Fortinet 327 FortiWeb 5.0 Patch 6 Administration Guide
3. Configure these settings:
Setting name Description
Name Type a unique name that can be referenced in other parts of the
configuration. Do not use spaces or special characters. The maximum
length is 35 characters.
Action Select which action the FortiWeb appliance will take when it detects a
violation of the rule:
•Alert — Accept the request and generate an alert email and/or log
message.
•Alert & Deny — Block the request (or reset the connection) and
generate an alert email and/or log message.
You can customize the web page that will be returned to the client
with the HTTP status code. See “Uploading a custom error page” on
page 467 or Error Message.
•Period Block — Block subsequent requests from the client for a
number of seconds. Also configure Block Period.
You can customize the web page that will be returned to the client
with the HTTP status code. See “Uploading a custom error page” on
page 467 or Error Message.
The default value is Alert.
Caution: This setting will be ignored if Monitor Mode is enabled.
Note: Logging and/or alert email will occur only if enabled and
configured. See “Logging” on page 542 and “Alert email” on page 576.
Note: If you will use this rule set with auto-learning, you should select
Alert. If Action is Alert & Deny, or any other option that causes the
FortiWeb appliance to terminate or modify the request or reply when it
detects an attack attempt, the interruption will cause incomplete session
information for auto-learning.