Exploring the use of Iptables as an Application Layer Firewall

Application layer attacks pose as a grievous threat to the valuable information stored at Web servers for its illegitimate access. These attacks exploit certain protocols being used by an application of the targeted server, and at network level, these can only be intercepted by reading the contents of the packets before they reach the victim machine. This paper explores the use of Iptables for mitigating such application layer attacks, namely SQL injection, Cross-Site Scripting (XSS), HTTP Flood, FTP Flood and FTP Bounce attacks. The signature keywords used for articulating these attacks were first identified, and then, the new customized Iptables rules were laid for detection and mitigation of these attacks. The Iptables rules were tested on an experimental setup in a real network, and it was found that these rules could successfully detect the attack with the system performance degradation of only about 1% and therefore are easy to implement for configuring a lightweight security solution for application servers.