<![CDATA[This research aims to design and implement a Web Application Firewall (WAF) based on the OWASP Core Rule Set (CRS) to enhance web application protection against SQL Injection attacks. The study was conducted in the web environment of the State Polytechnic of Ujung Pandang, which has more than 80 active subdomains with uniform server configurations, mostly using vulnerable CMSs such as WordPress. The proposed solution integrates Coraza, a Go-based WAF engine, into the Nginx reverse proxy system. The system includes a web-based control panel, JSON-formatted logging, and Redis support for efficient traffic mapping and storage, enabling flexible management of multiple domains. A key contribution of this study is the implementation of a centralized WAF management approach capable of securing more than 80 subdomains within a unified configuration environment. Tests were carried out using five SQL Injection scenarios: URL parameters, form-data, x-www-form-urlencoded, JSON API, and automated tools such as SQLMap. Without WAF, all attacks successfully penetrated the system, whereas with WAF activated, all tested payloads were successfully blocked, manual and automated, was effectively blocked, indicating a significant improvement in defense capability. These results demonstrate that the developed WAF system provides strong protection against SQL Injection attacks and indicate strong potential for enhancing web application security against SQL Injection attacks.]]>
Copyrights © 2026
