Fortinet 239 FortiWeb 5.0 Patch 6 Administration Guide
5. If you want to require that the Host: field of the HTTP request matches a protected host
entry in order to match the HTTP authentication rule, do the following:
•Enable Host Status.
•From Host, select which protected host entry (either a web host name or IP address) the
Host: field of the HTTP request must be. The list contains hosts configured in a
protected servers group. For details, see “Defining your protected/allowed HTTP “Host:”
header names” on page 249.
6. Click OK.
7. Click Create New.
A dialog appears.
8. Configure these settings:
Setting
name
Description
Auth Type Select which type of HTTP authentication to use:
•Basic — Clear text, Base64-encoded user name and password.
Supports all user queries except NTLM. NTLM users will be ignored if
included in the user group.
•Digest — Hashed user name, realm, and password. Only local users are
supported. Other types are ignored if included in the user group.
•NTLM — Encrypted user name and password. Only NTLM queries are
supported. Other types are ignored if included in the user group.
For more information on available user types, see “Grouping users” on
page 236.
User Group Select the name of an existing end-user group that is authorized to use the
URL in Auth Path.