Fortinet black logo

Handbook

Web Anti-Defacement

Web Anti-Defacement

The Web Anti-Defacement feature examines a website’s files for changes at specified time intervals. If it detects a change that could indicate a defacement attack, it will notify you and quickly react by automatically restoring the website contents to the previous backup.

To configure a Web Anti-Defacement policy:
  1. Go to Web Application Firewall> Web Anti-Defacement.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration.
  4. Click Test Connection to test the connection between the FortiADC and the web server.
  5. Save the configuration.

Web Anti-Defacement Configuration

Settings Guidelines

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

Description

A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.

Monitor

Enable/Disable to monitor the website’s files for changes, and to download backup revisions for reverting the website to its previous revision.

Host Name/IP Address

Type the IP address or FQDN of the web server.

Connection Type

Select which protocol to use when connecting to the website in order to monitor its contents and download website backups.

  • FTP
  • SSH

Port

Enter the TCP port number on which the website’s real server listens. The standard port number for FTP is 21; the standard port number for SSH is 22. The valid range is 1 to 65535.

Folder of Web Site

Type the path to the website’s folder, such as public_html or wwwroot,

on the real server. The path is relative to the initial location when logging in

with the user name that you specify in Username.

Username

Enter the user name that the FortiADC will use to log in to the website’s real server.

Password

Enter the password for the username you enterd

Monitor Interval for Root Folder

Enter the time interval in seconds between each monitoring connection from the FortiADC to the web server. During this connection, the FortiADC examines Folder of Web Site(but not its subfolders) to see if any files have changed by comparing the files with the latest backup.

If it detects any file changes, FortiADC will download a new backup revision. If you have enabled Restore in Automatic Action, FortiADC will revert the files to their previous version.

The valid range is 1 to 86400 seconds and default value is 600 seconds

Monitor Interval for Other Folder

Enter the time interval in seconds between each monitoring connection from the FortiADC to the web server. During this connection, the FortiADC examines subfolders to see if any files have been changed by comparing the files with the latest backup.

If it detects any file changes, the FortiADC will download a new backup revision. If you have enabled Restore in Automatic Action, FortiADC will revert the files to their previous version.

The valid range is 1 to 86400 seconds and default value is 600 seconds

Skip Files Larger Than

Type a file size limit in kilobytes (KB) to indicate which files will be included in the website backup. Files exceeding this size will not be backed up. The valid range is 1 to 102400 KB and the default file size limit is 10 240 KB.

Note: Backing up large files can impact performance.

Skip Files with these Extensions

Type zero or more file extensions, such as iso, avi, to exclude from the website backup. Separate each file extension with a comma.

Note: Backing up large files, such as video and audio, can impact performance.

Automatic Action

Select to decide which action will be excuted when the FortiADC detects file changes.

  • Disable - Accept changes and record the change in “Total Changed” table when FortiADC detects that the web site has been changed. You can manually restore the web site to a previous revision.
  • Acknowledge - Automatically accept changes to the web site when FortiADC detects that the web site has been changed
  • Restore - Enable to automatically restore the web site to the previous revision number when FortiADC detects that the web site has been changed.

Accepting or reverting changed files

The anti-defacement feature maintains a list of files that have changed for each website it monitors. You can use this list to review, accept, and revert the changes.

To restore all the website files, use Automatic Action - Restore.

Alternatively, to automatically acknowledge all changes to files (for example, if you are updating the website), use Automatic Action - Acknowledge.

To accept or rever changed files
  1. Go to Web Application Firewall> Web Anti-Defacement. For the appropriate website, click the value in the Total Changed column.
  2. Do one of the following:
    1. Select an item in the list, and then click the Acknowledge icon to accept the individual change. FortiADC clears the item from the list.
    2. l Select an item in the list, and then click the Revert to icon. In the list of previous versions, click the Revert to this version icon for the version to revert to. FortiADC adds this revert action as a new version in the list.

