Fortinet black logo

User Guide

Information Leakage

Copy Link
Copy Doc ID 2ffc9903-bcb4-11e9-8977-00505692583a:426232
Download PDF

Information Leakage

FortiWeb Cloud can detect server error messages and other sensitive messages in the HTTP headers.

To configure attacks to defend

  1. Go to SECURITY RULES > Information Leakage.
    You must have already enabled this module in Add Modules. See How to add or remove a module.
  2. Configure these settings.

    Server Information Disclosure

    Enable to detect and erase server specific sensitive information in headers and response page, with no alerts generated.

    • Log ON—Check to record logs for any information leakage.
    • Log OFF—Uncheck to not record logs for any information leakage.

    Personally Identifiable Information

    Enable to identify personally identifiable information (PII).

    Cloak Error Pages

    Enable to replace 403, 404, and 5XX with 500 error code.

    Erase HTTP Headers

    Enable to cloak server replied HTTP headers.
    You can add multiple HTTP headers in which the sensitive information will be hidden.
  3. Click +Create Exception Rule (optional).
    You can also configure FortiWeb Cloud to omit attack signature scans by creating exception rules.
  4. Configure these settings.

    URI

    Specify a Uniform Resource Identifier (URI), for example, http://www.example.com.

    Request URL

    Specify a URL value to match. For example, /testpage.php, which match requests for http://www.test.com/testpage.php.

    • If String Match is selected, ensure the value starts with a forward slash ( / ) (for example, /testpage.php). You can enter a precise URL, such as /floder1/index.htm or use wildcards to match multiple URLs, such as /floder1/* ,or /floder1/*/index.htm.
    • If Regular Expression Match is selected, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash. For details, see Frequently used regular expressions.

    Do not include a domain name because it's by default the domain name of this application.

    Parameter Name

    Specify a parameter name to match. For example, http://www.test.com/testpage.php?a=1, the parameter name is "a".

    Cookie Name

    Specify a cookie name to match. Both String Match and Regular Expression Match are supported.

    JSON Elements

    Specify the name of the JSON element to match. Both String Match and Regular Expression Match are supported.

    Attack Category

    You can select an attack category between:

    • Server Information Disclosure
    • Personally Identifiable Information

    Signature ID

    The ID for the signature applied to the attack.

    Signature Information

    Signature description and examples are listed here. You can select any signature ID for the attack and view the signature details.

    note icon

    For Request URL and Parameter Name, you shall enable at least one. The request matching the specified URL and/or parameter in exception rule would not be treated as an attack even if it matches a particular signature.

  5. Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
    To configure the actions, you must first enable the Advanced Configuration in Global > System Settings > Settings.

    Alert

    Accept the request and generate a log message. To avoid log flooding, the minimum interval between logs is 1 second.

    Erase & Alert

    Hide or remove sensitive information in replies from the web server (sometimes called “cloaking”) and generate a log message. To avoid log flooding, the minimum interval between logs is 1 second.

    Deny & Erase(no log)

    For violations of the Server Information Disclosure, Cloak Error Pages, and the Erase HTTP Headers categories, hide or remove sensitive information in replies from the web server but do not generate log messages.

  6. Click SAVE.

    You can continue creating multiple exception rules for specific attacks.

Information Leakage

FortiWeb Cloud can detect server error messages and other sensitive messages in the HTTP headers.

To configure attacks to defend

  1. Go to SECURITY RULES > Information Leakage.
    You must have already enabled this module in Add Modules. See How to add or remove a module.
  2. Configure these settings.

    Server Information Disclosure

    Enable to detect and erase server specific sensitive information in headers and response page, with no alerts generated.

    • Log ON—Check to record logs for any information leakage.
    • Log OFF—Uncheck to not record logs for any information leakage.

    Personally Identifiable Information

    Enable to identify personally identifiable information (PII).

    Cloak Error Pages

    Enable to replace 403, 404, and 5XX with 500 error code.

    Erase HTTP Headers

    Enable to cloak server replied HTTP headers.
    You can add multiple HTTP headers in which the sensitive information will be hidden.
  3. Click +Create Exception Rule (optional).
    You can also configure FortiWeb Cloud to omit attack signature scans by creating exception rules.
  4. Configure these settings.

    URI

    Specify a Uniform Resource Identifier (URI), for example, http://www.example.com.

    Request URL

    Specify a URL value to match. For example, /testpage.php, which match requests for http://www.test.com/testpage.php.

    • If String Match is selected, ensure the value starts with a forward slash ( / ) (for example, /testpage.php). You can enter a precise URL, such as /floder1/index.htm or use wildcards to match multiple URLs, such as /floder1/* ,or /floder1/*/index.htm.
    • If Regular Expression Match is selected, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash. For details, see Frequently used regular expressions.

    Do not include a domain name because it's by default the domain name of this application.

    Parameter Name

    Specify a parameter name to match. For example, http://www.test.com/testpage.php?a=1, the parameter name is "a".

    Cookie Name

    Specify a cookie name to match. Both String Match and Regular Expression Match are supported.

    JSON Elements

    Specify the name of the JSON element to match. Both String Match and Regular Expression Match are supported.

    Attack Category

    You can select an attack category between:

    • Server Information Disclosure
    • Personally Identifiable Information

    Signature ID

    The ID for the signature applied to the attack.

    Signature Information

    Signature description and examples are listed here. You can select any signature ID for the attack and view the signature details.

    note icon

    For Request URL and Parameter Name, you shall enable at least one. The request matching the specified URL and/or parameter in exception rule would not be treated as an attack even if it matches a particular signature.

  5. Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
    To configure the actions, you must first enable the Advanced Configuration in Global > System Settings > Settings.

    Alert

    Accept the request and generate a log message. To avoid log flooding, the minimum interval between logs is 1 second.

    Erase & Alert

    Hide or remove sensitive information in replies from the web server (sometimes called “cloaking”) and generate a log message. To avoid log flooding, the minimum interval between logs is 1 second.

    Deny & Erase(no log)

    For violations of the Server Information Disclosure, Cloak Error Pages, and the Erase HTTP Headers categories, hide or remove sensitive information in replies from the web server but do not generate log messages.

  6. Click SAVE.

    You can continue creating multiple exception rules for specific attacks.