Fortinet 5.0 Patch 6

Fortinet 469 FortiWeb 5.0 Patch 6 Administration Guide

configure the offline protection profile to log but not block attacks in order to gather complete

session statistics for the auto-learning feature.

To configure an inline protection profile

1. Before configuring an inline protection profile, first configure any of the following that you

want to include in the profile:

•an X-Forwarded-For: or other X-header rule (see “Defining your proxies, clients, &

X-headers” on page 266)

• a file upload restriction (see “Limiting file uploads” on page 451)

• an allowed method set (see “Specifying allowed HTTP methods” on page 436)

• a URL access rule (see “Grouping access rules per combination of URL & “Host:”” on

page 324)

• a signature set (see “Blocking known attacks & data leaks” on page 387)

• a page order rule (see “Enforcing page order that follows application logic” on page 411)

• a parameter validator (see “Validating parameters (“input rules”)” on page 421)

• a hidden fields protector (see “Preventing tampering with hidden inputs” on page 430)

• a start pages rule (see “Specifying URLs allowed to initiate sessions” on page 415)

• a brute force login attack detector (see “Preventing brute force logins” on page 362

• a protocol constraints rule (see “HTTP/HTTPS protocol constraints” on page 440)

• a rewriting or redirection set (see “Grouping rewriting & redirection rules” on page 385)

• an authentication policy (see “Offloading HTTP authentication & authorization” on

page 225)

• a site publishing policy (see “Single sign-on (SSO)” on page 243)

• a file compression rule (see “Configuring compression offloading” on page 457)

• a file decompression rule (see “Configuring decompression to enable scanning &

rewriting” on page 460)

• a DoS protector (see “Grouping DoS protection rules” on page 355)

• a client IP set (see “Blacklisting & whitelisting clients individually by source IP” on

page 335)

• the IP reputation policy (see “Blacklisting source IPs with poor reputation” on page 329)

• a trigger if you plan to use policy-wide log and alert settings (see “Configuring triggers”

on page 557)

Inline protection profiles include features that require an inline network topology. They can be

configured at any time, but cannot be applied by a policy if the FortiWeb appliance is operating

in a mode that does not support them. For details, see Tab le 42 on page 463.

To save time, you may be able to use auto-learning to generate protection profiles and their

components by observing your web servers’ traffic. For details, see “Auto-learning” on

page 151.