Fortinet 19 FortiWeb 5.0 Patch 6 Administration Guide
•X-Forwarded-For
•Shared IP
• Policy bypasses for known search engines
•Geo IP
•DoS Protection
•IP Reputation
•URL Rewriting (also redirection)
•HTTP Authentication and LDAP, RADIUS, and NTLM profiles
•Data Analytics
• Log-based reports
• Alert email
• Syslog and FortiAnalyzer IP addresses
•NTP
• FTP immediate/scheduled
• OCSP/SCEP
•Anti-defacement
• HA/Configuration sync
•exec restore
•exec backup
•exec traceroute
•exec telnet
•Challenge action for application-level anti-DoS — Rather than simply blocking all clients
that exceed your rate limit or trigger other DoS sensors, you can now choose to test the
client first — to return a web page that uses a script to assess whether the client is a web
browser or an automated tool favored by attackers. In this way, you can allow higher rate
limits for people than automated tools. See “Limiting the total HTTP request rate from an IP”
on page 339 and “Preventing an HTTP request flood” on page 347.
•Search engine access improved — You can now allow known search engines such as
Google, Yahoo!, Baidu and Bing to be exempt from DoS sensors, brute force login sensors,
HTTP protocol constraints, and combination rate & access control (called “advanced
protection” and “custom policies” in the web UI). See Allow Known Search Engines in
“Configuring a protection profile for inline topologies” on page 468 or “Configuring a
protection profile for an out-of-band topology or asynchronous mode of operation” on
page 477.
•Robot control simplified — Control of known malicious automated tools has been
simplified, and custom robot definitions removed. See Bad Robot in “Blocking known
attacks & data leaks” on page 387.
•Robot monitoring report — To monitor search engines that may be abusing access, you
can monitor throughput and transactions per second for each crawler from your GUI’s
reports area. See “Bot analysis” on page 605.
•Dynamic rate threshold in Real Time Monitor widget — The Policy Summary widget has
been renamed, and now scales its graph dynamically to best show you differences based
upon your normal levels of traffic. See “Real Time Monitor widget” on page 537.
•HTTP status code customization — To prevent WAF fingerprinting that can be a precursor
for evasive APT attackers, you can now modify the return codes such as 200 OK that