Fortinet 394 FortiWeb 5.0 Patch 6 Administration Guide
Information
Disclosure
Enable to detect server error messages and other sensitive
messages in the HTTP headers, such as CF Information Leakage
(Adobe ColdFusion server information).
All of this attack’s signatures are automatically enabled when you
enable detection. However, if one of the signatures is causing false
positives and you need to instead configure a custom attack
signature that will not cause false positives, you can individually
disable that signature. To disable a specific signature, click the blue
arrow to expand the list, then clear that signature’s check box.
Error messages, HTTP headers such as
Server: Microsoft-IIS/6.0, and other messages could
inform attackers of the vendor, product, and version numbers of
software running on your web servers, thereby advertising their
specific vulnerabilities.
Sensitive information is detected according to fixed signatures.
Attack log messages contain Information Disclosure and
the subtype and signature (for example, Information
Disclosure-HTTP Header Leakage : Signature ID
080200001) when this feature detects a possible leak.
In the Action column, select that the FortiWeb will do when it
detects this type of vulnerability:
•Alert
Note: Does not cloak, except for removing sensitive headers.
(Sensitive information in the body remains unaltered.)
•Alert & Erase — Hide replies with sensitive information
(sometimes called “cloaking”). Block the reply (or reset the
connection) or remove the sensitive information, and generate
an alert email and/or log message.
If the sensitive information is a status code, you can customize
the web page that will be returned to the client with the HTTP
status code.
Note: This option is not fully supported in offline protection
mode. Effects will be identical to Alert; sensitive information will
not be blocked or erased.
•Period Block
•Redirect
Setting name Description