WebSocket Protocol is a TCP-based network protocol, which enables full-duplex communication between a web browser and a server.
FortiWeb Cloud now secures WebSocket traffic with a variety of security controls such as allowed formats, frame and message size and signature detection.
You can create WebSocket security rules to detect traffic that uses the WebSocket TCP-based protocol.
To create a WebSocket security rule
- Go to ADVANCED APPLICATIONS > XML Protection.
You must have already enabled this module in Add Modules. See How to add or remove a module.
- Click +Add WebSocket Security Rule.
- Configure these settings.
Type a name that can be referenced by other parts of the configuration.
Enter the literal URL, such as
/index.php, that the HTTP request must contain in order to match the rule.
Enable to detect the WebSocket traffic, and FortiWeb Cloud will check any WebSocket related traffic.
The following fields can be configured only when this option is enabled.
When the WebSocket connection is established , data is transmitted in the form of frame. Select the allowed frame formats that are acceptable matches. By default, both Plain Text and Binary are checked.
Max Frame Size
Specify the maximum acceptable frame header and body size in bytes. The valid range is 0–2147483647 bytes.
Max Message Size
Specify the maximum acceptable message header and body size in bytes. The valid range is 0–2147483647 bytes.
Enable to not check the extension header in WebSocket handshake packet. By default, this option is disabled.
Block Known Attacks
Enable to protect against known attacks, common vulnerabilities and exposures (CVEs), and other exploits as part of the OWASP Top 10.
- Enter the allowed origin.
184.108.40.206:8800. Only traffic from the allowed origins can be accepted. You can add multiple origins here.
- Click OK.
You can create at most 12 WebSocket security rules for an application.
To configure actions
- Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
To configure the actions, you must first enable the Advanced Configuration in Global > Settings.
Accept the request and generate an alert email and/or log message.
Alert & Deny
Block the request (or reset the connection) and generate an alert email and/or log message.
Block the request (or reset the connection).
- Click SAVE.