Fortinet 426 FortiWeb 5.0 Patch 6 Administration Guide
5. Click OK.
6. Click Create New to add an entry to the set. You can add up to 1,024.
A dialog appears.
7. Configure these settings:
Severity When rule violations are recorded in the attack log, each log message
contains a Severity Level (severity_level) field. Select which
severity level the FortiWeb appliance will use when it logs a violation of
the rule:
•Low
•Medium
High
The default value is High.
Trigger Action Select which trigger, if any, that the FortiWeb appliance will use when it
logs and/or sends an alert email about a violation of the rule. See
“Configuring triggers” on page 557.
Setting name Description
Name Type the value of the name attribute of the parameter’s input tag exactly
as it appears in the form on the web page.
For example, if the HTML code for an input tag is:
<input type="password" name="pwd" />
the Name should be pwd.
Note: If the name is not correct, this rule will not match the parameter.
Max Length Type the maximum length of the string that is the input’s value.
For example, if the input’s value is always a short string like candy, the
maximum length could be 5. If the value is a number less than 100 such
as 42, the maximum length should be 2 (since the number “42” is 2
characters long).
To disable the length limit, type 0.
Tip: See also Malformed Request.
Required Enable if the parameter is required for HTTP/HTTPS requests to this
combination of Host: field and URL.
Use Type Check Enable to validate the data type of the parameter. Also configure
Argument Type.
Setting name Description