Fortinet 5.0 Patch 6

Fortinet 426 FortiWeb 5.0 Patch 6 Administration Guide

5. Click OK.

6. Click Create New to add an entry to the set. You can add up to 1,024.

A dialog appears.

7. Configure these settings:

Severity When rule violations are recorded in the attack log, each log message

contains a Severity Level (severity_level) field. Select which

severity level the FortiWeb appliance will use when it logs a violation of

the rule:

•Low

•Medium

• High

The default value is High.

Trigger Action Select which trigger, if any, that the FortiWeb appliance will use when it

logs and/or sends an alert email about a violation of the rule. See

“Configuring triggers” on page 557.

Setting name Description

Name Type the value of the name attribute of the parameter’s input tag exactly

as it appears in the form on the web page.

For example, if the HTML code for an input tag is:

the Name should be pwd.

Note: If the name is not correct, this rule will not match the parameter.

Max Length Type the maximum length of the string that is the input’s value.

For example, if the input’s value is always a short string like candy, the

maximum length could be 5. If the value is a number less than 100 such

as 42, the maximum length should be 2 (since the number “42” is 2

characters long).

To disable the length limit, type 0.

Tip: See also Malformed Request.

Required Enable if the parameter is required for HTTP/HTTPS requests to this

combination of Host: field and URL.

Use Type Check Enable to validate the data type of the parameter. Also configure

Argument Type.

Setting name Description