FortinetFortinet 7 FortiWeb 5.0 Patch 6 Administration Guide
How to offload or inspect HTTPS........................................................................ 283
Generating a certificate signing request........................................................ 285
Uploading a server certificate........................................................................ 289
Supplementing a server certificate with its signing chain........................ 291
How to apply PKI client authentication (personal certificates)............................ 293
Example: Generating & downloading a personal certificate from
Microsoft Windows 2003 Server................................................................. 297
Example: Downloading the CA’s certificate from
Microsoft Windows 2003 Server................................................................. 306
Example: Importing the personal certificate & private key to a client’s trust store
on Microsoft Windows 7.............................................................................. 307
Uploading the CA’s certificate to FortiWeb’s trusted CA store..................... 315
Configuring FortiWeb to validate client certificates....................................... 316
Revoking certificates ........................................................................................... 318
Revoking certificates by OCSP query............................................................ 319
How to export/back up certificates & private keys.............................................. 320
Access control.............................................................................................. 321Restricting access to specific URLs.................................................................... 321
Grouping access rules per combination of URL & “Host:”............................ 324
Combination access control & rate limiting......................................................... 325
Blacklisting & whitelisting clients......................................................................... 329
Blacklisting source IPs with poor reputation................................................. 329
Blacklisting countries & regions..................................................................... 331
Blacklisting & whitelisting clients individually by source IP........................... 335
Blacklisting content scrapers, search engines, web crawlers, & other robots.....
337
Rate limiting.................................................................................................. 338DoS prevention.................................................................................................... 338
Configuring application-layer DoS protection ............................................... 338
Limiting the total HTTP request rate from an IP ...................................... 339
Example: HTTP request rate limit per IP............................................ 344
Limiting TCP connections per IP address by session cookie.................. 344
Example: TCP connection per session limit ...................................... 347
Preventing an HTTP request flood........................................................... 347
Example: HTTP request flood prevention.......................................... 351
Configuring network-layer DoS protection.................................................... 351
Limiting TCP connections per IP address ............................................... 351
Example: TCP flood prevention......................................................... 354
Preventing a TCP SYN flood.................................................................... 354
Grouping DoS protection rules...................................................................... 355
Preventing automated requests........................................................................... 357
Example: Preventing email directory harvesting............................................ 360
Configuring browser enforcement exceptions............................................... 361
Preventing brute force logins............................................................................... 362