Fortinet 465 FortiWeb 5.0 Patch 6 Administration Guide
whitelist your own custom URLs, cookies, and parameters on Server Objects > Global >
Custom Global White List.
When enabled, whitelisted items are not flagged as potential problems, nor incorporated into
auto-learning data. This feature reduces false positives and improves performance.
To include white list items during policy enforcement and auto-learning reports, you must first
disable them in the global white list.
To disable an item in the predefined global white list
1. Go to Server Objects > Global > Predefined Global White List.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Server Policy Configuration category. For details,
see “Permissions” on page 47.
2. To see the items that each section contains and to expose those items’ Enable check box,
click the blue expansion arrows.
3. In the row of the item that you want to disable, clear the check box in the Enable column.
4. Click Apply.
5. To verify that an item is no longer whitelisted, you can enable auto-learning, then make a
request to a protected web site. The auto-learning report should omit any items that you
have disabled, such as the /favicon.ico URL. Alternatively, use the parameter or URL to
attempt to trigger an attack signature that should block it.
To configure a custom global whitelist
1. Go to Server Objects > Global > Custom Global White List.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Server Policy Configuration category. For details,
see “Permissions” on page 47.
2. Click Create New.