Fortinet 438 FortiWeb 5.0 Patch 6 Administration Guide
5. Click OK.
6. To apply the allowed method policy, select it in an inline or offline protection profile (see
“Configuring a protection profile for inline topologies” on page 468 or “Configuring a
protection profile for an out-of-band topology or asynchronous mode of operation” on
page 477).
Configuring allowed method exceptionsYou can configure exceptions to allowed HTTP method policies.
While most URL and host name combinations controlled by a profile may require similar HTTP
request methods, you may have some that require different methods. Instead of forming
separate policies and profiles for those requests, you can configure allowed method
exceptions. The exceptions define specific HTTP request methods that are allowed by specific
URLs and hosts.
To configure an allowed method exception
1. Before you configure an allowed method exception, if you want to apply it only to HTTP
requests for a specific real or virtual host, you must first define the web host in a protected
hosts group. For details, see “Defining your protected/allowed HTTP “Host:” header names”
on page 249.
2. Go to Web Protection > Access > Allow Method Exceptions.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Web Protection Configuration category. For
details, see “Permissions” on page 47.
3. Click Create New.
A dialog appears.
Trigger
Action
Select which trigger, if any, that the FortiWeb appliance will use when it logs
and/or sends an alert email about a violation of the rule. See “Configuring
triggers” on page 557.
Allow
Method
Exceptions
Select an HTTP request method exception definition to apply to the policy.
The method exceptions define specific HTTP request methods that are
allowed by specific URLs and hosts.
If you want to view the information associated with the HTTP request
method exceptions used by this policy, select the Detail link beside the Allow
Method Exceptions list. The Allow Method Exceptions dialog appears. Use
the browser Back button to return.
For more information, see “Configuring allowed method exceptions”.
Setting
name
Description