Fortinet 5.0 Patch 6

Fortinet 478 FortiWeb 5.0 Patch 6 Administration Guide

should configure the offline protection profile to log but not block attacks in order to gather

complete session statistics for the auto-learning feature.

To configure an offline protection profile

1. Before configuring an offline protection profile, first configure any of the following that you

want to include in the profile:

• an allowed method policy (see “Specifying allowed HTTP methods” on page 436)

• a file upload restriction policy (see “Limiting file uploads” on page 451)

• a URL access policy (see “Grouping access rules per combination of URL & “Host:”” on

page 324)

• a signature set (see “Blocking known attacks & data leaks” on page 387)

• a parameter validation policy (see “Validating parameters (“input rules”)” on page 421)

• a hidden field protection rule (see “Preventing tampering with hidden inputs” on

page 430)

• a brute force login attack profile (see “Preventing brute force logins” on page 362

• a protocol constraints profile (see “HTTP/HTTPS protocol constraints” on page 440)

• a robot control profile (see “Blacklisting content scrapers, search engines, web crawlers,

& other robots” on page 337)

• an IP list (see “Blacklisting & whitelisting clients individually by source IP” on page 335)

• the IP reputation policy (see “Blacklisting source IPs with poor reputation” on page 329)

• a file uncompress rule (see “Configuring decompression to enable scanning & rewriting”

on page 460)

• a trigger if you plan to use policy-wide log and alert settings (see “Configuring triggers”

on page 557)

2. Go to Policy > Web Protection Profile > Offline Protection Profile.

To access this part of the web UI, your administrator’s account access profile must have

Read and Write permission to items in the Web Protection Configuration category. For

details, see “Permissions” on page 47.

3. Click Create New.

Predefined profiles cannot be edited, but can be viewed and cloned.

Offline protection profiles only include features that do not require an inline network topology.

They can be configured at any time, but cannot be applied by a policy if the FortiWeb appliance

is operating in a mode that does not support them. For details, see Ta ble 42 on page 463.

To save time, you may be able to use auto-learning to generate protection profiles and their

components by observing your web servers’ traffic. For details, see “Auto-learning” on

page 151.