Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Protect a web server against attacks

You can protect a web server against attacks using a firewall rule.

Objectives

When you complete this unit, you'll know how to do the following:

  • Configure a web server to be protected.
  • Define protection settings.
  • Define a firewall rule to protect the web server.

Add an FQDN host

Define a host for the web server.

  1. Go to Hosts and services > FQDN host and click Add.
  2. Specify the settings.

    Option Description
    Name My website
    FQDN example.com
  3. Click Save.

Configure a web server

Configure a web server to host a website.

  1. Go to Web server > Web servers and select Add.
  2. Specify the settings.

    Note

    For settings not listed here, use the default value.

    Option Description
    Name My web server
    Host My website
  3. Click Save.

Define a protection policy

These settings protect the network against unauthorized access and common threats.

  1. Go to Web server > Protection policies and select Add.
  2. Specify the settings.

    Option Description
    Name Web server protection
  3. Specify protection settings.

    Option Description
    Pass Outlook anywhere Off
    Mode Reject
    Cookie signing Off
    Static URL hardening On
    Entry URLs /
    Form hardening On
    Antivirus On
    Block clients with bad reputation On
    Skip remote lookups for clients with bad reputation Off
    Common threat filter On
  4. Click Save.

Define a firewall rule

To protect the web server against application exploits, you define a firewall rule that uses the WAF template. You specify the web server, authentication settings, and protection settings.

  1. Go to Rules and policies > Firewall rules, select protocol IPv4 or IPv6, and click Add firewall rule. Select New firewall rule.
  2. Specify the settings.

    Option Description
    Rule name Protect my web server
    Action Protect with web server protection
  3. Specify hosted server settings.

    Option Description
    Hosted address #Port1
    Domains webserver.example.com
  4. Specify protected server settings.

    Option Description
    Web server list My web server
  5. Specify access permission settings.

    Option Description
    Allowed client networks Any IPv4
    Authentication Basic with passthrough
  6. Specify advanced settings.

    Option Description
    Protection Web server protection policy
  7. Click Save.

The web server is protected from the attacks specified by the protection policy.

More resources