You can configure URL access rules that define which HTTP requests FortiWeb Cloud accepts or denies based on their
Host: name and URL, as well as the origin of the request.
To create a URL access rule
- Go to ACCESS RULES > URL Access.
You must have already enabled this module in Add Modules. See How to add or remove a module.
- Click +Create Rule.
- Configure these settings.
Enter a unique name that can be referenced in other parts of the configuration.
Enter a regular expression that matches the target URL. To create a regular expression, see Frequently used regular expressions.
Select the action that FortiWeb Cloud takes when it detects a violation of the rule.
- Alert & Deny—Block the request (or reset the connection) and generate an alert email and/or log message.
- Pass—Allow the request. Do not generate an alert and/or log message.
Continue—Continue by evaluating any subsequent rules defined in the web protection profile.
If the request does not violate any other rules, FortiWeb Cloud allows the request. If the single request violates multiple rules, it generates multiple attack log messages.
- Click OK.
You can continue creating at most 12 URL access rules for an application.