Fortinet 5.0 Patch 6

Fortinet 481 FortiWeb 5.0 Patch 6 Administration Guide

Illegal XML

Format

Enable to validate that XML elements and attributes in the request’s

body conforms to the W3C XML 1.1 and/or XML 2.0 standards.

Malformed XML, such as without the final > or with multiple >> in the

closing tag, is often an attempt to exploit an unhandled error condition

in a web application’s XHTML or XML parser.

Attack log messages contain Illegal XML Format when this feature

detects malformed XML.

Custom Access Select the name of a combination source IP, rate limit, HTTP header, and

URL access policy, if any, that will be applied to matching requests. See

“Combination access control & rate limiting” on page 325.

Attack log messages contain Advanced Protection Violation

when this feature detects a violation.

Parameter

Validation Rule

Select the name of the HTTP parameter validation rule, if any, that will

be applied to matching requests. See “Validating parameters (“input

rules”)” on page 421.

Attack log messages contain Parameter Validation Violation

when this feature detects a parameter rule violation.

Note: If a WAF Auto Learning Profile will be selected in a server policy

using this profile, you should select a parameter validation rule whose

Action is Alert. If the Action is Alert & Deny, the FortiWeb appliance will

reset the connection when it detects an attack, resulting in incomplete

session information for the auto-learning feature.

Hidden Fields

Protection Rule

Select the name of a hidden fields group, if any, that will be applied to

matching requests. See “Preventing tampering with hidden inputs” on

page 430.

Attack log messages contain Hidden Field Manipulation when

this feature detects hidden input tampering.

This option appears only if Session Management is enabled.

File Upload

Restriction

Policy

Select an existing file upload restriction policy, if any, that will be applied

to matching requests. See “Limiting file uploads” on page 451.

Attack log messages contain Illegal file size when this feature

detects an excessively large upload.

HTTP Protocol

Constraints

Select the name of an HTTP protocol constraint, if any, that will be

applied to matching requests. See “HTTP/HTTPS protocol constraints”

on page 440.

Attack log messages for this feature vary by which type of attack was

detected. For a list, see “HTTP/HTTPS protocol constraints” on

page 440.

Setting name Description