Protecting a web server against attacks

You can protect a web server against attacks using a business application rule.

Objectives

When you complete this unit, you’ll know how to do the following:
  • Configure a web server to be protected.
  • Define protection settings.
  • Define a business application rule to protect the web server.

Add an FQDN host

Define a host for the web server.

  1. Go to Hosts and services > FQDN host and click Add.
  2. Specify settings.
    OptionDescription
    Name My website
    FQDN example.com
  3. Click Save.

Configure a web server

Configure a web server to host a website.

  1. Go to Web server > Web servers and click Add.
  2. Specify settings.
    Note For settings not listed here, use the default value.
    OptionDescription
    Name My web server
    Host My website
  3. Click Save.

Define a protection policy

These settings protect the network against unauthorized access and common threats.

  1. Go to Web server > Protection policies and click Add.
  2. Specify settings.
    OptionDescription
    Name Web server protection
  3. Specify protection settings.
    OptionDescription
    Pass Outlook anywhere Off
    Mode Reject
    Cookie signing Off
    Static URL hardening On
    Entry URLs /
    Form hardening On
    Anti-virus On
    Block clients with bad reputation On
    Skip remote lookups for clients with bad reputation Off
    Common threat filter On
  4. Click Save.

Define a business application rule

To protect the web server against application exploits, you define a business application rule that uses the WAF template. You specify the web server, authentication settings, and protection settings.

  1. Go to Firewall and click + Add firewall rule > Business application rule.
  2. Specify settings.
    OptionDescription
    Application template Web server protection (WAF)
    Rule name Protect my web server
  3. Specify hosted server settings.
    OptionDescription
    Hosted address #Port1
    Domains webserver.example.com
  4. Specify protected server settings.
    OptionDescription
    Web server list My web server
  5. Specify access permission settings.
    OptionDescription
    Authentication Basic with passthrough
  6. Specify advanced settings.
    OptionDescription
    Protection Web server protection
  7. Click Save.
The web server is protected against the attacks specified by the protection policy.