You can configure FortiWeb Cloud to ignore scanning parameters specified for modules of signature based detection, syntax based detection, and anomaly detection across the entire application.
- Go to SECURITY RULES > Global Trustlist.
You must have already enabled this module in Add Modules. See How to add or remove a module.
- Click Create New.
- Configure these settings.
Enter a unique name for the parameter as it appears in the URL or HTTP body.
Optionally, you can enable to indicate a regular expression designed to match multiple URLs, which carry the trustlist parameters.
Specify a URL value to match, such as
^/*.php, which matches requests for
http://www.test.com/^/*.php. The pattern does not require a slash ( / ); however, it must at match URLs that begin with a slash, such as
Do not include a domain name because it's by default the domain name of this application.
- Click OK.
In the global trustlist table, you can click buttons in to edit, or delete the parameter rule; also, you can choose to enable or disable to indicate the URL to match.