Support User Manuals

Fortinet 5.0 Patch 6 Microscope & Magnifier User Manual

Open as PDF

of 705

Fortinet 328 FortiWeb 5.0 Patch 6 Administration Guide

4. Click OK.

5. Click Create New to add an entry to the set.

A dialog appears.

6. From Filter Type, select one of the following conditions that a request must match in order to

be allowed, then click OK.

The settings in the next dialog that appears varies by your selection in Filter Type.

• Source IPv4/IPv6 — Type the IP address of a client that will be allowed. Depending on your

configuration of how FortiWeb will derive the client’s IP (see “Defining your proxies, clients, &

X-headers” on page 266), this may be the IP address that is indicated in an HTTP header

rather than the IP header.

• HTTP Access Rate Limit — This is the number of requests per second per client IP.

Depending on your configuration of how FortiWeb will derive the client’s IP (see “Defining

your proxies, clients, & X-headers” on page 266), this may be the IP address that is indicated

in an HTTP header rather than the IP header.

• URL — Type a regular expression that will match one or more URLs, such as /index\.jsp.

Do not include the host name.

• HTTP Header — Indicate a single HTTP Header Name such as Host:, and all or part of its

value in Header Value. The request/response will match the condition if that header contains

Block Period Type the number of seconds that you want to block subsequent requests

from the client after the FortiWeb appliance detects that the client has

violated the rule.

This setting is available only if Action is set to Period Block. The valid

range is from 1 to 3,600 (1 hour). The default value is 60. See also

“Monitoring currently blocked IPs” on page 606.

Severity When rule violations are recorded in the attack log, each log message

contains a Severity Level (severity_level) field. Select which severity

level the FortiWeb appliance will use when it logs a violation of the rule:

•Low

•Medium

• High

The default value is Medium.

Trigger Action Select which trigger, if any, that the FortiWeb appliance will use when it

logs and/or sends an alert email about a violation of the rule. See

“Configuring triggers” on page 557.

Setting name Description

To accept requests that do not match the URL, do not precede the URL with an exclamation

mark ( ! ). Use the CLI to configure the reverse-match {no | yes} setting for this filter.

For details, see the FortiWeb CLI Reference.

previous next