Fortinet 423 FortiWeb 5.0 Patch 6 Administration Guide
“Defining your protected/allowed HTTP “Host:” header names” on page 249). If you want to
define your own data types, you should also configure those first (see “Defining custom data
types” on page 429).
2. Go to Web Protection > Input Validation > Parameter Validation Rule.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Web Protection Configuration category. For
details, see “Permissions” on page 47.
3. Click Create New.
A dialog appears.
4. Configure these settings:
Setting name Description
Name Type a unique name that can be referenced in other parts of the
configuration. Do not use spaces or special characters. The maximum
length is 35 characters.
Host Status Enable to apply this input rule only to HTTP requests for specific web
hosts. Also configure Host.
Disable to match the input rule based upon the other criteria, such as
the URL, but regardless of the Host: field.
Host Select which protected hosts entry (either a web host name or IP
address) that the Host: field of the HTTP request must be in to match
the signature exception.
This option is available only if Host Status is enabled.