Fortinet 47 FortiWeb 5.0 Patch 6 Administration Guide
For example, when configuring DoS protection, configuration must occur in this order:
1. Configure anti-DoS settings for each type:
• TCP connection floods (“Limiting TCP connections per IP address” on page 351)
TCP SYN floods (“Preventing a TCP SYN flood” on page 354)
HTTP floods (“Preventing an HTTP request flood” on page 347)
HTTP access limits (“Limiting the total HTTP request rate from an IP” on page 339)
Malicious IPs (TCP connection floods detected by session cookie instead of source IP
address, which could be shared by multiple clients; “Limiting TCP connections per IP
address by session cookie” on page 344)
Scripts and robots (“Preventing automated requests” on page 357)
2. Group the settings together into a comprehensive anti-DoS policy (“Grouping DoS
protection rules” on page 355).
3. Select the anti-DoS policy in a protection profile, and enable Session Management
(“Configuring a protection profile for inline topologies” on page 468).
4. Select the protection profile in a server policy (“Configuring a server policy” on page 483).
Permissions
Depending on the account that you use to log in to the FortiWeb appliance, you may not have
complete access to all CLI commands or areas of the web UI.
Access profiles control which commands and areas an administrator account can access.
Access profiles assign either:
Read (view access)
Write (change and execute access)
•both Read and Write
no access