Cost-Effective DDoS Mitigation: Leveraging Nginx Reverse Proxy for Enhanced Server Protection
Abstract
The problem addressed in this research is the vulnerability of servers to Distributed Denial of Service (DDoS) attacks, which lead to disruptions, financial losses, and the loss of user trust due to frequent downtime. To mitigate this issue, a cost-effective solution utilizing Nginx reverse proxy servers was proposed. This research aimed to enhance server resilience against DDoS threats while minimizing operational costs. The primary contribution of this study is the introduction of an innovative approach to DDoS mitigation, emphasizing practical implementation steps. The methodology involved configuring a public server with Nginx and DDoS protection capabilities alongside setting up a private server in an office environment. A reverse proxy using Nginx was deployed to filter incoming traffic and counter DDoS attacks. The main outcomes of the research demonstrate successful mitigation of DDoS attacks, significantly reducing their impact on the private server. Testing on both Layers 3 and Layer 4 confirmed the effectiveness of the approach. The methodology's emphasis on practical implementation steps ensures seamless integration into existing infrastructure. In conclusion, this research offers a practical and budget-friendly solution for organizations seeking to enhance their resilience against DDoS threats. By leveraging Nginx reverse proxy servers, servers lacking dedicated protection can effectively safeguard against DDoS attacks, highlighting the importance of proactive measures in cybersecurity.
References
Yuan, X., Li, C., & Li, X. (2017, May). DeepDefense: identifying DDoS attack via deep learning. In 2017 IEEE international conference on smart computing (SMARTCOMP) (pp. 1-8). IEEE.
Joosten, R. and Nieuwenhuis, L.J., 2017, March. Analysing the impact of a DDoS attack announcement on victim stock prices. In 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP) (pp. 354-362). IEEE.
N. Innab and A. Alamri, "The Impact of DDoS on E-commerce," 2018 21st Saudi Computer Society National Computer Conference (NCC), Riyadh, Saudi Arabia, 2018, pp. 1-4, doi: 10.1109/NCG.2018.8593125.
Reese, W., 2008. Nginx: the high-performance web server and reverse proxy. Linux Journal, 2008(173), p.2.
Anwar, R.W., Abdullah, T. and Pastore, F., 2021. Firewall best practices for securing smart healthcare environment: A review. Applied Sciences, 11(19), p.9183.
Obaid, H.S. and Abeed, E.H., 2020. DoS and DDoS attacks at OSI layers. International Journal of Multidisciplinary Research and Publications, 2(8), pp.1-9.
Eddy, W., 2007. TCP SYN flooding attacks and common mitigations (No. rfc4987).
Mansfield-Devine, S., 2011. DDoS: threats and mitigation. Network Security, 2011(12), pp.5-12.
Hitchcock, K., Linux System Administration for the 2020s.
Swami, R., Dave, M. and Ranga, V., 2021. Detection and analysis of TCP-SYN DDoS attack in software-defined networking. Wireless Personal Communications, 118, pp.2295-2317.
Shah, S.Q.A., Khan, F.Z. and Ahmad, M., 2021. The impact and mitigation of ICMP based economic denial of sustainability attack in cloud computing environment using software defined network. Computer Networks, 187, p.107825.
Mughal, A.A., 2020. Cyber Attacks on OSI Layers: Understanding the Threat Landscape. Journal of Humanities and Applied Science Research, 3(1), pp.1-18.
Florackis, C., Louca, C., Michaely, R. and Weber, M., 2023. Cybersecurity risk. The Review of Financial Studies, 36(1), pp.351-407.
Mishra, A., Sharma, S. and Pandey, A., 2020, March. A review on DDOS attack, TCP flood attack in cloud environment. In Proceedings of the International Conference on Innovative Computing & Communications (ICICC).
Abubakar, R., Aldegheishem, A., Majeed, M.F., Mehmood, A., Maryam, H., Alrajeh, N.A., Maple, C. and Jawad, M., 2020. An effective mechanism to mitigate real-time DDoS attack. IEEE Access, 8, pp.126215-126227.
Miano, S., Bertrone, M., Risso, F., Bernal, M.V., Lu, Y. and Pi, J., 2019. Securing Linux with a faster and scalable iptables. ACM SIGCOMM Computer Communication Review, 49(3), pp.2-17.
Fjordvald, M.B. and Nedelcu, C., 2018. Nginx HTTP Server: Harness the power of Nginx to make the most of your infrastructure and serve pages faster than ever before. Packt Publishing Ltd.
Alhijawi, B., Almajali, S., Elgala, H., Salameh, H.B. and Ayyash, M., 2022. A survey on DoS/DDoS mitigation techniques in SDNs: Classification, comparison, solutions, testing tools and datasets. Computers and Electrical Engineering, 99, p.107706.
Rai, A. and Challa, R.K., 2016, February. Survey on recent DDoS mitigation techniques and comparative analysis. In 2016 Second International Conference on Computational Intelligence & Communication Technology (CICT) (pp. 96-101). IEEE.
Adi, N. H., Wahdi, Y. W., Dewi, I. P., Lubis, A. L., & Devega, A. T. (2022). The effectiveness of learning media as a supporter of online learning in computer networking courses. Jurnal Teknologi Informasi dan Pendidikan, 14(3), 278-283.
P. Wurzinger, C. Platzer, C. Ludl, E. Kirda and C. Kruegel, "SWAP: Mitigating XSS attacks using a reverse proxy," 2009 ICSE Workshop on Software Engineering for Secure Systems, Vancouver, BC, Canada, 2009, pp. 33-39, doi: 10.1109/IWSESS.2009.5068456.
Hendra, R., & Hanita, M. (2020). The Implementation of Cyber Incident Management Frameworks in Indonesia. Jurnal Teknologi Informasi dan Pendidikan, 13(2), 9-16.
Muttaqin, I. K., Maesaroh, S. S., & Herdiana, O. (2024). Analysis of Information Security Awareness of E-Commerce Users Among Micro Small Medium Enterprises. Jurnal Teknologi Informasi dan Pendidikan, 17(1), 149-160.
Pardosi, V. B. A., Kom, S., Karim, A., TI, M., Ilham, R., Kom, M., ... & Wijaya, A. (2024). SISTEM KEAMANAN KOMPUTER. CV Rey Media Grafika.
Pardosi, V. B. A., Deta, B., Nugroho, F., & Vandika, A. Y. (2024). Sistem Keamanan Informasi. PT Mafy Media Literasi Indonesia.
Copyright (c) 2024 Jurnal Teknologi Informasi dan Pendidikan
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
.png)
