Protecting Your Web Server

You control incoming HTTP connections to a Web server protected by the Firebox using the HTTP-Server proxy action. If you host a public Web server, you want to make sure that people can get access to it. At the same time, you must prevent attacks against your Web server. The default HTTP-Server rulesets allow most types of connections through the Firebox while blocking the most common attacks. You can customize this ruleset to meet your business requirements.

The HTTP-Server proxy action includes the same 13 rulesets as the HTTP-Client proxy action, but the default settings are much different:

HTTP Request - General Settings
    Use this ruleset to control basic HTTP parameters of idle time-out and maximum URL length.

HTTP Request - Request Methods
    The Request Method ruleset lets you control the types of HTTP request methods allowed through the Firebox as part of an HTTP request. By default, only HEAD, GET, and POST request methods are allowed through the Firebox to the Web server.

HTTP Request - URL Paths
    Use the URL Path ruleset to filter the content of the host, path, and query-string components of a URL.

HTTP Request - Header Fields
    This ruleset supplies content filtering for the full HTTP header, not just the name. By default, all headers are allowed.

HTTP Request - Authorization
    The ruleset sets the criteria for content filtering of HTTP Request Header authorization fields. The proxy puts limits on the type of authentication sent in a request. With a default configuration, the Firebox allows Basic, Digest, NTLM, and Passport 1.4 authentication.

HTTP Response - General Settings
    Use this ruleset to configure basic HTTP response parameters, including idle time-out, maximum line length, and maximum total length of an HTTP response header. If you set a value control to 0 bytes, the Firebox ignores the size completely.

HTTP Response - Header Fields
    This ruleset controls which HTTP response header fields the Firebox allows.

HTTP Response - Content Types
    This ruleset controls the types of MIME content allowed through the Firebox in HTTP response headers. By default, the Firebox allows all content types through the HTTP-Server proxy action.

HTTP Response - Cookies
    Use this ruleset to control cookies included in HTTP responses. The default ruleset allows all cookies.

HTTP Response - Body Content Types
    This ruleset gives you control of the content in an HTTP response. The Firebox is configured to allow all body content types through to your Web server.

Deny Message
    This ruleset lets you customize the default deny message that a user will see if the Firebox denies some piece of content they have tried to upload to your Web server.

Intrusion Prevention
    The Intrusion Prevention ruleset lets you turn on the Intrusion Prevention Service's monitoring of the HTTP server connections to look for signatures that match those in the Intrusion Prevention Service database (if you have purchased the optional Intrusion Prevention Service).

Proxy Alarm
    The Proxy Alarm ruleset lets you define the type of alarm that will be sent any time a notification is triggered by an HTTP-Server ruleset.

 

Return to Top

Copyright 1996 - 2005 WatchGuard Technologies, Inc. All rights reserved.
Legal Notice/Terms of Use