Fortinet 335 FortiWeb 5.0 Patch 6 Administration Guide
Blacklisting & whitelisting clients individually by source IPYou can define which source IP addresses are trusted clients, undetermined, or distrusted.
•Trusted IPs — Almost always allowed to access to your protected web servers. Trusted IPs
are exempt from many (but not all) of the restrictions that would otherwise be applied by a
server policy. For a list of skipped scans, see “Sequence of scans” on page 23.
•Neither — If a source IP address is neither explicitly blacklisted or trusted by an IP list
policy, the client will be able to access your web servers, unless it is blocked by any of your
other configured, subsequent web protection scan techniques (see “Sequence of scans” on
page 23).
•Blacklisted IPs — Blocked and prevented from accessing your protected web servers.
Requests from blacklisted IP addresses receive a warning message as the HTTP response.
The warning message page includes ID: 70007, which is the ID of all attack log messages
about requests from blacklisted IPs.
Figure 43:Warning response to blacklisted IPs
Because many businesses, universities, and even now home networks use NAT, a packet’s
source IP address may not necessarily match that of the client. Keep in mind that if you black
list or white list an individual source IP, it may therefore inadvertently affect other clients that
share the same IP.
To configure policies for individual source IPs
1. If you want to use a trigger to create a log message and/or alert email when a blacklisted
client attempts to connect to your web servers, configure the trigger first. See “Configuring
triggers” on page 557.
X-header-derived client source IPs (see “Defining your proxies, clients, & X-headers” on
page 266) do not support this feature in this release. If FortiWeb is deployed behind a load
balancer or other web proxy that applies source NAT, this feature will not work.
Because trusted and blacklisted IP policies are evaluated before many other techniques,
defining these IP addresses can be used to improve performance. For details, see “Sequence
of scans” on page 23.