Fortinet 444 FortiWeb 5.0 Patch 6 Administration Guide
Trigger Action Select which trigger, if any, that the FortiWeb appliance will use
when it logs and/or sends an alert email about a violation of the rule.
See “Configuring triggers” on page 557.
Illegal Host Name Enable to check for illegal characters in the Host: line of the HTTP
header, such as null characters or encoded characters.
For example, characters such as 0x0 or %00* will be considered
illegal.
Attack log messages contain Illegal Host Name when this
feature detects an invalid host name.
Illegal HTTP Version Enable to check for invalid HTTP version numbers. Currently, the
only valid version strings are HTTP/1.0 or HTTP/1.1.
Attack log messages contain Illegal HTTP Version when this
feature detects an invalid HTTP version number.
Illegal HTTP
Request Method
Enable to check for invalid HTTP request methods according to
RFC 2616. Any method not defined in that RFC — including
misspellings like GETT as well as HTTP extension methods (e.g.
WebDAV and CalDAV) like PROPFIND and MKCALENDAR — will be
considered invalid.
Attack log messages contain Illegal HTTP Method when this
feature detects an invalid HTTP request method.
HTTP Request
Length
Type the maximum acceptable length in bytes of the entire HTTP
request, including both headers and body.
Attack log messages contain HTTP Request Length Exceeded
when this feature detects an excessively large HTTP request.
Content Length Type the maximum acceptable length in bytes of the request body.
Length is determined by comparing this limit with the value of the
Content-Length: field in the HTTP header.
Attack log messages contain Content Length Exceeded when
this feature detects a content length buffer overflow attempt.
Tip: RPC requests’ content length often do not match their own
Content-Length: header. Attackers may also intentionally craft
mismatching Content-Length: headers in an attempt to cloak
buffer overflows. For those cases, use other limits instead or in
addition, such as Body Length and “Limiting file uploads” on
page 451.
Body Length Type the maximum acceptable size in bytes of the HTTP body.
For requests that use the HTTP POST method, this typically includes
parameters from submitted by HTML form inputs. In the case of file
uploads, this can normally be many megabytes. For most simple
forms, however, the body should be only a few kilobytes in size at
maximum.
Attack log messages contain Body Length Exceeded when this
feature detects a body size buffer overflow attempt.
Header Length Type the maximum acceptable size in bytes of all HTTP header
lines.
Attack log messages contain Total Size of All Headers
Too Large when this feature detects a header size buffer overflow
attempt.
Setting name Description