Fortinet 5.0 Patch 6

Fortinet 239 FortiWeb 5.0 Patch 6 Administration Guide

5. If you want to require that the Host: field of the HTTP request matches a protected host

entry in order to match the HTTP authentication rule, do the following:

•Enable Host Status.

•From Host, select which protected host entry (either a web host name or IP address) the

Host: field of the HTTP request must be. The list contains hosts configured in a

protected servers group. For details, see “Defining your protected/allowed HTTP “Host:”

header names” on page 249.

6. Click OK.

7. Click Create New.

A dialog appears.

8. Configure these settings:

Setting

name

Description

Auth Type Select which type of HTTP authentication to use:

•Basic — Clear text, Base64-encoded user name and password.

Supports all user queries except NTLM. NTLM users will be ignored if

included in the user group.

•Digest — Hashed user name, realm, and password. Only local users are

supported. Other types are ignored if included in the user group.

•NTLM — Encrypted user name and password. Only NTLM queries are

supported. Other types are ignored if included in the user group.

For more information on available user types, see “Grouping users” on

page 236.

User Group Select the name of an existing end-user group that is authorized to use the

URL in Auth Path.