Fortinet 5.0 Patch 6

Fortinet 522 FortiWeb 5.0 Patch 6 Administration Guide

Setting Name Description

Shared IP Enable to analyze the identification (ID) field in IP packet headers in order to

distinguish source IP addresses that are actually Internet connections

shared by multiple clients, not single clients. For an example, see

“Example: Setting a separate rate limit for shared Internet connections” on

page 523.

You can configure the ID difference threshold that triggers shared IP

detection. For details, see config system ip-detection in the

FortiWeb CLI Reference.

Note: The shared IP address rate limit for some features (see “Preventing

brute force logins” on page 362 and “Limiting the total HTTP request rate

from an IP” on page 339) will be ignored unless you enable this option.

Tip: To improve performance and reduce memory consumption, if all

source IP addresses should receive the same rate limit regardless of the

number of clients sharing each connection, disable this option.

Recursive URL

Decoding

Enable to detect URL-embedded attacks that are obfuscated using

recursive URL encoding (that is, multiple levels’ worth of URL encoding).

Encoded URLs can be legitimately used for non-English URLs, but can also

be used to avoid detection of attacks that use special characters. FortiWeb

can decode encoded URLs to scan for these types of attacks. Several

encoding types are supported, including IIS-specific Unicode encoding.

For example, you could detect the character A that is encoded as either

%41, %x41, %u0041, or \t41.

Disable to decode only one level, if the URL is encoded.

Maximum Body

Cache Size

Type the maximum size in kilobytes (KB) of the body of the HTTP response

from the web server that FortiWeb will cache per URL.

Responses are cached to improve performance on compression,

decompression, and rewriting on often-requested URLs.

Valid values range from 32 to 1,024. The default value is 64.

Maximum DLP

Cache Size

Type the maximum size in kilobytes (KB) of the body of the HTTP response

from the web server that FortiWeb will buffer and scan for data leak

protection (DLP).

Responses are cached to improve performance on compression,

decompression, and rewriting on often-requested URLs.

Valid values vary by Maximum Body Cache Size.