Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=web-server

Web server

You can protect web servers against Layer 7 (application) vulnerability exploits, such as cookie, URL, and form manipulation. You can configure the web servers you want to protect and the protection and authentication policies. To protect the web servers, you add them and the policies to Web Application Firewall (WAF) rules. General settings apply to all the protected web servers.

Note

You can create a maximum of 60 WAF rules. See WAF limitation.

  • To manage the WAF service, go to System services > Services.