Fortinet 5.0 Patch 6 Configuring allowed method exceptions

Fortinet 438 FortiWeb 5.0 Patch 6 Administration Guide

5. Click OK.

6. To apply the allowed method policy, select it in an inline or offline protection profile (see

“Configuring a protection profile for inline topologies” on page 468 or “Configuring a

protection profile for an out-of-band topology or asynchronous mode of operation” on

page 477).

Configuring allowed method exceptions

You can configure exceptions to allowed HTTP method policies.

While most URL and host name combinations controlled by a profile may require similar HTTP

request methods, you may have some that require different methods. Instead of forming

separate policies and profiles for those requests, you can configure allowed method

exceptions. The exceptions define specific HTTP request methods that are allowed by specific

URLs and hosts.

To configure an allowed method exception

1. Before you configure an allowed method exception, if you want to apply it only to HTTP

requests for a specific real or virtual host, you must first define the web host in a protected

hosts group. For details, see “Defining your protected/allowed HTTP “Host:” header names”

on page 249.

2. Go to Web Protection > Access > Allow Method Exceptions.

To access this part of the web UI, your administrator’s account access profile must have

Read and Write permission to items in the Web Protection Configuration category. For

details, see “Permissions” on page 47.

3. Click Create New.

A dialog appears.

Trigger

Action

Select which trigger, if any, that the FortiWeb appliance will use when it logs

and/or sends an alert email about a violation of the rule. See “Configuring

triggers” on page 557.

Allow

Method

Exceptions

Select an HTTP request method exception definition to apply to the policy.

The method exceptions define specific HTTP request methods that are

allowed by specific URLs and hosts.

If you want to view the information associated with the HTTP request

method exceptions used by this policy, select the Detail link beside the Allow

Method Exceptions list. The Allow Method Exceptions dialog appears. Use

the browser Back button to return.

For more information, see “Configuring allowed method exceptions”.

Setting

name

Description