Fortinet 481 FortiWeb 5.0 Patch 6 Administration Guide
Illegal XML
Format
Enable to validate that XML elements and attributes in the request’s
body conforms to the W3C XML 1.1 and/or XML 2.0 standards.
Malformed XML, such as without the final > or with multiple >> in the
closing tag, is often an attempt to exploit an unhandled error condition
in a web application’s XHTML or XML parser.
Attack log messages contain Illegal XML Format when this feature
detects malformed XML.
Custom Access Select the name of a combination source IP, rate limit, HTTP header, and
URL access policy, if any, that will be applied to matching requests. See
“Combination access control & rate limiting” on page 325.
Attack log messages contain Advanced Protection Violation
when this feature detects a violation.
Parameter
Validation Rule
Select the name of the HTTP parameter validation rule, if any, that will
be applied to matching requests. See “Validating parameters (“input
rules”)” on page 421.
Attack log messages contain Parameter Validation Violation
when this feature detects a parameter rule violation.
Note: If a WAF Auto Learning Profile will be selected in a server policy
using this profile, you should select a parameter validation rule whose
Action is Alert. If the Action is Alert & Deny, the FortiWeb appliance will
reset the connection when it detects an attack, resulting in incomplete
session information for the auto-learning feature.
Hidden Fields
Protection Rule
Select the name of a hidden fields group, if any, that will be applied to
matching requests. See “Preventing tampering with hidden inputs” on
page 430.
Attack log messages contain Hidden Field Manipulation when
this feature detects hidden input tampering.
This option appears only if Session Management is enabled.
File Upload
Restriction
Policy
Select an existing file upload restriction policy, if any, that will be applied
to matching requests. See “Limiting file uploads” on page 451.
Attack log messages contain Illegal file size when this feature
detects an excessively large upload.
HTTP Protocol
Constraints
Select the name of an HTTP protocol constraint, if any, that will be
applied to matching requests. See “HTTP/HTTPS protocol constraints”
on page 440.
Attack log messages for this feature vary by which type of attack was
detected. For a list, see “HTTP/HTTPS protocol constraints” on
page 440.
Setting name Description