Fortinet 435 FortiWeb 5.0 Patch 6 Administration Guide
8. Click the Fetch URL button on the dialog.
FortiWeb retrieves the web page you specified in Request URL on the Hidden Fields Rule
dialog, and analyzes it. A new dialog appears displaying a list of hidden inputs that FortiWeb
found, and URLs where those hidden inputs will be posted when a client submits the form.
Entries in the list are color-coded by the recommended course of action:
•Blue — The URL/hidden field exists in the requested URL, but you have not yet
configured it in the hidden field rule. Add it to the hidden field rule.
•Red — The URL/hidden field does not exist in the requested URL, yet it is currently
configured in the hidden field rule. Remove it from the hidden field rule.
•Black — The URL/hidden field exists in both the requested URL and your hidden field
rule.
For each entry that you want included in the hidden field rule, in the Status column, mark its
check box.
9. Click OK to save the entries in the dialog.
FortiWeb adds the entries to the Post URL Table and Hidden Fields Table on the Hidden
Fields Rule dialog. It also removes any that did not match the fetched URL.
10.To manually add entries to either table, do the following:
• Click Create New under the applicable table.
A dialog appears prompting for either a new URL or hidden field.
• Enter the name of the post URL or hidden field.
• Click OK.
11.Repeat the previous steps for each post URL or hidden field that you want to manually add
to the hidden field rule.
12.On the Hidden Fields Rule dialog, click OK.
13.Go to Web Protection > Input Validation > Hidden Fields Policy.
Also mark the check boxes of any previously configured items that you want to keep in the
hidden field rule. If you do not, they will be deleted.