Fortinet 272 FortiWeb 5.0 Patch 6 Administration Guide
4. Click Create New.
A sub-dialog appears.
5. In IP, type the IP address of the external proxy or load balancer according to packets’ SRC
field in the IP layer when received by FortiWeb.
To apply anti-spoofing measures and improve security, FortiWeb will trust the contents of the
HTTP header that you specified in Use X-Header to Identify Original Client’s IP only if the
packet arrived from one of the IP addresses you specify here. Other packets’ X-headers will
be regarded as potentially spoofed.
6. Click OK.
The first dialog re-appears.
7. Click OK to save the configuration.
8. To apply the X-header rule, select it when configuring an inline protection profile (see
“Configuring a protection profile for inline topologies” on page 468).
See also
•Logging
•Alert email
•SNMP traps & queries
•Reports
•DoS prevention
Configuring virtual servers on your FortiWebBefore you can create a server policy, you must first configure a virtual server that defines the
network interface or bridge and IP address where traffic destined for an individual web server or
server farm will arrive.
A virtual server on your FortiWeb is not the same as a virtual host on your web server. A virtual
server is more similar to a virtual IP on a FortiGate. It is not an actual server, but simply defines
the listening network interface. Unlike a FortiGate VIP, it includes a specialized proxy that only
picks up HTTP and HTTPS.
By default, in reverse proxy mode, FortiWeb’s virtual servers will not forward
non-HTTP/HTTPS traffic from virtual servers to your protected web servers. (Only traffic picked
up and allowed by the HTTP reverse proxy will be forwarded.) You may be able to provide
connectivity by either deploying in a one-arm topology where other protocols bypass FortiWeb,
or by enabling FortiWeb to route other protocols. See also “Topology for reverse proxy mode”
on page 63 and the config router setting command in the FortiWeb CLI Reference.