Fortinet 417 FortiWeb 5.0 Patch 6 Administration Guide
Action Select which action the FortiWeb appliance will take when it
detects a violation of the rule:
Alert — Accept the connection and generate an alert email
and/or log message.
Alert & Deny — Block the request (reset the connection) and
generate an alert and/or log message.
You can customize the web page that will be returned to the
client with the HTTP status code. See “Uploading a custom
error page” on page 467 or Error Message.
Period Block — Block subsequent requests from the client for
a number of seconds. Also configure Block Period.
You can customize the web page that will be returned to the
client with the HTTP status code. See “Uploading a custom
error page” on page 467 or Error Message.
Note: If FortiWeb is deployed behind a NAT load balancer,
when using this option, you must also define an X-header that
indicates the original client’s IP (see “Defining your proxies,
clients, & X-headers” on page 266). Failure to do so may cause
FortiWeb to block all connections when it detects a violation of
this type.
Redirect — Redirect the request to the URL that you specify in
the protection profile or URL Pattern and generate an alert
and/or log message. Also configure either URL Pattern, or
Redirect URL and Redirect URL With Reason.
Send 403 Forbidden — Reply with an HTTP 403 Access
Forbidden error message and generate an alert and/or log
message.
The default value is Alert.
Note: This setting will be ignored if Monitor Mode is enabled.
Note: Logging and/or alert email will occur only if enabled and
configured. See “Logging” on page 542 and “Alert email” on
page 576.
Note: If you will use this rule set with auto-learning, you should
select Alert. If Action is Alert & Deny, or any other option that
causes the FortiWeb appliance to terminate or modify the request
or reply when it detects an attack attempt, the interruption will
cause incomplete session information for auto-learning.
Block Period Type the number of seconds that you want to block subsequent
requests from the client after the FortiWeb appliance detects that
the client has violated the rule.
This setting is available only if Action is set to Period Block. The
valid range is from 1 to 3,600 (1 hour). The default value is 1. See
also “Monitoring currently blocked IPs” on page 606.