Fortinet 5.0 Patch 6

Fortinet 494 FortiWeb 5.0 Patch 6 Administration Guide

Web Protection

Profile

Select the profile to apply to the connections accepted by this policy,

or select Create New to add a new profile in a pop-up window,

without leaving the current page.

For details on specific protection profiles, see:

•“Configuring a protection profile for inline topologies” on

page 468,

•“Configuring a protection profile for an out-of-band topology or

asynchronous mode of operation” on page 477, or

Note: Depending on the profile types that the current operation mode

supports, not all profiles may be available. For details, see Tabl e 4 2

on page 463.

Note: Clients with source IP addresses designated as a trusted IP are

exempt from being blocked by the protection profile. For details, see

“Blacklisting & whitelisting clients individually by source IP” on

page 335.

View Profile

Details

To display the settings contained in a profile without leaving the

current page, select a profile from Web Protection Profile, then click

this button.

To return to the policy settings, click Back to Policy Settings.

WAF Auto Learn

Profile

Select the auto-learning profile, if any, to use in order to discover

attacks, URLs, and parameters in your web servers’ HTTP sessions,

or select Create New to add a new auto-learning profile in a pop-up

window, without leaving the current page. For details, see

“Configuring an auto-learning profile” on page 177.

Monitor Mode Enable to override any actions included in the profiles, and instead

accept the request and generate an alert email and/or log message

for all policy violations.

Auto-learning requires that you either configure all actions to be Alert

or enable this option in order to collect complete session information

in order to build accurate protection profiles.

Caution: Enabling this action will cause the FortiWeb appliance to

permit attack attempts to complete, ignoring the Action setting (deny,

redirect, etc.) in protection profile components.

Note: Logging and/or alert email will occur only if enabled and

configured. See “Logging” on page 542 and “Alert email” on

page 576.

Note: This option does not affect real browser enforcement. See

“Preventing automated requests” on page 357.

URL Case

Sensitivity

Enable to differentiate uniform resource locators (URLs) according to

upper case and lower case letters for features that act upon the URLs

in the headers of HTTP requests, such as start page rules, IP list

rules, and page access rules.

For example, when this option is enabled, an HTTP request involving

http://www.Example.com/ would not match profile features that

specify http://www.example.com (difference is lower case "e").

Setting name Description