Fortinet 5.0 Patch 6

Fortinet 397 FortiWeb 5.0 Patch 6 Administration Guide

6. If you enabled Information Disclosure, Troj ans , or Credit Card Detection, configure a

decompression rule. See “Configuring decompression to enable scanning & rewriting” on

page 460.

7. To apply the signature rule, select it in an inline protection profile or an offline protection

profile (see “Configuring a protection profile for inline topologies” on page 468 or

“Configuring a protection profile for an out-of-band topology or asynchronous mode of

operation” on page 477).

8. To verify your configuration, attempt a request that should be detected and/or blocked by

your configuration.

If detection fails:

• Verify that routing and TCP/IP-layer firewalling does not prevent connectivity.

• Verify that your simulated attack operates on either the HTTP header or HTTP body,

whichever component is analyzed by that feature.

• If the feature operates on the HTTP body, verify that http-cachesize is large enough,

or that you have configured to Body Length block requests that exceed the buffer limit.

For details, see the FortiWeb CLI Reference.

If the HTTP body is compressed, verify that Maximum Antivirus Buffer Size is large

enough, or that you have configured to Body Length block requests that exceed the

buffer limit.

•If you enabled Troj ans , verify that you have also configured its configuration

dependencies (see “Limiting file uploads” on page 451).

• If the feature operates on the parameters in the URL line in the HTTP headers, verify that

the total parameter length (after URL decoding, if required — configure Recursive URL

Decoding) is not larger than the buffer size of Total URL and Body Parameters Length or

Total URL Parameters Length.

9. If normal input for some URLs accidentally matches a signature, either create and use a

modified version of it instead via custom signatures, or create exceptions (“Configuring

action overrides or exceptions to data leak & attack detection signatures” on page 398).