Fortinet 30 FortiWeb 5.0 Patch 6 Administration Guide
Local file
inclusion
(LFI)
LFI is a type of injection attack.
However, unlike SQL injection
attacks, a database is not always
involved. In an LFI, a client
includes directory traversal
commands (such as ../../for
web servers on Linux, Apple Mac
OS X, or Unix distributions) when
submitting input. This causes
vulnerable web servers to use
one of the computer’s own files
(or a file previously installed via
another attack mechanism) to
either execute it or be included in
its own web pages.
This could be used for many
purposes, including direct
attacks of other servers,
installation of malware, and data
theft of /etc/passwd, display of
database query caches, creation
of administrator accounts, and
use of any other files on the
server’s file system.
Many platforms have been
vulnerable to these types of
attacks, including Microsoft .NET
and Joomla.
Block directory traversal
commands.
Generic Attacks
Malicious
robots
Misbehaving web crawlers ignore
the robots.txt file, and
consume server resources and
bandwidth on a site.
Ban bad robots by
source IP or
User-Agent: field, as
well as rate limiting
clients that fail a test that
detects web browsers
Real Browser
Enforcement
Exception
Tabl e 2 : Web-related threats
Attack
Technique
Description Protection FortiWeb Solution