You control incoming HTTP connections
to a Web server protected by the Firebox using the HTTP-Server proxy action.
If you host a public Web server, you want to make sure that people can get access
to it. At the same time, you must prevent attacks against your Web server. The
default HTTP-Server rulesets allow most types of connections through the Firebox
while blocking the most common attacks. You can customize this ruleset to meet
your business requirements.
The HTTP-Server proxy action includes the same 13 rulesets as the HTTP-Client proxy action, but the default settings are much different:
HTTP Request - General Settings
Use this ruleset to control basic HTTP parameters of idle time-out and maximum URL length.
HTTP Request - Request Methods
The Request Method ruleset lets you control the types of HTTP request methods allowed through the Firebox as part of an HTTP request. By default, only HEAD, GET, and POST request methods are allowed through the Firebox to the Web server.
HTTP Request - URL Paths
Use the URL Path ruleset to filter the content of the host, path, and query-string components of a URL.
HTTP Request - Header Fields
This ruleset supplies content filtering for the full HTTP header, not just the name. By default, all headers are allowed.
HTTP Request - Authorization
The ruleset sets the criteria for content filtering of HTTP Request Header authorization fields. The proxy puts limits on the type of authentication sent in a request. With a default configuration, the Firebox allows Basic, Digest, NTLM, and Passport 1.4 authentication.
HTTP Response - General Settings
Use this ruleset to configure basic HTTP response parameters, including idle time-out, maximum line length, and maximum total length of an HTTP response header. If you set a value control to 0 bytes, the Firebox ignores the size completely.
HTTP Response - Header Fields
This ruleset controls which HTTP response header fields the Firebox allows.
HTTP Response - Content Types
This ruleset controls the types of MIME content allowed through the Firebox in HTTP response headers. By default, the Firebox allows all content types through the HTTP-Server proxy action.
HTTP Response - Cookies
Use this ruleset to control cookies included in HTTP responses. The default ruleset allows all cookies.
HTTP Response - Body Content Types
This ruleset gives you control of the content in an HTTP response. The Firebox is configured to allow all body content types through to your Web server.
This ruleset lets you customize the default deny message that a user will see if the Firebox denies some piece of content they have tried to upload to your Web server.
The Intrusion Prevention ruleset lets you turn on the Intrusion Prevention Service's monitoring of the HTTP server connections to look for signatures that match those in the Intrusion Prevention Service database (if you have purchased the optional Intrusion Prevention Service).
The Proxy Alarm ruleset lets you define the type of alarm that will be sent any time a notification is triggered by an HTTP-Server ruleset.
Return to Top
Copyright © 1996 - 2005 WatchGuard Technologies, Inc. All rights reserved.