Article ID: 2024DAK0002
Content management systems (CMS) simplify website creation, allowing people without specialized skills, such as designers and corporate public relations departments, to publish their web services. Although the Internet has become more convenient to use, published web services are at risk of various attacks. To realize secure web services, it is essential to incorporate security functions such as user authentication and authorization as well as the detection and blocking of malicious HTTP requests. However, it is difficult to understand and implement appropriate security measures when creating website content. Therefore, this study proposes A+Block, a reverse-proxy-based web security add-on service that provides authentication, authorization, and web application firewall functions for web services. A+Block allows web-service developers to implement these security features by simply pointing to their website uniform resource locators, without the need to modify their websites. By separating the core web-service functionality from security features and offering proxy configuration templates, A+Block simplifies the security implementation for websites and minimizes the configuration burden on web-service operators. We conducted an availability assessment of A+Block and a difficulty assessment of the adoption of WAF, authentication, and authorization in existing web security products. To evaluate the impact of A+Block on web-service availability, we conducted tests on 30 webpages created using the top 30 most frequently used WordPress plugins. Moreover, to evaluate the ease of adoption of A+Block in comparison with existing products, we analyzed the implementation documentation provided by Amazon Web Services (AWS) and Cloudflare. The results confirmed that the solution allows for simple implementation of security functions for web services without compromising their availability.
