Fortinet 360 FortiWeb 5.0 Patch 6 Administration Guide
5. Click OK.
6. Group the rule in a DoS protection policy (see “Grouping DoS protection rules” on page 355)
that is used by a protection profile.
7. Enable the Session Management option in the protection profile.
See also
Bot analysis
Example: Preventing email directory harvesting
Let’s say that you have a web application such as IBM Lotus Notes that provides access to your
directory. The directory includes a huge number of email addresses: all of your employees,
vendors, and clients. Because these are known to be the email addresses of real people, the
directory is an incredibly valuable target for hackers or botnets that are employed by spammers
— sending spam only to known-deliverable addresses reaps more profit.
If your directory is properly configured and protected by a FortiMail, an SMTP-based directory
harvest attack would not succeed. However, because there is a web application interface, the
attacker has a second possible vector: via HTTP.
Unless the attacker is focused solely on your organization, such a person is unlikely to manually
use his or her own browser to harvest the many email addresses from your web app. It’s far
more likely she or he will use a script.
To deter such an attack, you could strategically require that only web browsers can connect:
configure this real browser enforcement rule:
Severity When rule violations are recorded in the attack log, each log
message contains a Severity Level (severity_level) field.
Select which severity level the FortiWeb appliance will use when it
logs a violation of the rule:
•Low
•Medium
•High
The default value is High.
Trigger Action Select which trigger, if any, that the FortiWeb appliance will use
when it logs and/or sends an alert email about a violation of the
rule. See “Configuring triggers” on page 557.
Setting name Description
Setting name Value
HTTP Request
Limit/sec
3
Action Period Block
Block Period 10000
Severity High
Trigger Action notification_servers1