Fortinet 5.0 Patch 6

Fortinet 495 FortiWeb 5.0 Patch 6 Administration Guide

Error Page Select, if any, either [Default] to use or a custom error page, if any, to

use when responding to an HTTP request that violates the policy

when the consequence Action is Alert & Deny or Period Block, and

when the action applies to the HTTP layer. (Actions such as blocking

a TCP/IP connection being initiated cannot, of course, contain an

HTTP response.)

If you select [Default], configure Error Page Return Code and Error

Message. Otherwise see “Uploading a custom error page” on

page 467.

Error Page Return

Code

Type the HTTP status code that FortiWeb will use to respond to

blocked requests, such as:

•200 — OK. Typically indicates success, and accompanies

resource requested by the client.

•400 — Bad Request. Typically indicates wrong syntax.

•403 — Forbidden. Typically indicates inaccessible files.

•404 — File Not Found. Typically indicates missing files.

•500 — Internal Server Error. Typically indicates one of many

possible conditions such as a servlet runtime error.

•501 — Not Implemented. Typically indicates a non-existent

function on the web application.

If the error would normally allow an attacker to fingerprint a vulnerable

application, this status can be customized to provide a more vague

reply to the client. Conversely, if the application does not provide the

correct error status code, you can also use this setting to correct it.

This setting appears only if Error Page is [Default].

Error Message Type an error message that FortiWeb will use to respond to blocked

requests.

The maximum length is 1,023 characters. This option appears only

when Error Page is [Default].

Server Health

Check

Select which server health check, if any, to use when determining

responsiveness of web servers in the server farm, or select Create

New to add a server health check in a pop-up window, without

leaving the current page. For details, see “Configuring server

up/down checks” on page 254.

This option appears only if Deployment Mode is Server Balance, or

Content Routing.

Note: If a web server is unresponsive, wait until the server becomes

responsive again before disabling its server health check. Server

health checks record the up or down status of the server. If you

deactivate the server health check while the server is unresponsive,

the server health check will be unable to update the recorded status,

and FortiWeb appliance will continue to regard the web server as if it

were unresponsive. You can determine the web server’s connectivity

status using the Service Status widget or an SNMP trap. For details,

see “Server Status widget” on page 538 or “Configuring an SNMP

community” on page 581.

Setting name Description