FortinetFortinet 8 FortiWeb 5.0 Patch 6 Administration Guide
Rewriting & redirecting................................................................................ 367Example: HTTP-to-HTTPS redirect ..................................................................... 373
Example: Full host name/URL translation ........................................................... 376
Example: Sanitizing poisoned HTML................................................................... 380
Example: Inserting & deleting body text.............................................................. 382
Example: Rewriting URLs using regular expressions.......................................... 383
Example: Rewriting URLs using variables........................................................... 384
Grouping rewriting & redirection rules................................................................. 385
Blocking known attacks & data leaks........................................................ 387Configuring action overrides or exceptions to data leak & attack detection signa-
tures................................................................................................................... 398
Finding signatures that are disabled or “Alert Only”...................................... 401
Defining custom data leak & attack signatures................................................... 401
Example: ASP .Net version & other multiple server detail leaks.................... 406
Example: Zero-day XSS................................................................................. 407
Example: Local file inclusion fingerprinting via Joomla................................. 409
Enforcing page order that follows application logic............................................ 411
Specifying URLs allowed to initiate sessions...................................................... 415
Preventing zero-day attacks....................................................................... 421Validating parameters (“input rules”)................................................................... 421
Bulk changes to input validation rules........................................................... 428
Defining custom data types........................................................................... 429
Preventing tampering with hidden inputs............................................................ 430
Specifying allowed HTTP methods...................................................................... 436
Configuring allowed method exceptions....................................................... 438
HTTP/HTTPS protocol constraints...................................................................... 440
Configuring HTTP protocol constraint exceptions ........................................ 446
Limiting file uploads..................................................................................... 451Compression & decompression.................................................................. 456Configuring compression/decompression exemptions....................................... 456
Configuring compression offloading.................................................................... 457
Configuring decompression to enable scanning & rewriting............................... 460
Policies.......................................................................................................... 463How operation mode affects server policy behavior........................................... 463
Configuring the global object white list ............................................................... 464
Uploading a custom error page........................................................................... 467
Configuring a protection profile for inline topologies........................................... 468
Configuring a protection profile for an out-of-band topology or asynchronous mode
of operation....................................................................................................... 477