Sophos XG Firewall’s Web Application Firewall (WAF) feature protects web servers deployed in a network and related applications from any underlying vulnerability exploit. It protects applications accessed via HTTP and HTTPS at the Layer 7 - Application Layer. Besides Layer 7 based attacks, the web server is safeguarded against cookie tampering, forceful browsing, and hidden field tampering. The WAF also mitigates user-induced vulnerabilities in applications that leave web applications open to attacks, such as cross-site scripting, directory traversal, and forced URL browsing. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
As shown in the diagram below, Sophos Firewall is deployed in Gateway Mode and WAF protection is enabled. The web server is located in the LAN zone behind the XG. A user on the Internet should be able to access a website hosted on the internal web server (172.16.16.10) using its public IP address.
Note: Sophos XG Firewall allows multiple Virtual Webservers using HTTPS, and the same interface and port, to each use a different certificate. With support for Server Name Indication (SNI), Webserver Protection will present the correct server to each client, based on the requested hostname.
Note: If a virtual host of the same Web Server already exists in Sophos Firewall, then delete the virtual host before configuring the Web Server. Please do not set the Timeout value to 0 on the Web Servers as it will cause an issue with the new configuration on WAF.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.