NUST Institutional Repository
A Cluster Based Fault Tolerant and Highly Available Architecture for Stateful Web Application Firewalls
- DSpace Home
- →
- E-Theses
- →
- SEECS
- →
- Information Technology
- →
- MS
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Ali, Zafar | |
| dc.date.accessioned | 2020-11-05T04:39:52Z | |
| dc.date.available | 2020-11-05T04:39:52Z | |
| dc.date.issued | 2010 | |
| dc.identifier.uri | http://10.250.8.41:8080/xmlui/handle/123456789/9917 | |
| dc.description | Supervisor: Dr. Zahid Anwar | en_US |
| dc.description.abstract | Application layer Firewalls are required to prevent attacks on the top three layers of OSI model i.e. session, presentation and application because traditional network firewalls do not understand attacks directed at disrupting HTTP(S) traffic. Web Application Firewall (WAF) architecture based on a single process does not provides fault tolerance and scalability because it doesn’t utilizes the system resources completely. This thesis proposes a virtual cluster of WAFs in a reverse proxy configuration that aims to solve the problem of resource utilization and scalability by deploying it on multiple machines. The virtual cluster is incremental; it creates on-demand WAF nodes in presence of heavy load. Load balancing among virtual node is stateful to maintain session integrity and transparent fault tolerance mechanism to the users. Solutions for load balancing and fault tolerance exists at the network layer e.g. Heartbeat/Linux package, Ultra Monkey and LVS/Linux but these solutions are limited to application layer. We have implemented an application layer heart beat mechanism for transparent fail over that is adaptive and provides a sophisticated load balancing algorithm without an overhead of probe packets. The central component of our proposed architecture is the Dispatcher that receives HTTP traffic and distributes it among WAF nodes in a round robin fashion. The functionality of the Load balancer component is to provide intelligent routing decisions, handle cache, heart beat mechanisms and fail over. For evaluating the implemented solution the selected WAF product used is SWAF (A Semantic Based Web Application Firewall highly available). SWAF is a java based WAF consisting only of a single JVM process. Evaluation is performed by comparing performance results of SWAF addition or removal of our virtual cluster architecture with multiple SWAF nodes. Benchmark results show that load balancer with 8 and 12 SWAF nodes increased the performance(in terms of response time, data transferred in KB and error ratio) of the system significantly when the number of users are increased to tens of thousands in presence of session-based attack traffic and SWAF still performed detection correctly. | en_US |
| dc.publisher | SEECS, National University of Science and Technology, Islamabad. | en_US |
| dc.subject | Information Technology, Web Application Firewalls | en_US |
| dc.title | A Cluster Based Fault Tolerant and Highly Available Architecture for Stateful Web Application Firewalls | en_US |
| dc.type | Thesis | en_US |
Files in this item
This item appears in the following Collection(s)
-
MS [432]