Support User Manuals

Fortinet 5.0 Patch 6 Microscope & Magnifier User Manual

Open as PDF

of 705

Fortinet 614 FortiWeb 5.0 Patch 6 Administration Guide

Enforcing valid, applicable HTTP

• If your web server does not require anything other than GET or POST, disable unused HTTP

methods to reduce vectors of attack. See “Specifying allowed HTTP methods” on page 436.

• Enforce RFC compliance and any limitations specific to your back-end web servers or

applications to defeat exploit attempts. See “HTTP/HTTPS protocol constraints” on

page 440 and “Limiting file uploads” on page 451.

Sanitizing HTML application inputs

Most web applications are not written with security in mind, and do not correctly sanitize input.

Before a signature or patch is available, you can still block new input-related attacks by

rejecting all invalid input that could potentially break the intended behavior of ASP, PHP,

JavaScript or other applications. See “Validating parameters (“input rules”)” on page 421 and

“Preventing tampering with hidden inputs” on page 430.

Improving performance

When configuring your FortiWeb appliance and its features, there are many settings and

practices that can yield better performance.

System performance

• Delete or disable unused policies. FortiWeb allocates memory with each server policy,

regardless of whether it is actually in active use. Configuring extra policies will unnecessarily

consume memory and decrease performance.

• To reduce latency associated with DNS queries, use a DNS server on your local network as

your primary DNS. See “Configuring DNS settings” on page 130.

• If your network’s devices support them, you can create one or more VLAN interfaces. VLANs

reduce the size of a broadcast domain and the amount of broadcast traffic received by

network hosts, thus improving network performance. See “Adding VLAN subinterfaces” on

page 117.

• If you have enabled the server health check feature as part of a server farm and one of the

servers is down for an extended period, you may improve the performance of your FortiWeb

appliance by disabling the physical server, rather than allowing the server health check to

File uploads’ total size Cache Body Length

Number of file uploads 8 Malformed Request

Table 57:FortiWeb buffer configuration

Buffer Limit Block oversized requests using

Other buffers also exist. Their limitations, however, vary dynamically.

previous next