Creating an FTP file check rule
You can create FTP file check rules so that FortiWeb places restrictions on uploading or downloading files and scans files that clients attempt to upload to or download from your server(s). When configured, FortiWeb can also send files to FortiSandbox for analysis and perform an antivirus scan.
For details about applying an FTP file check rule to an FTP server policy, see Configuring an FTP security inline profile.
To create an FTP file check rule
If FTP security isn't enabled in Feature Visibility, you must enable it before you can create an FTP file check rule. To enable FTP security, go to System > Config > Feature Visibility and enable FTP Security. |
- Go to FTP Security > FTP File Security.
- Click Create New.
- Configure these settings:
-
Alert—Accept the connection and generate an alert email and/or log message.
-
Alert & Deny—Block the request (or reset the connection) and generate an alert and/or log message.
-
Deny (no log)—Block the request (or reset the connection).
-
Period Block—Block subsequent requests from the client for a number of seconds. Also configure Block Period.
- Informative
- Low
- Medium
- High
- Uploading—FortiWeb applies the rule to files being uploaded to your server(s).
- Downloading—FortiWeb applies the rule to files being downloaded from your server(s).
- Both—FortiWeb applies the rule to files being either downloaded from or uploaded to your server(s).
- Click OK.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Web Protection Configuration category. For details, see Permissions.
Name |
Enter a unique name that can be referenced in other parts of the configuration. Don't use spaces or special characters. The maximum length is 63 characters. |
Select which action FortiWeb will take when it detects a violation of the rule: The default value is Alert & Deny. Note: This setting will be ignored if Monitor Mode is enabled in a server policy. Note: Logging and/or alert email will occur only if enabled and configured. For details, see Logging and Alert email. |
|
Enter the number of seconds that you want to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1–3,600 seconds (1 hour). See also Monitoring currently blocked IPs. This setting is available only if Action is set to Period Block. |
|
Severity |
When rule violations are recorded in the attack log, each log message contains a Severity Level ( The default value is Medium. |
Trigger Action |
Select the trigger, if any, that FortiWeb will use when it logs and/or sends an alert email about a violation of the rule. For details, see Viewing log messages. |
Select one of the following: |
|
Enable so that FortiWeb performs an antivirus scan on files that match the File Check Direction. |
|
Send Files to FortiSandbox |
Enable so that FortiWeb sends files to FortiSandbox that match the File Check Direction. |
Send Files to ICAP Server |
Enable so that FortiWeb sends files to ICAP server that matches the File Check Direction. |