FortiWeb 7.0.1 offers the following new features and enhancements.
Link Cloaking is introduced in this release to prevent web pages in your application from being scanned by web crawlers and scanning software.
For more information, see Link cloaking.
Parameter support in URL access rule
It's now supported to check the parameter and data type of its value in URL access rule.
For more information, see Restricting access to specific URLs.
Custom rule enhancements
The following enhancements are implemented in custom rule:
Support checking the value of HTTP predefined header “Authorization” with Scheme “Basic”.
Filters for request and response traffic can be added together in one custom rule.
Cloud Connector enhancements
When choosing Cloud Connector as the server type in server pool, it's now supported to locate your VM resources not only by instant ID, but also by other filters such as Private DNS name, Public DNS name, Instance Type, etc.
Bypassing obviously invalid content in parameter decoder
In System > Config > Advanced, you can configure FortiWeb to bypass obviously invalid content which has extremely long parameter name or non-printable characters.
For more information, see Advanced settings.
Machine learning Anomaly Detection enhancements
Two CLI options are added in
config waf machine-learning-policyto identify the anomalies at the first place when they are screened by the HMM model.
Support detecting noSQL injections.
IP address or port override in WSDL
You can enable Override IP and Port in WSDL in XML Protection so that only the URL will be used to match the service in WSDL. If a URL corresponds to multiple services, the first service will be matched.
Allow method in HTTP request headers
FortiWeb now supports to check methods from the override headers/parameters as well as the HTTP method used in the actual request.
Blocking unknown GEO IPs
It's now supported to block IP addresses if they are from unknown countries. Select "Unknown Country/Region" to the block list in GEO IP.
HTTP Protocol Constraint enhancements
The HTTP Protocol Constraint (HPC) exception now works better with malformed requests. You can also adjust the priority of the exceptions. In HPC attack logs, more detailed information is provided against the malformed requests.
HTTP content routing table enhancements
A "Status" column is added in the HTTP content routing table in server policy. You can now search among the entries and adjust priority.
Chunk decoding support in XML Protection
The XML Protection can now support chunk decoding in request direction.
Web cache statistics in Throughput widget
In addition to HTTP and HTTPS statistics, now the Throughput widget also displays web cache statistics.
Up to 192 characters in virtual server name
FortiWeb now supports up to 192 characters in virtual server name.
Active-Passive HA cluster with Unicast Heartbeat
FortiWeb now supports Active-Passive HA cluster with Unicast Heartbeat on KVM.
Cloud-init support for FortiWeb-VM on Google Cloud
FortiWeb-VM on Google Cloud now supports Cloud-init. You can preset the CLI settings and license in metadata.
FortiWeb now supports Flex-VM license on private cloud platforms as well as public cloud platforms including AWS, Azure, and GCP. With Flex-VM license, resource consumption is calculated on a daily basis.