Guidelines on Securing Public Web Servers

Provide user authentication. 

Application layer firewalls also have some disadvantages as compared with network layer and 

stateful inspection firewalls: 

Slower 

Limited support for obscure and new protocols.  

Although not strictly a limitation, application layer firewalls tend to be implemented on a 

workstation running a general purpose operating system (e.g., Windows, Linux, and Unix).  

This introduces an added layer of complexity because that general purpose operating system 

must be secured, in addition to the firewall software itself.  Typically, routers and stateful 

inspection firewalls run on specialized operating systems, thus reducing this risk. 

To more successfully protect a Web server using a firewall, ensure that it is capable of and 

configured to: 

Control all traffic between the Internet and the Web server 

Block all inbound traffic to the Web server except TCP ports 80 (HTTP) and/or 443 

(HTTPS) 

Block all inbound traffic with an internal IP address (to prevent IP spoofing attacks) 

Block client connections from the Web server to the Internet and the organization's 

internal network (this will reduce the impact of certain worms such as Code Red) 

Block (in conjunction with the intrusion detection system [see Section 8.2.2]) IP 

addresses or subnets that the IDS reports are attacking the organizational network 

Notify the network administrator or appropriate security personnel of suspicious 

activity through an appropriate means (e.g., page, e mail and network trap)  

Provide content filtering 

Protect against denial of service attacks 

Detect malformed or known attack URL requests 

Log critical events including the following details: 

Time and date 

Interface IP address 

Vendor specific event name 

Standard attack event (if one exists) 

Source and destination IP address 

71