Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiWeb Cloud User Guide

    Information Leakage

    Information Leakage

    FortiWeb Cloud can detect server error messages and other sensitive messages in the HTTP headers.

    To configure attacks to defend

    1. Go to SECURITY RULES > Information Leakage.
      You must have already enabled this module in Add Modules. See How to add or remove a module.
    2. Configure these settings.

      Server Information Disclosure

      Enable to detect and erase server specific sensitive information in headers and response page, with no alerts generated.

      • Log ON—Check to record logs for any information leakage.
      • Log OFF—Uncheck to not record logs for any information leakage.

      Personally Identifiable Information

      Enable to identify personally identifiable information (PII).

      Cloak Error Pages

      		Enable to replace 403, 404, and 5XX with 500 error code.

      Erase HTTP Headers

      		Enable to cloak server replied HTTP headers.
      You can add multiple HTTP headers in which the sensitive information will be hidden.
    3. Click +Create Exception Rule (optional).
      You can also configure FortiWeb Cloud to omit attack signature scans by creating exception rules.
    4. Configure these settings.

      URI

      Specify a Uniform Resource Identifier (URI), for example, http://www.example.com.

      Request URL

      Specify a URL value to match. For example, /testpage.php, which match requests for http://www.test.com/testpage.php.

      • If String Match is selected, ensure the value starts with a forward slash ( / ) (for example, /testpage.php). You can enter a precise URL, such as /floder1/index.htm or use wildcards to match multiple URLs, such as /floder1/* ,or /floder1/*/index.htm.
      • If Regular Expression Match is selected, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash. For details, see Frequently used regular expressions.

      Do not include a domain name because it's by default the domain name of this application.

      Parameter Name

      Specify a parameter name to match. For example, http://www.test.com/testpage.php?a=1, the parameter name is "a".

      Cookie Name

      Specify a cookie name to match. Both String Match and Regular Expression Match are supported.

      JSON Elements

      Specify the name of the JSON element to match. Both String Match and Regular Expression Match are supported.

      Attack Category

      You can select an attack category between:

      • Server Information Disclosure
      • Personally Identifiable Information

      Signature ID

      The ID for the signature applied to the attack.

      Signature Information

      Signature description and examples are listed here. You can select any signature ID for the attack and view the signature details.

      note icon

      For Request URL and Parameter Name, you shall enable at least one. The request matching the specified URL and/or parameter in exception rule would not be treated as an attack even if it matches a particular signature.

    5. Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
      To configure the actions, you must first enable the Advanced Configuration in Global > System Settings > Settings.

      Alert

      Accept the request and generate a log message. To avoid log flooding, the minimum interval between logs is 1 second.

      Erase & Alert

      Hide or remove sensitive information in replies from the web server (sometimes called “cloaking”) and generate a log message. To avoid log flooding, the minimum interval between logs is 1 second.

      Deny & Erase(no log)

      For violations of the Server Information Disclosure, Cloak Error Pages, and the Erase HTTP Headers categories, hide or remove sensitive information in replies from the web server but do not generate log messages.

    6. Click SAVE.

      You can continue creating multiple exception rules for specific attacks.

    Previous
    Next

    Information Leakage

    Information Leakage

    FortiWeb Cloud can detect server error messages and other sensitive messages in the HTTP headers.

    To configure attacks to defend

    1. Go to SECURITY RULES > Information Leakage.
      You must have already enabled this module in Add Modules. See How to add or remove a module.
    2. Configure these settings.

      Server Information Disclosure

      Enable to detect and erase server specific sensitive information in headers and response page, with no alerts generated.

      • Log ON—Check to record logs for any information leakage.
      • Log OFF—Uncheck to not record logs for any information leakage.

      Personally Identifiable Information

      Enable to identify personally identifiable information (PII).

      Cloak Error Pages

      		Enable to replace 403, 404, and 5XX with 500 error code.

      Erase HTTP Headers

      		Enable to cloak server replied HTTP headers.
      You can add multiple HTTP headers in which the sensitive information will be hidden.
    3. Click +Create Exception Rule (optional).
      You can also configure FortiWeb Cloud to omit attack signature scans by creating exception rules.
    4. Configure these settings.

      URI

      Specify a Uniform Resource Identifier (URI), for example, http://www.example.com.

      Request URL

      Specify a URL value to match. For example, /testpage.php, which match requests for http://www.test.com/testpage.php.

      • If String Match is selected, ensure the value starts with a forward slash ( / ) (for example, /testpage.php). You can enter a precise URL, such as /floder1/index.htm or use wildcards to match multiple URLs, such as /floder1/* ,or /floder1/*/index.htm.
      • If Regular Expression Match is selected, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash. For details, see Frequently used regular expressions.

      Do not include a domain name because it's by default the domain name of this application.

      Parameter Name

      Specify a parameter name to match. For example, http://www.test.com/testpage.php?a=1, the parameter name is "a".

      Cookie Name

      Specify a cookie name to match. Both String Match and Regular Expression Match are supported.

      JSON Elements

      Specify the name of the JSON element to match. Both String Match and Regular Expression Match are supported.

      Attack Category

      You can select an attack category between:

      • Server Information Disclosure
      • Personally Identifiable Information

      Signature ID

      The ID for the signature applied to the attack.

      Signature Information

      Signature description and examples are listed here. You can select any signature ID for the attack and view the signature details.

      note icon

      For Request URL and Parameter Name, you shall enable at least one. The request matching the specified URL and/or parameter in exception rule would not be treated as an attack even if it matches a particular signature.

    5. Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
      To configure the actions, you must first enable the Advanced Configuration in Global > System Settings > Settings.

      Alert

      Accept the request and generate a log message. To avoid log flooding, the minimum interval between logs is 1 second.

      Erase & Alert

      Hide or remove sensitive information in replies from the web server (sometimes called “cloaking”) and generate a log message. To avoid log flooding, the minimum interval between logs is 1 second.

      Deny & Erase(no log)

      For violations of the Server Information Disclosure, Cloak Error Pages, and the Erase HTTP Headers categories, hide or remove sensitive information in replies from the web server but do not generate log messages.

    6. Click SAVE.

      You can continue creating multiple exception rules for specific attacks.

    Previous
    Next