Fortinet 451 FortiWeb 5.0 Patch 6 Administration Guide
Limiting file uploadsYou can restrict file uploads based upon file type and size.
Detection and restriction are performed by scanning Content-Type: and Content-Length:
headers in HTTP PUT and POST request methods submitted to your web servers.
For example, if you want to allow only specific types of files (MP3 audio files, PDF text files and
GIF and JPG picture files) to be uploaded to:
http://www.example.com/upload.php
create a file upload restriction policy that contains rules that define only those specific file types.
When FortiWeb receives an HTTP PUT or POST request for the /upload.php URL with Host:
www.example.com, it scans the HTTP request and allows only the specified file types to be
uploaded. FortiWeb blocks file uploads for any HTTP request that contains non-specified file
types.
To configure a file upload restriction
1. Go to Web Protection > Input Validation > File Upload Restriction Rule.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Web Protection Configuration category. For
details, see “Permissions” on page 47.
2. Click Create New.
A dialog appears.
3. In Name, type a unique name that can be referenced by other parts of the configuration. Do
not use spaces or special characters. The maximum length is 35 characters.