Fortinet 5.0 Patch 6

Fortinet 322 FortiWeb 5.0 Patch 6 Administration Guide

3. Configure these settings:

Setting

name

Description

Name Type a unique name that can be referenced in other parts of the

configuration. Do not use spaces or special characters. The maximum length

is 35 characters.

Host Status Enable to require that the Host: field of the HTTP request match a

protected hosts entry in order to match the URL access rule. Also configure

Host.

Host Select which protected hosts entry (either a web host name or IP address)

that the Host: field of the HTTP request must be in to match the URL

access rule.

This option is available only if Host Status is enabled.

Action Select which action the FortiWeb appliance will take when it detects a

violation of the rule. Supported options vary (available options are listed in

the description for each specific rule), but may include:

•Alert & Deny — Block the request (reset the connection) and generate an

alert email and/or log message. 

You can customize the web page that will be returned to the client with

the HTTP status code. See “Uploading a custom error page” on page 467

or Error Message.

•Pass — Allow the request. Do not generate an alert and/or log message.

•Continue — Generate an alert and/or log message, then continue by

evaluating any subsequent rules defined in the web protection profile (see

“Sequence of scans” on page 23). If no other rules are violated, allow the

request. If multiple rules are violated, a single request will generate

multiple attack log messages.

The default value is Alert.

Caution: This setting will be ignored if Monitor Mode is enabled.

Note: Logging and/or alert email will occur only if enabled and configured.

See “Logging” on page 542 and “Alert email” on page 576.

Note: If you will use this rule set with auto-learning, you should select Pass

or Continue. If Action is Alert & Deny, or any other option that causes the

FortiWeb appliance to terminate or modify the request or reply when it

detects an attack attempt, the interruption will cause incomplete session

information for auto-learning.

Delete

Edit

Clear all