Fortinet Document Library

Version:


Table of Contents

User Guide

Download PDF
Copy Link

Information Leakage

FortiWeb Cloud can detect server error messages and other sensitive messages in the HTTP headers.

To configure attacks to defend

  1. Go to SECURITY RULES > Information Leakage.
    You must have already enabled this module in Add Modules. See How to add or remove a module.
  2. Configure these settings.

    Server Information Disclosure

    Enable to detect and erase server specific sensitive information in headers and response page, with no alerts generated.

    • Log ON—Check to record logs for any information leakage.
    • Log OFF—Uncheck to not record logs for any information leakage.

    Report Log

    Enable to record logs for any information leakage.

    Cloak Error Pages

    Enable to replace 403, 404, and 5XX with 500 error code.

    Erase HTTP Headers

    Enable to cloak server replied HTTP headers.
    You can add multiple HTTP headers in which the sensitive information will be hidden.
  3. Click +Create Exception Rule (optional).
    You can also configure FortiWeb Cloud to omit attack signature scans by creating exception rules.
  4. Configure these settings.

    URI

    Specify a Uniform Resource Identifier (URI), for example, http://www.example.com.

    Request URL

    Specify a URL value to match. For example, /testpage.php, which match requests for http://www.test.com/testpage.php.

    • If String Match is selected, ensure the value starts with a forward slash ( / ) (for example, /testpage.php). You can enter a precise URL, such as /floder1/index.htm or use wildcards to match multiple URLs, such as /floder1/* ,or /floder1/*/index.htm.
    • If Regular Expression Match is selected, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash. For details, see Frequently used regular expressions.

    Do not include a domain name because it's by default the domain name of this application.

    Parameter Name

    Specify a parameter name to match. For example, http://www.test.com/testpage.php?a=1, the parameter name is "a".

    Attack Category

    You can select an attack category between:

    • Server Information Disclosure
    • Personally Identifiable Information

    Signature ID

    The ID for the signature applied to the attack.

    Signature Information

    Signature description and examples are listed here. You can select any signature ID for the attack and view the signature details.

    note icon

    For Request URL and Parameter Name, you shall enable at least one. The request matching the specified URL and/or parameter in exception rule would not be treated as an attack even if it matches a particular signature.

  5. Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
    To configure the actions, you must first enable the Advanced Configuration in Global > Settings.

    Alert

    Accept the request and generate a log message.

    Erase & Alert

    Hide or remove sensitive information in replies from the web server (sometimes called “cloaking”) and generate a log message.

    Deny & Erase(no log)

    For violations of the Server Information Disclosure, Cloak Error Pages, and the Erase HTTP Headers categories, hide or remove sensitive information in replies from the web server but do not generate log messages.

  6. Click SAVE.

    You can continue creating multiple exception rules for specific attacks.

 

Information Leakage

FortiWeb Cloud can detect server error messages and other sensitive messages in the HTTP headers.

To configure attacks to defend

  1. Go to SECURITY RULES > Information Leakage.
    You must have already enabled this module in Add Modules. See How to add or remove a module.
  2. Configure these settings.

    Server Information Disclosure

    Enable to detect and erase server specific sensitive information in headers and response page, with no alerts generated.

    • Log ON—Check to record logs for any information leakage.
    • Log OFF—Uncheck to not record logs for any information leakage.

    Report Log

    Enable to record logs for any information leakage.

    Cloak Error Pages

    Enable to replace 403, 404, and 5XX with 500 error code.

    Erase HTTP Headers

    Enable to cloak server replied HTTP headers.
    You can add multiple HTTP headers in which the sensitive information will be hidden.
  3. Click +Create Exception Rule (optional).
    You can also configure FortiWeb Cloud to omit attack signature scans by creating exception rules.
  4. Configure these settings.

    URI

    Specify a Uniform Resource Identifier (URI), for example, http://www.example.com.

    Request URL

    Specify a URL value to match. For example, /testpage.php, which match requests for http://www.test.com/testpage.php.

    • If String Match is selected, ensure the value starts with a forward slash ( / ) (for example, /testpage.php). You can enter a precise URL, such as /floder1/index.htm or use wildcards to match multiple URLs, such as /floder1/* ,or /floder1/*/index.htm.
    • If Regular Expression Match is selected, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash. For details, see Frequently used regular expressions.

    Do not include a domain name because it's by default the domain name of this application.

    Parameter Name

    Specify a parameter name to match. For example, http://www.test.com/testpage.php?a=1, the parameter name is "a".

    Attack Category

    You can select an attack category between:

    • Server Information Disclosure
    • Personally Identifiable Information

    Signature ID

    The ID for the signature applied to the attack.

    Signature Information

    Signature description and examples are listed here. You can select any signature ID for the attack and view the signature details.

    note icon

    For Request URL and Parameter Name, you shall enable at least one. The request matching the specified URL and/or parameter in exception rule would not be treated as an attack even if it matches a particular signature.

  5. Select the action that FortiWeb Cloud takes when it detects a violation of the rule from the top right corner.
    To configure the actions, you must first enable the Advanced Configuration in Global > Settings.

    Alert

    Accept the request and generate a log message.

    Erase & Alert

    Hide or remove sensitive information in replies from the web server (sometimes called “cloaking”) and generate a log message.

    Deny & Erase(no log)

    For violations of the Server Information Disclosure, Cloak Error Pages, and the Erase HTTP Headers categories, hide or remove sensitive information in replies from the web server but do not generate log messages.

  6. Click SAVE.

    You can continue creating multiple exception rules for specific attacks.