Fortinet 5.0 Patch 6 Grouping access rules per combination of URL & Host:

Fortinet 324 FortiWeb 5.0 Patch 6 Administration Guide

7. Click OK.

8. Repeat the previous steps for each individual condition that you want to add to the URL

access rule.

9. Group the URL access rule in a URL access policy (see “Grouping access rules per

combination of URL & “Host:”” on page 324).

Attack log messages contain URL Access Violation when this feature detects a

suspicious HTTP request.

See also

•Configuring a protection profile for inline topologies

•Configuring a protection profile for an out-of-band topology or asynchronous mode of

operation

Grouping access rules per combination of URL & “Host:”

Before you can apply them in a policy via a protection profile, you must first combine access

rules into an access policy. URL access policies define a set of access rules, and their order of

evaluation.

To configure a URL access policy

1. Before you can configure an effective URL access policy, you must configure one or more

URL access rules. See “Restricting access to specific URLs” on page 321.

2. Go to Web Protection > Access > URL Access Policy.

To access this part of the web UI, your administrator’s account access profile must have

Read and Write permission to items in the Web Protection Configuration category. For

details, see “Permissions” on page 47.

Domain Type the fully qualified domain name (FQDN) that a client source IP must

reverse resolve to in order to match.

This option appears only if Source Address Type is Domain.

URL Type Select whether the URL Pattern field will contain a literal URL (Simple String),

or a regular expression designed to match multiple URLs (Regular

Expression).

URL Pattern Depending on your selection in URL Type, enter either:

• the literal URL, such as /admin.php. The URL must begin with a slash

( / ).

• a regular expression, such as ^/admin*.php, matching all and only the

desired URLs. The pattern does not require a slash ( / ). However, it must

at least match URLs that begin with a slash, such as /admin.cfm.

When you finish typing the regular expression, click the >> (test) icon.

This opens the Regular Expression Validator window where you can

fine-tune the expression (see “Regular expression syntax” on page 673).

Do not include the domain name, such as www.example.com, which is

configured separately in the Host drop-down list for the URL access rule.

Meet this

condition if:

Select whether the access condition is met when the HTTP request matches

both the regular expression (or text string) and source IP address of the

client, or when it does not match the regular expression (or text string)

and/or source IP address of the client.