Protect a web server against attacks

You can protect a web server against attacks using a firewall rule.

Objectives

When you complete this unit, you’ll know how to do the following:
  • Configure a web server to be protected.
  • Define protection settings.
  • Define a firewall rule to protect the web server.

Add an FQDN host

Define a host for the web server.

  1. Go to Hosts and services > FQDN host and click Add.
  2. Specify the settings.
    OptionDescription
    Name My website
    FQDN example.com
  3. Click Save.

Configure a web server

Configure a web server to host a website.

  1. Go to Web server > Web servers and select Add.
  2. Specify the settings.
    Note For settings not listed here, use the default value.
    OptionDescription
    Name My web server
    Host My website
  3. Click Save.

Define a protection policy

These settings protect the network against unauthorized access and common threats.

  1. Go to Web server > Protection policies and select Add.
  2. Specify the settings.
    OptionDescription
    Name Web server protection
  3. Specify protection settings.
    OptionDescription
    Pass Outlook anywhere Off
    Mode Reject
    Cookie signing Off
    Static URL hardening On
    Entry URLs /
    Form hardening On
    Antivirus On
    Block clients with bad reputation On
    Skip remote lookups for clients with bad reputation Off
    Common threat filter On
  4. Click Save.

Define a firewall rule

To protect the web server against application exploits, you define a firewall rule that uses the WAF template. You specify the web server, authentication settings, and protection settings.

  1. Go to Rules and policies > Firewall rules. Select IPv4 or IPv6 protocol and select Add firewall rule. Select New firewall rule.
  2. Specify the settings.
    OptionDescription

    Rule name

    Protect my web server

    Action

    Protect with web server protection

  3. Specify hosted server settings.
    OptionDescription
    Hosted address #Port1
    Domains webserver.example.com
  4. Specify protected server settings.
    OptionDescription
    Web server list My web server
  5. Specify access permission settings.
    OptionDescription

    Allowed client networks

    Any IPv4
    Authentication Basic with passthrough
  6. Specify advanced settings.
    OptionDescription
    Protection Web server protection policy
  7. Click Save.
The web server is protected from the attacks specified by the protection policy.