Fortinet 193 FortiWeb 5.0 Patch 6 Administration Guide
Setting name Description
Edit Allow
Method
Click this button to open a dialog where you can select which HTTP request
methods to allow in the generated profile. Then in the Status drop-down list,
select either:
On — Manually override the suggestion, and enable the method.
Off — Manually override the suggestion, and disable the method.
Default — Do not override the suggestion. FortiWeb automatically
estimates whether enabling or disabling the HTTP method is appropriate,
based upon auto-learning data. When you generate a protection profile,
FortiWeb will use whichever setting is indicated by the current
auto-learning data.
This button appears only when you select a policy in the navigation pane.
Edit Exception
Method
Click this button to open a dialog where you can select which HTTP request
methods are exceptions to the ones allowed by the generated profile. Then in
the Status drop-down list, select either:
On — Manually override the suggestion, and enable the method.
Off — Manually override the suggestion, and disable the method.
Default — Do not override the suggestion. FortiWeb automatically
estimates whether enabling or disabling the HTTP method is appropriate,
based upon auto-learning data. When you generate a protection profile,
FortiWeb will use whichever setting is indicated by the current
auto-learning data.
This button appears only when you select an individual URL in the navigation
pane.
Edit URL
Access
(In the Most hit
URL table and
chart section)
Click this button to open a dialog where you can select which pages will be
included in a URL access rule whose Action is Pass (i.e. allow the request
and do not generate an attack log message). To include the URL, click and
drag it from the column named Available on the right into the column on the
left, named URL Access rules with action 'Pass'.
Essentially, auto-learning’s assumption in this case is that most page hits are
legitimate, so that URLs that are frequently hit should be normally accessible.
This button appears only when you select the policy in the navigation pane.
Edit Start Page Click this button to open a dialog where you can select which pages will be
included in a URL access rule whose Action is Pass (i.e. allow the request and
do not generate an attack log message). To include the URL, click and drag it
from the column named Available on the right into the column on the left,
named URL Access rules with action 'Pass'.
This button appears only when you select the policy in the navigation pane.