Panel timeout
System > Admin > Settings
Idle Timeout: 5 mins # Default: 5
Check Rules Exception
Web Protection > Known Attacks > Signatures > "YOUR_POLICY_NAME" > "Signature Details" BTN
FotiWeb Signatures Exception Rule
Host
Specifies the Host: field value to match.
URI
- String Match
- Regular Expression Match
String Match: ensure the value starts with a forward slash ( / )
for example, /causes-false-positives.php
Full URL
Specifies a URL value that includes parameters to match.
URI v.s Full URL
URI
/testpage.php
which match requests for http://www.test.com/testpage.php?a=1&b=2.
Full URL
/testpage.php?a=1&b=2
which match requests for http://www.test.com/testpage.php?a=1&b=2.
- Do not include a domain name.
- To match a domain name, use the Host element type.
- To match a URL that does not include parameters, use the URI type.
Parameter
Name: Specifies the name of the parameter to match.
Check Value of Specified Element: Select to specify a parameter value to match in addition to the parameter name.
HTTP header
- Name: Specifies the name of the HTTP header to match.
- Value: Specifies the HTTP header value to match.
SQL Injection
False Positive Mitigation
Click to enable or disable additional SQL syntax validation.
i.e. Signature ID 040000182 有這選項
P.S.
Signature ID: 040000182
Description:
This signature prevents attackers from adding attack info through "NOT" SQL statement.
This attack can be archived in HTTP request URL, arguments and headers.
To verify whether the request is a SQL instruction FortiWeb uses lexical analysis which converts the statement characters in the request into a sequence of tokens.
It then runs the tokens through different built-in SQL templates and using a SQL parser it validates whether this is a true SQL structure.
If it is then this event is not a false positive and FortiWeb triggers the signature violation action
When this option is enabled and the validation is successful, FortiWeb takes the specified action.
If it fails, FortiWeb takes no action.
regex
\S Matches a character that is not white space, such as A or 9
\d Matches a decimal digit such as 9.
\D Matches a character that is not a digit, such as A or b or É.
\w Matches a whole word. [a-zA-Z0-9_]
+
*
? Makes the preceding character or capture group optional
i.e.
Regular expression: (www\.)?example.com
Matches:
www.example.com example.com
| # Or
{} # \d{3}