Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Exception Policy

You can create exception policy to omit bot mitigation attack scans when you know that some parameters or URLs may trigger positives during normal use. The exception policy can be applied in Bot Mitigation policy, Biometrics Based Detection, Threshold Based Detection, and Bot Deception.

To create an exception policy:

  1. Go to Bot Mitigation > Exception Policy.
  2. Click Create New.
  3. Enter a name for the policy.
  4. Click OK.
  5. Click Create New.
  6. On the New Bot Mitigation Exception Element page, select the type of element to exempt from bot mitigation attack scans.
    Client IP  
      Operation
    • EqualFortiWeb does not perform a bot mitigation attack scan for requests with a client IP address or IP range that matches the value of Client IP.
    • Not EqualFortiWeb only performs a bot mitigation attack scan for requests with a client IP address or IP range that matches the value of Client IP.
      Client IP Specify the client IP address or IP range that FortiWeb uses to determine whether or not to perform a bot mitigation attack scan for the request.
    Host  
      Operation
    • String MatchValue is a literal host name.
    • Regular Expression MatchValue is a regular expression that matches all and only the hosts that the exception applies to.
      Value Specifies the Host: field value to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    URI  
      Operation
    • String MatchValue is a literal URL, such as /folder1/index.htm that the HTTP request must contain in order to match the rule, or use wildcards to match multiple URLs, such as /folder1/* or /folder1/*/index.htm.
    • Regular Expression MatchValue is a regular expression that matches all and only the URIs that the exception applies to.
      Value Specifies a URL value to match. You can use up to 2048 characters in regex configuration for signature. The value does not include parameters. For example, /testpage.php, which match requests for http://www.test.com/testpage.php?a=1&b=2.

    If Operation is String Match, ensure the value starts with a forward slash ( / ) (for example, /causes-false-positives.php).

    If Operation is Regular Expression Match, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash.
    When the URL value is a string, such as /causes-false-positives.php, the URL must begin with a slash ( / ).
    Do not include a domain name or parameters. To match a domain name, use the Host element type. To match a URL that includes parameters, use the Full URL type.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    Full URL  
      Operation
    • String MatchValue is a literal URL, such as /folder1/index.htm that the HTTP request must contain in order to match the rule, or use wildcards to match multiple URLs, such as /folder1/* or /folder1/*/index.htm.
    • Regular Expression MatchValue is a regular expression that matches all and only the URLs that the exception applies to.
      Value Specifies a URL value that includes parameters to match. For example, /testpage.php?a=1&b=2, which match requests for http://www.test.com/testpage.php?a=1&b=2.

    If Operation is String Match, ensure the value starts with a forward slash ( / ) (for example, /testpage.php?a=1&b=2).

    If Operation is Regular Expression Match, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash.

    Do not include a domain name. To match a domain name, use the Host element type. To match a URL that does not include parameters, use the URI type.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    Parameter  
      Operation
    • String MatchName is the literal name of a parameter.
    • Regular Expression MatchName is a regular expression that matches all and only the name of the parameter that the exception applies to.
      Name Specifies the name of the parameter to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
      Check Value of Specified Element Enable to specify a parameter value to match in addition to the parameter name.
      Value Specifies the parameter value to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    Cookie  
      Operation
    • String MatchName is the literal name of a cookie.
    • Regular Expression MatchName is a regular expression that matches all and only the name of the cookie that the exception applies to.
      Name Specifies the name of the cookie to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
      Check Value of Specified Element Select to specify a cookie value to match in addition to the cookie name.
      Value Specifies the cookie value to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    Concatenate
    • And—A matching request matches this entry in addition to other entries in the exemption list.
    • Or—A matching request matches this entry instead of other entries in the exemption list.

    Later, you can use the exception list options to adjust the matching sequence for entries. For details, see Exception Policy.

  7. Click OK.

You can later refer the Exception policy in Bot Mitigation policy. It can also be referred in Known Bots, Biometrics Based Detection, Threshold Based Detection, and Bot Deception rules to omit scan in a specific rule.

