayat, M. Z. I. Fauzi, and N. A. Syafitri, "Implementasi Sistem Operasi Server Linux Ubuntu untuk Server NAS menggunakan TRUENAS," Karimah Tauhid, vol. 3, no. 10, pp. 11338-11346, 2024.

D. Kartika, R. Riska, and Y. Mardiana, “Dns Server And Web Server Simulation With Debian Operating System On Local Area Network,” J. Media Comput. Sci., vol. 2, no. 1, pp. 83–92, 2023, doi: 10.37676/jmcs.v2i1.3439.

Reza. Aditama; Edi. Negara, “Pemindai Kerentanan Terhadap Website Jago Masak Dengan Metode Pengujian Penetrasi OWASP ZAP,” J. Mantik, vol. 6, no. 3, pp. 3406–3412, 2022.

A. Subari, S. Manan, E. Ariyanto, and A. Fauzi, “Pemanfaatan Metode Wavs (Web Application Security Scanners) Menggunakan Burp Suite Tools Dalam Audit Teknis Keamanan Sistem Informasi Surat Tugas Sekolah Vokasi Undip,” Gema Teknol., vol. 21, no. 4, pp. 125–130, 2021, [Online]. Available: http://st2.vokasi.undip.ac.id

R. T. Fielding, M. Nottingham, and J. Reschke, “RFC 9110: HTTP Semantics,” no. c, pp. 1–194, 2022.

S. Dhote, S. Singh, D. D. Raigar, and A. Magdum, "A Comprehensive Survey of ML-Based WAFS with Signature and Anomaly Detection," Strad Research, vol. 11, no. 4, pp. 54-59, April 2024.

Published
2025-09-30
Abstract views: 19 times
Download PDF: 9 times
How to Cite
Al Imran, A., Utomo, M., & Yusri, I. (2025). Enhancing Web Application Security with Open-AppSec WAF on CDN Infrastructure. Journal of Information Systems and Informatics, 7(3), 2710-2725. https://doi.org/10.51519/journalisi.v7i3.1218
Issue
Vol 7 No 3 (2025): September
Section
Articles

Copyright (c) 2025 Journal of Information Systems and Informatics

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

  1. I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
  2. I certify that all authors have approved the publication of this and there is no conflict of interest.
  3. I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
  4. I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
  5. I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
  6. I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
  7. If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
  8. I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)