Global Trustlist
You can configure FortiWeb Cloud to ignore scanning parameters specified for modules of signature based detection, syntax based detection, and anomaly detection across the entire application.
- Go to SECURITY RULES > Global Trustlist.
You must have already enabled this module in Add Modules. See How to add or remove a module. - Click Create New.
- Configure these settings.
Parameter Name
Enter a unique name for the parameter as it appears in the URL or HTTP body. Request Status
Optionally, you can enable to indicate a regular expression designed to match multiple URLs, which carry the trustlist parameters. Request URL
Specify a URL value to match, such as
^/*.php
, which matches requests forhttp://www.test.com/^/*.php
. The pattern does not require a slash ( / ); however, it must at match URLs that begin with a slash, such as/index.cfm
.See Frequently used regular expressions.
Do not include a domain name because it's by default the domain name of this application.
- Click OK.
In the global trustlist table, you can click buttons in to edit, or delete the parameter rule; also, you can choose to enable or disable to indicate the URL to match.