Exception Policy

You can create exception policy to omit bot mitigation attack scans when you know that some parameters or URLs may trigger positives during normal use. The exception policy can be applied in Bot Mitigation policy, Biometrics Based Detection, Threshold Based Detection, and Bot Deception.

To create an exception policy:

  1. Go to Bot Mitigation > Exception Policy.
  2. Click Create New.
  3. Enter a name for the policy.
  4. Click OK.
  5. Click Create New.
  6. On the New Bot Mitigation Exception Element page, select the type of element to exempt from bot mitigation attack scans.
    Client IP  
      Operation
    • EqualFortiWeb does not perform a bot mitigation attack scan for requests with a client IP address or IP range that matches the value of Client IP.
    • Not EqualFortiWeb only performs a bot mitigation attack scan for requests with a client IP address or IP range that matches the value of Client IP.
      Client IP Specify the client IP address or IP range that FortiWeb uses to determine whether or not to perform a bot mitigation attack scan for the request.
    Host  
      Operation
    • String MatchValue is a literal host name.
    • Regular Expression MatchValue is a regular expression that matches all and only the hosts that the exception applies to.
      Value Specifies the Host: field value to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    URI  
      Operation
    • String MatchValue is a literal URL, such as /folder1/index.htm that the HTTP request must contain in order to match the rule, or use wildcards to match multiple URLs, such as /folder1/* or /folder1/*/index.htm.
    • Regular Expression MatchValue is a regular expression that matches all and only the URIs that the exception applies to.
      Value Specifies a URL value to match. You can use up to 2048 characters in regex configuration for signature. The value does not include parameters. For example, /testpage.php, which match requests for http://www.test.com/testpage.php?a=1&b=2.

    If Operation is String Match, ensure the value starts with a forward slash ( / ) (for example, /causes-false-positives.php).

    If Operation is Regular Expression Match, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash.
    When the URL value is a string, such as /causes-false-positives.php, the URL must begin with a slash ( / ).
    Do not include a domain name or parameters. To match a domain name, use the Host element type. To match a URL that includes parameters, use the Full URL type.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    Full URL  
      Operation
    • String MatchValue is a literal URL, such as /folder1/index.htm that the HTTP request must contain in order to match the rule, or use wildcards to match multiple URLs, such as /folder1/* or /folder1/*/index.htm.
    • Regular Expression MatchValue is a regular expression that matches all and only the URLs that the exception applies to.
      Value Specifies a URL value that includes parameters to match. For example, /testpage.php?a=1&b=2, which match requests for http://www.test.com/testpage.php?a=1&b=2.

    If Operation is String Match, ensure the value starts with a forward slash ( / ) (for example, /testpage.php?a=1&b=2).

    If Operation is Regular Expression Match, the value does not require a forward slash ( / ). However, ensure that it can match values that contain a forward slash.

    Do not include a domain name. To match a domain name, use the Host element type. To match a URL that does not include parameters, use the URI type.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    Parameter  
      Operation
    • String MatchName is the literal name of a parameter.
    • Regular Expression MatchName is a regular expression that matches all and only the name of the parameter that the exception applies to.
      Name Specifies the name of the parameter to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
      Check Value of Specified Element Enable to specify a parameter value to match in addition to the parameter name.
      Value Specifies the parameter value to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    Cookie  
      Operation
    • String MatchName is the literal name of a cookie.
    • Regular Expression MatchName is a regular expression that matches all and only the name of the cookie that the exception applies to.
      Name Specifies the name of the cookie to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
      Check Value of Specified Element Select to specify a cookie value to match in addition to the cookie name.
      Value Specifies the cookie value to match.

    To create and test a regular expression, click the >> (test) icon. For details, see Regular expression syntax.
    Concatenate
    • And—A matching request matches this entry in addition to other entries in the exemption list.
    • Or—A matching request matches this entry instead of other entries in the exemption list.

    Later, you can use the exception list options to adjust the matching sequence for entries. For details, see Exception Policy.

  7. Click OK.

You can later refer the Exception policy in Bot Mitigation policy. It can also be referred in Known Bots, Biometrics Based Detection, Threshold Based Detection, and Bot Deception rules to omit scan in a specific rule.