Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.4.4 Handbook
    7.4.4
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring a File Restriction rule

    Configuring a File Restriction rule

    Define the File Restriction rule for Input Validation to restrict file uploads based on file type and size.

    The File Restriction rule function can do the following:

    • Check the HOST by simple string or regular expression matching.
    • Check the URL by simple string or regular expression matching.
    • Check the uploaded file type and file size by simple string or regular expression matching.

    If the conditions are successfully matched, it will execute the specified action.

    To configure a File Restriction rule:
    1. Go to Web Application Firewall > Input Validation.
    2. Click the File Restriction tab.
    3. Click Create New to display the configuration editor.
    4. Configure the following File Restriction settings:

      Setting

      Description

      Name

      Enter a unique File Restriction policy name. Valid characters are A-Z, a-z, 0-9, _, and -. No space is allowed.

      Note: Once saved, the name of a File Restriction policy cannot be changed.

      Host Status

      Enable to require that the Host: field of the HTTP request match a protected host name's entry in order to match the URL access rule. Also configure Host.

      Host

      The Host option is available if Host Status is enabled.

      Select which protected host name's entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the URL access rule.

      Request URL

      The HTTP request URL must be start with /. eg./login. This item must be set when configuring the rule. FortiADC will match the other item (rule) when matching the request URL; if the match fails, FortiADC will not attempt to match others.

      Action

      Select the action profile that you want to apply. See Configuring WAF Action objects.

      The default value is Alert.

      Severity

      When FortiADC records violations of this rule in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level FortiADC uses when using Input Validation:

      • Low
      • Medium
      • High

      The default value is Low.

      Upload File Status

      Allow: Only allow the selected file type to upload.

      Block: Block any upload of the selected file type.

      Upload File Size

      The maximum size of the uploaded file.

    5. Click Save.
      Once the File Restriction configuration is saved, the Upload File Type section can be configured.
    6. Under the Upload File Type section, click Create New to display the configuration editor.
    7. In the Field Type field, select the supported file types for the uploaded file.
    8. Click Save to update the File Restriction configuration.

    After the File Restriction rule has been saved, you can include it in an Input Validation Policy.

    Previous
    Next

    Configuring a File Restriction rule

    Configuring a File Restriction rule

    Define the File Restriction rule for Input Validation to restrict file uploads based on file type and size.

    The File Restriction rule function can do the following:

    • Check the HOST by simple string or regular expression matching.
    • Check the URL by simple string or regular expression matching.
    • Check the uploaded file type and file size by simple string or regular expression matching.

    If the conditions are successfully matched, it will execute the specified action.

    To configure a File Restriction rule:
    1. Go to Web Application Firewall > Input Validation.
    2. Click the File Restriction tab.
    3. Click Create New to display the configuration editor.
    4. Configure the following File Restriction settings:

      Setting

      Description

      Name

      Enter a unique File Restriction policy name. Valid characters are A-Z, a-z, 0-9, _, and -. No space is allowed.

      Note: Once saved, the name of a File Restriction policy cannot be changed.

      Host Status

      Enable to require that the Host: field of the HTTP request match a protected host name's entry in order to match the URL access rule. Also configure Host.

      Host

      The Host option is available if Host Status is enabled.

      Select which protected host name's entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the URL access rule.

      Request URL

      The HTTP request URL must be start with /. eg./login. This item must be set when configuring the rule. FortiADC will match the other item (rule) when matching the request URL; if the match fails, FortiADC will not attempt to match others.

      Action

      Select the action profile that you want to apply. See Configuring WAF Action objects.

      The default value is Alert.

      Severity

      When FortiADC records violations of this rule in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level FortiADC uses when using Input Validation:

      • Low
      • Medium
      • High

      The default value is Low.

      Upload File Status

      Allow: Only allow the selected file type to upload.

      Block: Block any upload of the selected file type.

      Upload File Size

      The maximum size of the uploaded file.

    5. Click Save.
      Once the File Restriction configuration is saved, the Upload File Type section can be configured.
    6. Under the Upload File Type section, click Create New to display the configuration editor.
    7. In the Field Type field, select the supported file types for the uploaded file.
    8. Click Save to update the File Restriction configuration.

    After the File Restriction rule has been saved, you can include it in an Input Validation Policy.

    Previous
    Next