International Journal of Advanced Research in Computer and Communication Engineering

Abstract: Web application security continues to be a critical concern as cyber attacks targeting online platforms grow in frequency and sophistication. Traditional Web Application Firewalls (WAFs) provide defense exclusively at the server level, leaving client-side vulnerabilities unaddressed and creating single points of failure. This paper presents a Dual-Layer Proxy-Based Web Application Firewall, a novel security framework that implements protection at both client and server layers through an integrated hybrid intelligence approach. The proposed system combines a browser-based extension with a backend proxy server to detect and block multiple attack categories including SQL Injection, Cross-Site Scripting (XSS), Path Traversal, Command Injection, and Server-Side Request Forgery (SSRF). Unlike conventional single-layer WAFs, this framework employs pattern-matching algorithms at the client side to intercept malicious requests before transmission, while the server layer performs deep packet inspection using advanced regex-based detection rules. The system features a comprehensive management dashboard with real-time attack analytics, domain protection management, and automated PDF report generation. Implemented using Python Flask, Chrome Manifest V3, SQLAlchemy ORM, and Chart.js visualizations, the framework achieves 99.8% attack detection accuracy with minimal performance overhead (less than 5ms client-side latency and approximately 20ms server-side processing time). Experimental validation through structured testing with 50+ attack payloads demonstrates the system's effectiveness in identifying and mitigating security threats while maintaining usability and transparency. This work highlights the significance of defense-in-depth strategies in modern web security and provides a scalable, open-source alternative to commercial WAF solutions.

Keywords: Web Application Firewall, Dual-Layer Security, SQL Injection Detection, Cross-Site Scripting Prevention, Browser Extension, Flask Framework, Cybersecurity.

Downloads: | DOI: 10.17148/IJARCCE.2026.151137