Fortinet 365 FortiWeb 5.0 Patch 6 Administration Guide
7. Configure these settings:
Setting name Description
Host Status Enable to require that the Host: field of the HTTP request match a
protected hosts entry in order to be included in the brute force login
attack profile’s rate calculations. Also configure Host.
Host Select which protected hosts entry (either a web host name or IP
address) that the Host: field of the HTTP request must be in to match
the brute force login attack profile.
This option is available only if Host Status is enabled.
Type Select how to apply the limit of login attempts in Standalone IP Access
Limit or Share IP Access Limit, either:
•Based on Source IP — Apply the limit to per source IP.
•Based on TCP Session — Apply the limit to per TCP/IP session.
Tip: If you need to cover both possibilities, create two members.
Request File Type the URL that the HTTP/HTTPS request must match to be included
in the brute force login attack profile’s rate calculations.
When you have finished typing the regular expression, click the >> (test)
icon. This opens the Regular Expression Validator window where you can
fine-tune the expression (see “Regular expression syntax” on page 673).
Block Period Type the length of time in seconds for which the FortiWeb appliance will
block subsequent requests after a source IP address exceeds the rate
threshold in either Standalone IP Access Limit or Share IP Access Limit.
The block period is shared by all clients whose traffic originates from the
source IP address. The valid range is from 1 to 10,000 seconds.