Fortinet 490 FortiWeb 5.0 Patch 6 Administration Guide
Virtual Server
or
Data Capture Port
or
V-zone
Select the name of a virtual server, data capture (listening) network
interface, or v-zone (bridge).
The name and purpose of this drop-down list varies by operation
mode:
•Reverse proxy — Virtual Server identifies the IP address and
network interface of incoming traffic that will be routed and to
which the policy will apply a profile.
•Offline protection — Data Capture Port identifies the network
interface of incoming traffic that the policy to which it will attempt
to apply a profile. The IP address will be ignored.
•True transparent proxy or transparent inspection — V-zone
identifies the network interface of the incoming traffic to which the
policy will apply a profile.
Server Type If you selected Single Server from Deployment Mode, indicate how
you will define that server by selecting either Physical Server or
Domain Server.
Physical Server
or
Domain Server
Select either the physical or domain server to which to forward
connections, or select Create New to configure a new web server
definition in a pop-up window, without leaving the current page. For
details, see “Defining your web server by its IP address” on page 251
or “Defining your web server by its DNS domain name” on page 253.
This option appears only when you have selected Single Server from
Deployment Mode.
Server Farm Select the server farm whose web servers will receive the
connections. For details, see “Grouping your web servers into server
farms” on page 256.
This option appears only if Deployment Mode is Server Balance,
HTTP Content Routing, Offline Protection, or Transparent Servers.
Note: If Deployment Mode is Offline Protection or Transparent
Servers, you must select a server farm, even though the FortiWeb
appliance will allow connections to pass through instead of actively
distributing connections. Therefore, if you want to govern
connections for only a single web server, rather than a group of
servers, you must configure a server farm with that single web server
as its only member in order to select it in the policy.
Protected Servers Select a protected servers group to allow or reject connections based
upon whether the Host: field in the HTTP header is empty or does or
does not match the protected hosts group. For details, see “Defining
your protected/allowed HTTP “Host:” header names” on page 249.
If you do not select a protected servers group, requests will be
accepted or blocked based upon other criteria in the policy or
protection profile, but regardless of the Host: field in the HTTP
header.
Attack log messages contain HTTP Host Violation when this
feature does not detect an allowed host name.
Caution: Unlike HTTP 1.1, HTTP 1.0 does not require the Host:
field. The FortiWeb appliance will not block HTTP 1.0 requests for
lacking this field, regardless of whether or not you have selected a
protected servers group.
Setting name Description