Fortinet 433 FortiWeb 5.0 Patch 6 Administration Guide
Action Select which action the FortiWeb appliance will take when it detects a
violation of the rule:
Alert — Accept the connection and generate an alert email and/or log
message.
Alert & Deny — Block the request (reset the connection) and generate an
alert and/or log message.
You can customize the web page that will be returned to the client with
the HTTP status code. See “Uploading a custom error page” on page 467
or Error Message.
Period Block — Block subsequent requests from the client for a number
of seconds. Also configure Block Period.
You can customize the web page that will be returned to the client with
the HTTP status code. See “Uploading a custom error page” on page 467
or Error Message.
Note: If FortiWeb is deployed behind a NAT load balancer, when using
this option, you must also define an X-header that indicates the original
client’s IP (see “Defining your proxies, clients, & X-headers” on page 266).
Failure to do so may cause FortiWeb to block all connections when it
detects a violation of this type.
Redirect — Redirect the request to the URL that you specify in the
protection profile and generate an alert and/or log message. Also
configure Redirect URL and Redirect URL With Reason.
Send 403 Forbidden — Reply with an HTTP 403 Access Forbidden
error message and generate an alert and/or log message.
The default value is Alert.
Note: This setting will be ignored if Monitor Mode is enabled.
Note: Logging and/or alert email will occur only if enabled and configured.
See “Logging” on page 542 and “Alert email” on page 576.
Note: Because the new active appliance does not know previous session
history, after an HA failover, for existing sessions, FortiWeb will not be able
to apply this feature. See “Sessions & FortiWeb HA” on page 39.
Note: If you will use this rule set with auto-learning, you should select Alert.
If Action is Alert & Deny, or any other option that causes the FortiWeb
appliance to terminate or modify the request or reply when it detects an
attack attempt, the interruption will cause incomplete session information for
auto-learning.
Block
Period
Type the number of seconds that you want to block subsequent requests
from the client after the FortiWeb appliance detects that the client has
violated the rule.
This setting is available only if Action is set to Period Block. The valid range
is from 1 to 3,600 (1 hour). The default value is 1. See also “Monitoring
currently blocked IPs” on page 606.
Setting
name
Description