Fortinet 358 FortiWeb 5.0 Patch 6 Administration Guide
4. Configure these settings:
Setting name Description
Name Type a unique name that can be referenced in other parts of the
configuration. Do not use spaces or special characters. The
maximum length is 35 characters.
HTTP Request
Limit/sec
Type the maximum rate of requests per second allowed from a
single HTTP client to the same URL on a protected web site.
For best results, this should be at least as many requests as
required to normally load the URL. When a client accesses a web
application, it normally requests many files, such as images and
style sheets, used by the web page itself. If you set limits too low, it
can cause false positive attack detections and block requests. In
extreme cases, this could prevent a single web page from fully
loading all of its components — images, CSS, and other external
files.
The valid range is from 1 to 1,000. The default is 1. Fortinet
suggests an initial value of 25. See also “Reducing false positives”
on page 624.
Real Browser
Enforcement
Exception
If some web pages require a higher rate limit, from this drop-down
list, select an exception profile.
If you need to modify the exception, click the Detail link. The
exception dialog appears, where you can view and edit the
exceptions. Use your browser’s Back button to return.