Fortinet 474 FortiWeb 5.0 Patch 6 Administration Guide
Illegal XML Format Enable to validate that XML elements and attributes in the request’s
body conforms to the W3C XML 1.1 and/or XML 2.0 standards.
Malformed XML, such as without the final > or with multiple >> in the
closing tag, is often an attempt to exploit an unhandled error
condition in a web application’s XHTML or XML parser.
Attack log messages contain Illegal XML Format when this
feature detects malformed XML.
Caution: If your back-end web servers require extensive protection
for a vulnerable XML parser, you should add 3rd-party XML protection
to your security architecture. Unlike XML protection profiles in
previous versions of FortiWeb, Illegal XML Format does not scan for
conformity with the document object model (DOM)/DTD/W3C
Schema, recursive payloads, Schema poisoning, or other advanced
XML attacks. It also cannot encrypt or sign XML elements. Failure to
provide adequate XML protection could allow attackers to
penetrate your network.
Custom Access Select the name of a combination source IP, rate limit, HTTP header,
and URL access policy, if any, that will be applied to matching
requests. See “Combination access control & rate limiting” on
page 325.
Attack log messages contain Custom Access Violation when
this feature detects a violation.
Parameter
Validation
Select the name of the parameter validation rule, if any, that will be
applied to matching requests. See “Validating parameters (“input
rules”)” on page 421.)
Attack log messages contain Parameter Validation
Violation when this feature detects a parameter rule violation.
Hidden Fields
Protection
Select the name of the hidden fields protection rule, if any, to use to
protect hidden fields on your web site. See “Preventing tampering
with hidden inputs” on page 430.
Attack log messages contain Hidden Field Manipulation when
this feature detects tampering.
This option appears only when Session Management is enabled.
File Upload
Restriction
Select an existing file upload restriction policy, if any, that will be
applied to matching HTTP requests. See “Limiting file uploads” on
page 451.
Attack log messages contain Illegal File Size when this
feature detects an excessively large upload.
HTTP Protocol
Constraints
Select the name of an HTTP parameter constraint, if any, that will be
applied to matching requests. See “HTTP/HTTPS protocol
constraints” on page 440.
Attack log messages for this feature vary by which type of constraint
was violated.
Brute Force Login Select the name of a brute force login attack profile, if any, that will be
applied to matching requests. See “Preventing b rute force logi ns” on
page 362.
Attack log messages contain Brute Force Login Violation
when this feature detects a brute force login attack.
Setting name Description