Fortinet 617 FortiWeb 5.0 Patch 6 Administration Guide
FortiWeb will be evaluating the string multiple times — not once — before it finds a
match. This significantly decreases performance.
When comparing single characters, use character classes such as:
[abc]
instead of alternative matches like
(a|b|c)
Match character by character, not word by word. If words begin with the same
characters, it is not efficient to evaluate the beginning of the match string multiple times
— once for each possible word.
For example, to match the words “the”, “then”, “this”, and “these”, this expression is
easy to read, but inefficient because it evaluates the first two characters (“th”) up to 4
times:
\b(this|the|then|these)\b
While harder to read, this expression improves performance, evaluating “th” once, and
will match the most common word in English (“the”) before considering less probable
words:
\bth(e(n|se)|is)\b
Reduce nested quantifiers such as:
(abc){1,6}
(abc)+
Worst-case evaluations do not increase computation time linearly, but exponentially.
When such an expression is compiled, it also consumes much more RAM. Use the
smallest possible repetition, or an alternative expression.
Avoid Unicode character properties such as /p{Nd} if you can use a character class
instead. Due to the huge numbers and complexity of potential matches in Unicode, these
can be dramatically slower.
Avoid look-ahead match conditions such as:
?=abcdefge
?!abcdefge
To do this, FortiWeb must make additional computations — in the example above, 8 in the
best case scenario, an immediate match. FortiWeb also must keep the originally consumed
match string in memory while it does this, which increases RAM consumption.
Logging performance
If you have a FortiAnalyzer, store FortiWeb’s logs on the FortiAnalyzer to avoid resource
usage associated with writing logs to FortiWeb’s own hard disks. See “Configuring log
destinations” on page 549.
If you do not need a traffic log, disable it to reduce the use of system resources. See
“Enabling log types, packet payload retention, & resource shortage alerts” on page 546.
Reduce repetitive log messages. Use the alert email settings, as shown in Figure 76, to
define the interval that emails are sent if the same condition persists following the initial
occurrence. See “Configuring email settings” on page 576.