Fortinet 511 FortiWeb 5.0 Patch 6 Administration Guide
5. Click Login Option’s blue arrow to expand the section, then configure the following:
Setting name Description
Login with HTTP
Authentication
Enable to use basic HTTP authentication if the web server
returns HTTP 401 Unauthorized to request authorization.
Also configure User and Password.
Alternatively, configure Login with specified URL/data.
After authentication, if the web server redirects the request
(HTTP 302), the FortiWeb appliance will use this new web
page as its starting point for the scan, replacing the URL that
you configured in Hostname/IP or URL.
Note: If a web site requires authentication and you do not
configure the vulnerability scan to authenticate, the scan
results will be incomplete.
User Type the user name to provide to the web site if it requests
HTTP authentication.
Password Type the password corresponding to the user name.
Login with
specified
URL/data
Enable to authenticate if the web server does not use HTTP
401 Authorization Required, but instead provides a
web page with a form that allows the user to authenticate
using HTTP POST. Also configure Authenticate URL and
Authenticate Data.
After authentication, if the web server redirects the request
(HTTP 302 Found), the FortiWeb appliance will use this new
web page as its starting point for the scan, replacing the
URL that you configured in Hostname/IP or URL.
Note: If a web site requires authentication and you do not
configure it, the scan results will be incomplete.
Authenticate URL Type the URL, such as /login.jsp, that the vulnerability
scan will use to authenticate with the web application before
beginning the scan.
Authenticate Data Type the parameters, such as
userid=admin&password=Re2b8WyUI, that will be
accompany the HTTP POST request to the authentication
URL, and contains the values necessary to authenticate.
Typically, this string will include user name and password
parameters, but may contain other variables, depending on
the web application.