Web Anti-Defacement

The Web Anti-Defacement feature examines a website’s files for changes at specified time intervals. If it detects a change that could indicate a defacement attack, it will notify you and quickly react by automatically restoring the website contents to the previous backup.

To configure a Web Anti-Defacement policy:
  1. Go to Web Application Firewall> Web Anti-Defacement.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration.
  4. Click Test Connection to test the connection between the FortiADC and the web server.
  5. Save the configuration.

Web Anti-Defacement Configuration

Settings Guidelines

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

Description

A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.

Monitor

Enable/Disable to monitor the website’s files for changes, and to download backup revisions for reverting the website to its previous revision.

Host Name/IP Address

Type the IP address or FQDN of the web server.

Connection Type

Select which protocol to use when connecting to the website in order to monitor its contents and download website backups.

  • FTP
  • SSH

Port

Enter the TCP port number on which the website’s real server listens. The standard port number for FTP is 21; the standard port number for SSH is 22. The valid range is 1 to 65535.

Folder of Web Site

Type the path to the website’s folder, such as public_html or wwwroot,

on the real server. The path is relative to the initial location when logging in

with the user name that you specify in Username.

Username

Enter the user name that the FortiADC will use to log in to the website’s real server.

Password

Enter the password for the username you enterd

Monitor Interval for Root Folder

Enter the time interval in seconds between each monitoring connection from the FortiADC to the web server. During this connection, the FortiADC examines Folder of Web Site(but not its subfolders) to see if any files have changed by comparing the files with the latest backup.

If it detects any file changes, FortiADC will download a new backup revision. If you have enabled Restore in Automatic Action, FortiADC will revert the files to their previous version.

The valid range is 1 to 86400 seconds and default value is 600 seconds

Monitor Interval for Other Folder

Enter the time interval in seconds between each monitoring connection from the FortiADC to the web server. During this connection, the FortiADC examines subfolders to see if any files have been changed by comparing the files with the latest backup.

If it detects any file changes, the FortiADC will download a new backup revision. If you have enabled Restore in Automatic Action, FortiADC will revert the files to their previous version.

The valid range is 1 to 86400 seconds and default value is 600 seconds

Skip Files Larger Than

Type a file size limit in kilobytes (KB) to indicate which files will be included in the website backup. Files exceeding this size will not be backed up. The valid range is 1 to 102400 KB and the default file size limit is 10 240 KB.

Note: Backing up large files can impact performance.

Skip Files with these Extensions

Type zero or more file extensions, such as iso, avi, to exclude from the website backup. Separate each file extension with a comma.

Note: Backing up large files, such as video and audio, can impact performance.

Automatic Action

Select to decide which action will be excuted when the FortiADC detects file changes.

  • Disable - Accept changes and record the change in “Total Changed” table when FortiADC detects that the web site has been changed. You can manually restore the web site to a previous revision.
  • Acknowledge - Automatically accept changes to the web site when FortiADC detects that the web site has been changed
  • Restore - Enable to automatically restore the web site to the previous revision number when FortiADC detects that the web site has been changed.

Accepting or reverting changed files

The anti-defacement feature maintains a list of files that have changed for each website it monitors. You can use this list to review, accept, and revert the changes.

To restore all the website files, use Automatic Action - Restore.

Alternatively, to automatically acknowledge all changes to files (for example, if you are updating the website), use Automatic Action - Acknowledge.

To accept or rever changed files
  1. Go to Web Application Firewall> Web Anti-Defacement. For the appropriate website, click the value in the Total Changed column.
  2. Do one of the following:
    1. Select an item in the list, and then click the Acknowledge icon to accept the individual change. FortiADC clears the item from the list.
    2. l Select an item in the list, and then click the Revert to icon. In the list of previous versions, click the Revert to this version icon for the version to revert to. FortiADC adds this revert action as a new version in the list.