Support User Manuals

Fortinet 5.0 Patch 6 Microscope & Magnifier User Manual

Open as PDF

of 705

Fortinet 171 FortiWeb 5.0 Patch 6 Administration Guide

For example, if you include the Email data type in the data type group, auto-learning profiles

that use the data type group might discover that your web applications use a parameter named

username whose value is an email address.

The predefined data type group, named predefine

-data-type-group, cannot be edited or

deleted.

To configure a predefined data type group

1. Go to Auto Le

arn > Predefined Pattern > Data Type Group.

To access this part of the web UI, your administrator’s account access profile must have

Read and Write permission to items in the Server Policy Configuration category. For details,

see “Permissions” on page 47.

2. Click Create New.

A dialog appears.

3. In Name, type a unique name that can be referenced by other parts of the configuration. Do

not use spaces or special characters. The maximum length is 35 characters.

4. In Type, mark the check box of each predefined data type that you want to include in the set,

such as Email or Canadian Social Insurance Number.

To examine the regular expressions for each data type, see “Predefined data types” on

page 166.

5. Click OK.

6. To use a data type group, select it when configuring either an auto-learning profile (see

“Configuring an auto-learning profile” on page 177) or input rule (see “Validating parameters

(“input rules”)” on page 421).

See also

• Predefined data types

• Configuring an auto-learning profile

• Validating parameters (“input rules”)

• Recognizing data types

Recognizing suspicious requests

FortiWeb appliances can recognize known attacks by comparing each request to a signature.

How, then, does it recognize requests that aren’t known to be an attack, or aren’t always an

attack, but might be?

FortiWeb uses several methods for this:

• HTTP protocol constraints (“HTTP/HTTPS protocol constraints” on page 440)

• application parameter sanitizers & constraints (“Preventing zero-day attacks” on page 421)

• exploit signatures (“Blocking known attacks & data leaks” on page 387)

• DoS/DDoS sensors (“DoS prevention” on page 338)

• access control lists (“Access control” on page 321)

If you know that your network’s HTTP sessions do not include a specific data type, omit it

from the data type group to improve performance. The FortiWeb appliance will not expend

resources scanning traffic for that data type.

previous next