Filter
Top Products
FortinetFortinet 8 FortiWeb 5.0 Patch 6 Administration Guide
Rewriting & redirecting................................................................................ 367
Example: HTTP-to-HTTPS redirect ..................................................................... 373
Example: Full host name/URL translation ........................................................... 376
Example: Sanitizing poisoned HTML................................................................... 380
Example: Inserting & deleting body text.............................................................. 382
Example: Rewriting URLs using regular expressions.......................................... 383
Example: Rewriting URLs using variables ........................................................... 384
Grouping rewriting & redirection rules................................................................. 385
Blocking known attacks & data leaks ........................................................ 387
Configuring action overrides or exceptions to data leak & attack detection signa-
tures................................................................................................................... 398
Finding signatures that are disabled or “Alert Only”...................................... 401
Defining custom data leak & attack signatures ................................................... 401
Example: ASP .Net version & other multiple server detail leaks.................... 406
Example: Zero-day XSS................................................................................. 407
Example: Local file inclusion fingerprinting via Joomla ................................. 409
Enforcing page order that follows application logic ............................................ 411
Specifying URLs allowed to initiate sessions ...................................................... 415
Preventing zero-day attacks ....................................................................... 421
Validating parameters (“input rules”) ................................................................... 421
Bulk changes to input validation rules........................................................... 428
Defining custom data types........................................................................... 429
Preventing tampering with hidden inputs............................................................ 430
Specifying allowed HTTP methods...................................................................... 436
Configuring allowed method exceptions ....................................................... 438
HTTP/HTTPS protocol constraints ...................................................................... 440
Configuring HTTP protocol constraint exceptions ........................................ 446
Limiting file uploads..................................................................................... 451
Compression & decompression.................................................................. 456
Configuring compression/decompression exemptions....................................... 456
Configuring compression offloading.................................................................... 457
Configuring decompression to enable scanning & rewriting............................... 460
Policies .......................................................................................................... 463
How operation mode affects server policy behavior........................................... 463
Configuring the global object white list ............................................................... 464
Uploading a custom error page........................................................................... 467
Configuring a protection profile for inline topologies........................................... 468
Configuring a protection profile for an out-of-band topology or asynchronous mode
of operation ....................................................................................................... 477