Fortinet 5.0 Patch 6

FortinetFortinet 7 FortiWeb 5.0 Patch 6 Administration Guide

How to offload or inspect HTTPS........................................................................ 283

Generating a certificate signing request........................................................ 285

Uploading a server certificate........................................................................ 289

Supplementing a server certificate with its signing chain........................ 291

How to apply PKI client authentication (personal certificates)............................ 293

Example: Generating & downloading a personal certificate from

Microsoft Windows 2003 Server................................................................. 297

Example: Downloading the CA’s certificate from

Microsoft Windows 2003 Server................................................................. 306

Example: Importing the personal certificate & private key to a client’s trust store

on Microsoft Windows 7.............................................................................. 307

Uploading the CA’s certificate to FortiWeb’s trusted CA store..................... 315

Configuring FortiWeb to validate client certificates....................................... 316

Revoking certificates ........................................................................................... 318

Revoking certificates by OCSP query............................................................ 319

How to export/back up certificates & private keys.............................................. 320

Access control.............................................................................................. 321

Restricting access to specific URLs.................................................................... 321

Grouping access rules per combination of URL & “Host:”............................ 324

Combination access control & rate limiting......................................................... 325

Blacklisting & whitelisting clients......................................................................... 329

Blacklisting source IPs with poor reputation................................................. 329

Blacklisting countries & regions..................................................................... 331

Blacklisting & whitelisting clients individually by source IP........................... 335

Blacklisting content scrapers, search engines, web crawlers, & other robots.....

337

Rate limiting.................................................................................................. 338

DoS prevention.................................................................................................... 338

Configuring application-layer DoS protection ............................................... 338

Limiting the total HTTP request rate from an IP ...................................... 339

Example: HTTP request rate limit per IP............................................ 344

Limiting TCP connections per IP address by session cookie.................. 344

Example: TCP connection per session limit ...................................... 347

Preventing an HTTP request flood........................................................... 347

Example: HTTP request flood prevention.......................................... 351

Configuring network-layer DoS protection.................................................... 351

Limiting TCP connections per IP address ............................................... 351

Example: TCP flood prevention......................................................... 354

Preventing a TCP SYN flood.................................................................... 354

Grouping DoS protection rules...................................................................... 355

Preventing automated requests........................................................................... 357

Example: Preventing email directory harvesting............................................ 360

Configuring browser enforcement exceptions............................................... 361

Preventing brute force logins............................................................................... 362