Creating Man in the Browser (MiTB) Protection Rule
To apply the above mentioned security rules, you need to set up the MiTB rules first, then combine the rules together into an MiTB policy.
This section provides instructions to:
- Create an MiTB protection rule
- Protect the standard user input field
- Protect the passwords
- Add white list for the AJAX Request
FortiWeb requires the protected web pages not compressed, because it will insert JavaScript codes in the response body when obfuscation, encryption or anti-keyloger is enabled, and analyze the request body to detect unallowed Ajax requests. If the web pages you want to protect are compressed, it's required to configure a decompression policy. See Configuring temporary decompression for scanning & rewriting. |