Enabling Consistent Stateful Security in Distributed Web Application Firewalls: A Framework for Scalable Cloud Environment

Abstract

The rapid adoption of cloud-native infrastructures has highlighted a critical limitation in existing Web Application Firewalls (WAFs): their stateless design restricts consistent enforcement of security policies across distributed environments. This research addresses this gap by designing and evaluating a portable persistence module for open-source WAFs, enabling stateful security enforcement through integration with distributed data stores. Guided by the principles of design science research [1], the study develops a pluggable framework that supports both Redis and Memcached as backends. Redis is widely recognized for its durability and advanced data structures [2], while Memcached offers lightweight, in-memory caching optimized for speed [3]. By embedding the module within ModSecurity v3 [4] and deploying it on AWS cloud infrastructure, the research benchmarks the comparative performance of Redis and Memcached under simulated traffic and attack scenarios, including Distributed Denial of Service (DDoS) conditions [5]. Evaluation metrics include latency overhead, throughput, memory utilization, and resilience under node failures. Preliminary results indicate that Redis achieves superior consistency and resilience, albeit with higher memory consumption, while Memcached provides lower latency at the cost of weaker fault tolerance. Beyond technical performance, the research contributes a generalizable, portable framework that can be embedded into other open-source WAFs, expanding their applicability in distributed and multi-tenant environments. Both artifact and empirical evaluation contributions positions the work as a step forward in bridging distributed systems and web security, while also providing a foundation for future enhancements such as adaptive, machine-learning-based intrusion prevention [6].