Fortinet 398 FortiWeb 5.0 Patch 6 Administration Guide
Configuring action overrides or exceptions to data leak & attack detection signaturesYou can configure FortiWeb to omit attack signature scans in some cases. You can also
configure the signature to only log/alert instead of blocking the attack.
Exceptions may be useful if you know that some URLs, during normal use, will cause false
positives by matching an attack signature. Signature exceptions define request URLs that will
not be subject to signature rules.
For example, if the HTTP POST URL /pageupload should accept input that is PHP code, but it
is the only URL on the host that should do so, you would create an exception that, in the PHP
Injection category, disables that specific signature ID for the URL /pageupload in the
signature rule that normally would block all injection attacks.
Figure 44:Disabling signatures or adding exceptions while viewing the attack log
To configure a signature exception, action override, or disable a signature
1. Go to Web Protection > Known Attacks > Signatures.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Web Protection Configuration category. For
details, see “Permissions” on page 47.
If you are not sure which exceptions are advisable, examine your attack log for attack log
messages generated by normal traffic on servers that are not actually vulnerable to that attack.
You can click the Add Exception link directly in the attack log message display to create an
exception.