Fortinet 5.0 Patch 6

Fortinet 445 FortiWeb 5.0 Patch 6 Administration Guide

Header Line Length Type the maximum acceptable size in bytes of each line in the HTTP

header.

Attack log messages contain Header Line Too Large when this

feature detects an attempted header line length buffer overflow.

Number of Header

Lines In Request

Type the maximum acceptable number of lines in the HTTP header.

Attack log messages contain Too Many Headers when this

feature detects a header line count buffer overflow attempt.

Total URL and Body

Parameters Length

Type the total maximum total acceptable size in bytes of all

parameters in the URL and/or, for HTTP POST requests, the HTTP

body.

Question mark ( ? ), ampersand ( & ), and equal ( = ) characters are

not included.

Attack log messages contain Total URL and Body

Parameters Length Exceeded when this feature detects a total

parameter size buffer overflow attempt.

Total URL

Parameters Length

Type the total maximum acceptable length in bytes of all

parameters, including their names and values, in the URL.

Parameters usually appear after a ?, such as:

/url?parameter1=value1&parameter2=value2

It does not include parameters in the HTTP body, which can occur

with HTTP POST requests. For those, configure Total URL and Body

Parameters Length or Body Length instead.

Attack log messages contain Total URL Parameters Length

Exceeded when this feature detects a URL parameter line length

buffer overflow attempt.

Number of URL

Parameters

Type the maximum number of parameters in the URL. The

maximum number is 104.

It does not include parameters in the HTTP body, which can occur

with HTTP POST requests.

Attack log messages contain Too Many Parameters in

Request when this feature detects a URL parameter count buffer

overflow attempt.

Number of Cookies

In Request

Type the maximum acceptable number of cookies in an HTTP

request.

Attack log messages contain Too Many Cookies in Request

when this feature detects a cookie count buffer overflow attempt.

Number of ranges in

Range Header

Type the maximum acceptable number of Range: lines in each

HTTP header. The default value is 5.

Attack log messages contain Too Many Range Headers when

this feature detects too many Range: header lines.

Tip: Some versions of Apache are vulnerable to a denial of service

(DoS) attack on this header, where a malicious client floods the

server with many Range: headers. The default value is appropriate

for un-patched versions of Apache 2.0 and Apache 2.1.

Setting name Description