Fortinet 615 FortiWeb 5.0 Patch 6 Administration Guide
continue checking for the server's responsiveness. See “Configuring server up/down
checks” on page 254.
Use the least intensive, earliest possible scan to deflect attacks. See “Sequence of scans”
on page 23.
Use Period Block if possible as the Action setting for DoS protection rules. This allows
FortiWeb to conserve scanning resources that will by definition be under heavy demand
during a DoS or DDoS attack.
Antivirus performance
Disable scanning of BZIP2 if it is not necessary.
Reduce the scanning buffer to the minimum necessary.
Reduce the number of redundant levels of compression that FortiWeb will scan. Normally,
people will not put a ZIP file within a ZIP file, because it is inconvenient to open and does not
offer significant compression ratio improvements. Nested compression is usually used by
viruses to bypass antivirus scanners.
Regular expression performance tips
Use a simple string instead if possible. Generally, regular expressions should only be used
when defining all matching text requires a complex pattern. Regular expressions such as:
^.*/index\.html$
are usually more computationally intensive than a literal string comparison such as:
/index.html
Reduce evaluation complexity.
For example, when using auto-learning to discover if street addresses are a valid input,
scanning for postal codes or state abbreviations instead may dramatically improve
performance. A pattern to fully match all possible street addresses is significantly more
Short regular expressions can sometimes be more complex to compute. Don’t look at the
number of characters in the regular expression. Instead, think of both the usual and worst
possible case in the match string: the maximum number of characters that must be
compared to the pattern before a match can be verified or not.
The usual case will tell you the average CPU and RAM load. The worst case will tell you if
your regular expression could sometimes cause potential hang-like conditions, temporarily
blocking traffic throughput until it finishes evaluating.
If the worst possible match string is short and not complex to match, the regular expression
may not be worth your time to optimize.