Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.3 Administration Guide
7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

Protecting a server running web applications

Protecting a server running web applications

You can use a web application firewall profile to protect a server that is running a web application, such as webmail.

Web application firewall profiles are created with a variety of options called signatures and constraints. Once these options are enabled, the action can be set to allow, monitor, or block. The severity can be set to high, medium, or low.

In the following example, the default profile will be targeted to block SQL injection attempts and generic attacks.

Note

The web application firewall feature is only available when the policy inspection mode is proxy-based.
To protect a server running web applications:
  1. Enable the web application firewall:
    1. Go to System > Feature Visibility.
    2. Under Security Features, enable Web Application Firewall.
    3. Click Apply.
  2. Edit the default web application firewall profile (Trojans and Known Exploits are blocked by default):
    1. Go to Security Profiles > Web Application Firewall and edit the default profile signature.
    2. Select SQL Injection (Extended) and edit it so that it is enabled, the Action is set to Block, and the Severity is set to High.
    3. Click OK.

    4. Enable Generic Attacks (Extended) and edit it so that it is enabled, the Action is set to Block, and the Severity is set to High.
    5. Click OK.

    6. Click OK.
  3. Apply the profile to a security policy:
    1. Go to Policy & Objects > Firewall Policy and edit the policy that allows access to the web server.
    2. For Firewall / Network Options, select the appropriate Protocol Option.
    3. For Security Profiles, enable Web Application Firewall and set it to use the default profile.
    4. Set the SSL Inspection to use the deep-inspection profile.
    5. Configure the other settings as needed.
    6. Click OK.
  4. Verify that the web application firewall blocks traffic:
    1. Use the following URL to simulate an attack on your web server and substitute the IP address of your server: http://<server IP>/index.php?username=1'%20or%20'1'%20=%20'1&password=1'%20or%20'1'%20=%20'1

      An error message appears, stating that the web application firewall has blocked the traffic:

Using FortiWeb for protection

Another way of protecting web applications is to forward HTTP traffic to a FortiWeb for scanning and inspection. A typical use case is to use a one-arm topology with FortiWeb running in reverse proxy mode to scan traffic before accessing the webpage on the web servers. See Planning the network topology in the FortiWeb Administration Guide for more information.

Previous
Next

Protecting a server running web applications

You can use a web application firewall profile to protect a server that is running a web application, such as webmail.

Web application firewall profiles are created with a variety of options called signatures and constraints. Once these options are enabled, the action can be set to allow, monitor, or block. The severity can be set to high, medium, or low.

In the following example, the default profile will be targeted to block SQL injection attempts and generic attacks.

Note

The web application firewall feature is only available when the policy inspection mode is proxy-based.
To protect a server running web applications:
  1. Enable the web application firewall:
    1. Go to System > Feature Visibility.
    2. Under Security Features, enable Web Application Firewall.
    3. Click Apply.
  2. Edit the default web application firewall profile (Trojans and Known Exploits are blocked by default):
    1. Go to Security Profiles > Web Application Firewall and edit the default profile signature.
    2. Select SQL Injection (Extended) and edit it so that it is enabled, the Action is set to Block, and the Severity is set to High.
    3. Click OK.

    4. Enable Generic Attacks (Extended) and edit it so that it is enabled, the Action is set to Block, and the Severity is set to High.
    5. Click OK.

    6. Click OK.
  3. Apply the profile to a security policy:
    1. Go to Policy & Objects > Firewall Policy and edit the policy that allows access to the web server.
    2. For Firewall / Network Options, select the appropriate Protocol Option.
    3. For Security Profiles, enable Web Application Firewall and set it to use the default profile.
    4. Set the SSL Inspection to use the deep-inspection profile.
    5. Configure the other settings as needed.
    6. Click OK.
  4. Verify that the web application firewall blocks traffic:
    1. Use the following URL to simulate an attack on your web server and substitute the IP address of your server: http://<server IP>/index.php?username=1'%20or%20'1'%20=%20'1&password=1'%20or%20'1'%20=%20'1

      An error message appears, stating that the web application firewall has blocked the traffic:

Using FortiWeb for protection

Another way of protecting web applications is to forward HTTP traffic to a FortiWeb for scanning and inspection. A typical use case is to use a one-arm topology with FortiWeb running in reverse proxy mode to scan traffic before accessing the webpage on the web servers. See Planning the network topology in the FortiWeb Administration Guide for more information.

Previous
Next