Fortinet 450 FortiWeb 5.0 Patch 6 Administration Guide
7. Click OK.
8. Repeat the previous steps for each rule you want to add to the exception.
9. Group the HTTP protocol constraint exception in an HTTP protocol constraint profile (see
“HTTP/HTTPS protocol constraints” on page 440).
See also
•Configuring a protection profile for inline topologies
•Configuring a protection profile for an out-of-band topology or asynchronous mode of
operation
Number of ranges in
Range Header
Enable to omit the constraint on the maximum acceptable number
of Range: lines in an HTTP header.
Tip: Some versions of Apache are vulnerable to a denial of service
(DoS) attack on this header, where a malicious client floods the
server with many Range: headers. If your web servers do not run
Apache and are not vulnerable to this attack, mark this check box to
omit it from the scan and improve performance.
Malformed Request Enable to omit the constraint on syntax and FortiWeb parsing errors.
Caution: Some web applications require abnormal or very large
HTTP POST requests. Since allowing such errors and excesses is
generally bad practice and can lead to vulnerabilities, use this
option to omit the malformed request scan only if absolutely
necessary.
Setting name Description