Fortinet 5.0 Patch 6 Configuring browser enforcement exceptions

upon the next request, FortiWeb will return a web page with the JavaScript browser validator.

The validator will respond to FortiWeb with the test result. Clients that fail to demonstrate that

they are a web browser will have their requests dropped for the next 2.78 hours (i.e. 10,000

seconds), and the attack will be logged with a High severity level. notification_servers1

includes your central logging FortiAnalyzer, where you will be alerted that the attack attempt is

See also

URLs that are an exception will receive a second, higher rate limit. This prevents limitless HTTP

request rates that could be a DoS liability, while still allowing a greater number or requests than

specified in a Real Browser Enforcement rule.

1. Go to DoS Protection > Application > Real Browser Enforcement Exception.

To access this part of the web UI, your administrator’s account access profile must have

Read and Write permission to items in the Web Protection Configuration category. For

details, see “Permissions” on page 47.

2. Click Create New.

included files. These require more requests from clients as part of their normal operation, and

therefore could cause real browser tests for each legitimate client, depending on the limit that