Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Configure Web Server In Sophos XG firewall

Here in this article we will discuss how to host web server behind sophos XG firewall. Sophos XG firewall will act as web application firewall and it will protect web server from exploits and various types of attacks. WAF rules will be used to specify virtual web servers and translate these to physical servers without configuring DNAT rules.

Using path specific routing in sophos XG firewall, we can route specific URL request to specific web servers. We can also protect web server with IPS policy and we can define traffic shaping for the web server policy rule.

Now in this article we will configure web server protection for hosting firewallgeeks.com website.

To configure web server protection, first click on rules and policies and click on add firewall rule and enter information as below

Name: Enter any name for web server protection rule.

Action: Select protect with web server protection

Protection Template: Select any preconfigured protection template or you can also define new protection policy under web server >> protection policies.

Rule Position: Keep rule position on top.

Rule Group: Keep rule group as None

Hosted Server:

Hosted Address: In the hosted address field select the DNS resolving IP address. Lets say “firewallgeeks.com” website resolving to WAN port of the firewall. We need to select specific WAN port.

Listening Port: Lets say “firewallgeeks.com” is listening on port 443, we need to enter that port in this tab.

Domains: In the domains section, enter “firewallgeeks.com” domain name.

Firewall rule
Web server protection

Path Specific Routing: Path specific routing is a feature in XG firewall which will forward request to multiple physical web servers based on the requested URL path.

example:

Suppose, if user enters “firewallgeeks.com” request needs to go to specific internal server and if user enters “firewallgeeks.com/xg” it needs to redirect to another internal web server we can mention it here.

But for now in this example, we are not doing any path specific routing.

Access Permission:

In the access permission section, we can define which IP address we can allow to reach the web server and we can also define which IP address we can block.

We can also define specific authentication template, if you want to authenticate users before reaching the actual webserver.

Access permission
Access Permission

Advanced Settings:

Under advanced settings you can define protection policies for the firewall and you can also select IPS policy for the WEB server protection. You can also select traffic shaping applied to web server protection policy.

Disable Compression Support: If this feature is turned on, XG firewall will request uncompressed data from web server and sends it to the client irrespective of request parameters.

Rewrite HTML:

Select to rewrite the links of returned web pages to retain link validity.

Example: If a web server’s hostname is yourcompany.local, but the hosted web server’s hostname is yourcompany.com, absolute links like [a href="http://yourcompany.local/"] are broken if the link is not rewritten to [a href="http://yourcompany.com/"] before delivery to the client.You don’t need to select this option if yourcompany.com is configured on your web server or if internal links on your web pages are always realized as relative links. We recommend that you use the option with Microsoft Outlook web access or SharePoint portal server.

Once you fill the above information save the web application firewall rule.

Hope this article helps you.