Fortinet 5.0 Patch 6

Fortinet 425 FortiWeb 5.0 Patch 6 Administration Guide

Action Select which action the FortiWeb appliance will take when it detects a

violation of the rule:

•Alert — Accept the connection and generate an alert email and/or

log message.

•Alert & Deny — Block the request (reset the connection) and

generate an alert and/or log message. 

You can customize the web page that will be returned to the client

with the HTTP status code. See “Uploading a custom error page” on

page 467 or Error Message.

•Period Block — Block subsequent requests from the client for a

number of seconds. Also configure Block Period. 

You can customize the web page that will be returned to the client

with the HTTP status code. See “Uploading a custom error page” on

page 467 or Error Message.

Note: If FortiWeb is deployed behind a NAT load balancer, when

using this option, you must also define an X-header that indicates

the original client’s IP (see “Defining your proxies, clients, &

X-headers” on page 266). Failure to do so may cause FortiWeb to

block all connections when it detects a violation of this type.

•Redirect — Redirect the request to the URL that you specify in the

protection profile and generate an alert and/or log message. Also

configure Redirect URL and Redirect URL With Reason.

•Send 403 Forbidden — Reply with an HTTP 403 Access

Forbidden error message and generate an alert and/or log

message.

The default value is Alert. See also “Reducing false positives” on

page 624.

Caution: This setting will be ignored if Monitor Mode is enabled.

Note: Logging and/or alert email will occur only if enabled and

configured. See “Logging” on page 542 and “Alert email” on page 576.

Note: If you will use this rule set with auto-learning, you should select

Alert. If Action is Alert & Deny, or any other option that causes the

FortiWeb appliance to terminate or modify the request or reply when it

detects an attack attempt, the interruption will cause incomplete

session information for auto-learning.

Block Period Type the number of seconds that you want to block subsequent

requests from the client after the FortiWeb appliance detects that the

client has violated the rule.

This setting is available only if Action is set to Period Block. The valid

range is from 1 to 3,600 (1 hour). The default value is 1. See also

“Monitoring currently blocked IPs” on page 606.

Setting name Description