Fortinet 5.0 Patch 6

Fortinet 444 FortiWeb 5.0 Patch 6 Administration Guide

Trigger Action Select which trigger, if any, that the FortiWeb appliance will use

when it logs and/or sends an alert email about a violation of the rule.

See “Configuring triggers” on page 557.

Illegal Host Name Enable to check for illegal characters in the Host: line of the HTTP

header, such as null characters or encoded characters.

For example, characters such as 0x0 or %00* will be considered

illegal.

Attack log messages contain Illegal Host Name when this

feature detects an invalid host name.

Illegal HTTP Version Enable to check for invalid HTTP version numbers. Currently, the

only valid version strings are HTTP/1.0 or HTTP/1.1.

Attack log messages contain Illegal HTTP Version when this

feature detects an invalid HTTP version number.

Illegal HTTP

Request Method

Enable to check for invalid HTTP request methods according to

RFC 2616. Any method not defined in that RFC — including

misspellings like GETT as well as HTTP extension methods (e.g.

WebDAV and CalDAV) like PROPFIND and MKCALENDAR — will be

considered invalid.

Attack log messages contain Illegal HTTP Method when this

feature detects an invalid HTTP request method.

HTTP Request

Length

Type the maximum acceptable length in bytes of the entire HTTP

request, including both headers and body.

Attack log messages contain HTTP Request Length Exceeded

when this feature detects an excessively large HTTP request.

Content Length Type the maximum acceptable length in bytes of the request body.

Length is determined by comparing this limit with the value of the

Content-Length: field in the HTTP header.

Attack log messages contain Content Length Exceeded when

this feature detects a content length buffer overflow attempt.

Tip: RPC requests’ content length often do not match their own

Content-Length: header. Attackers may also intentionally craft

mismatching Content-Length: headers in an attempt to cloak

buffer overflows. For those cases, use other limits instead or in

addition, such as Body Length and “Limiting file uploads” on

page 451.

Body Length Type the maximum acceptable size in bytes of the HTTP body.

For requests that use the HTTP POST method, this typically includes

parameters from submitted by HTML form inputs. In the case of file

uploads, this can normally be many megabytes. For most simple

forms, however, the body should be only a few kilobytes in size at

maximum.

Attack log messages contain Body Length Exceeded when this

feature detects a body size buffer overflow attempt.

Header Length Type the maximum acceptable size in bytes of all HTTP header

lines.

Attack log messages contain Total Size of All Headers

Too Large when this feature detects a header size buffer overflow

attempt.

Setting name Description