Fortinet 328 FortiWeb 5.0 Patch 6 Administration Guide
4. Click OK.
5. Click Create New to add an entry to the set.
A dialog appears.
6. From Filter Type, select one of the following conditions that a request must match in order to
be allowed, then click OK.
The settings in the next dialog that appears varies by your selection in Filter Type.
Source IPv4/IPv6 — Type the IP address of a client that will be allowed. Depending on your
configuration of how FortiWeb will derive the client’s IP (see “Defining your proxies, clients, &
X-headers” on page 266), this may be the IP address that is indicated in an HTTP header
rather than the IP header.
HTTP Access Rate Limit — This is the number of requests per second per client IP.
Depending on your configuration of how FortiWeb will derive the client’s IP (see “Defining
your proxies, clients, & X-headers” on page 266), this may be the IP address that is indicated
in an HTTP header rather than the IP header.
URL — Type a regular expression that will match one or more URLs, such as /index\.jsp.
Do not include the host name.
HTTP Header — Indicate a single HTTP Header Name such as Host:, and all or part of its
value in Header Value. The request/response will match the condition if that header contains
Block Period Type the number of seconds that you want to block subsequent requests
from the client after the FortiWeb appliance detects that the client has
violated the rule.
This setting is available only if Action is set to Period Block. The valid
range is from 1 to 3,600 (1 hour). The default value is 60. See also
“Monitoring currently blocked IPs” on page 606.
Severity When rule violations are recorded in the attack log, each log message
contains a Severity Level (severity_level) field. Select which severity
level the FortiWeb appliance will use when it logs a violation of the rule:
•Low
•Medium
High
The default value is Medium.
Trigger Action Select which trigger, if any, that the FortiWeb appliance will use when it
logs and/or sends an alert email about a violation of the rule. See
“Configuring triggers” on page 557.
Setting name Description
To accept requests that do not match the URL, do not precede the URL with an exclamation
mark ( ! ). Use the CLI to configure the reverse-match {no | yes} setting for this filter.
For details, see the FortiWeb CLI Reference.