Protecting a web server against attacks
You can protect a web server against attacks using a business application rule.
Objectives
When you complete this unit, you’ll know how to do the following:- Configure a web server to be protected.
- Define protection settings.
- Define a business application rule to protect the web server.
Add an FQDN host
Define a host for the web server.
- Go to and click Add.
-
Specify the settings.
Option Description Name My website FQDN example.com - Click Save.
Configure a web server
Configure a web server to host a website.
Define a protection policy
These settings protect the network against unauthorized access and common threats.
- Go to and click Add.
-
Specify the settings.
Option Description Name Web server protection -
Specify protection settings.
Option Description Pass Outlook anywhere Off Mode Reject Cookie signing Off Static URL hardening On Entry URLs / Form hardening On Anti-virus On Block clients with bad reputation On Skip remote lookups for clients with bad reputation Off Common threat filter On - Click Save.
Define a business application rule
To protect the web server against application exploits, you define a business application rule that uses the WAF template. You specify the web server, authentication settings, and protection settings.
-
Go to Firewall and click .
-
Specify the settings.
Option Description Application template Web server protection (WAF) Rule name Protect my web server 
-
Specify hosted server settings.
Option Description Hosted address #Port1 Domains webserver.example.com 
-
Specify protected server settings.
Option Description Web server list My web server 
-
Specify access permission settings.
Option Description Authentication Basic with passthrough 
-
Specify advanced settings.
Option Description Protection Web server protection 