Fortinet 251 FortiWeb 5.0 Patch 6 Administration Guide
7. In Host, enter the IP address or FQDN of a real or virtual host, according to the Host: field in
HTTP requests.
If clients connect to your web servers through the IP address of a virtual server on the
FortiWeb appliance, this should be the IP address of that virtual server or any dom ain name
to which it resolves, not the IP address of the protected web server.
For example, if a virtual server 10.0.2.1/24 forwards traffic to the physical server 192.0.2.1,
for protected hosts, you would enter:
•10.0.2.1, the address of the virtual server
•www.example.com, the domain name that resolves to the virtual server
Your entry must match the whole host name exactly. Wild cards such as *.example.com
are not supported. If you require wild card host name matches, use HTTP Host: header
access control rules instead (see “Combination access control & rate limiting” on page 325).
8. In Action, select whether to Accept or Deny HTTP requests whose Host: field matches this
Host entry.
9. Click OK.
10.Repeat the previous steps for each host that you want to add to the protected server group.
11.To apply a protected host group, select it in a server policy (see “Configuring a server policy”
on page 483). Policies use protected host definitions to block connections that are not
destined for a protected host. If you do not select a protected server group in a server policy,
and you do not configure a combination access control rule with an HTTP Host: condition
either, connections will be accepted or blocked regardless of the Host: field.
Defining your web serversYou can specify your back-end web servers by their IP addresses and/or DNS domain names.
These web servers will be protected by FortiWeb, and are the recipients of traffic that is
forwarded or allowed to pass through by FortiWeb.
See also
•Enabling or disabling traffic forwarding to your servers
•Predefined services
•Defining your network services
•Configuring a server policy
Defining your web server by its IP address
“Domain servers” use DNS A record domain names to define a web server, while
“physical servers” use IP addresses.
A physical server defines the IP address of an individual web server or a member of a server
farm that is the ultimate destination of traffic received by the FortiWeb appliance at a virtual
server address, and where the FortiWeb appliance will forward traffic (or let it pass through,
depending on the operation mode) after applying the protection profile and other policy
You can also define web servers to be FortiWeb’s virtual servers. This chains multiple policies
together, which may be useful in more complex traffic routing or rewriting situations.