Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

What's new

FortiWeb 7.0.1 offers the following new features and enhancements.

Link Cloaking

Link Cloaking is introduced in this release to prevent web pages in your application from being scanned by web crawlers and scanning software.

For more information, see Link cloaking.

Parameter support in URL access rule

It's now supported to check the parameter and data type of its value in URL access rule.

For more information, see Restricting access to specific URLs.

Custom rule enhancements

The following enhancements are implemented in custom rule:

  • Support checking the value of HTTP predefined header “Authorization” with Scheme “Basic”.

  • Filters for request and response traffic can be added together in one custom rule.

Cloud Connector enhancements

When choosing Cloud Connector as the server type in server pool, it's now supported to locate your VM resources not only by instant ID, but also by other filters such as Private DNS name, Public DNS name, Instance Type, etc.

Bypassing obviously invalid content in parameter decoder

In System > Config > Advanced, you can configure FortiWeb to bypass obviously invalid content which has extremely long parameter name or non-printable characters.

For more information, see Advanced settings.

Machine learning Anomaly Detection enhancements

  • Two CLI options are added in config waf machine-learning-policy to identify the anomalies at the first place when they are screened by the HMM model.

  • Support detecting noSQL injections.

IP address or port override in WSDL

You can enable Override IP and Port in WSDL in XML Protection so that only the URL will be used to match the service in WSDL. If a URL corresponds to multiple services, the first service will be matched.

Allow method in HTTP request headers

FortiWeb now supports to check methods from the override headers/parameters as well as the HTTP method used in the actual request.

Blocking unknown GEO IPs

It's now supported to block IP addresses if they are from unknown countries. Select "Unknown Country/Region" to the block list in GEO IP.

HTTP Protocol Constraint enhancements

The HTTP Protocol Constraint (HPC) exception now works better with malformed requests. You can also adjust the priority of the exceptions. In HPC attack logs, more detailed information is provided against the malformed requests.

HTTP content routing table enhancements

A "Status" column is added in the HTTP content routing table in server policy. You can now search among the entries and adjust priority.

Chunk decoding support in XML Protection

The XML Protection can now support chunk decoding in request direction.

Web cache statistics in Throughput widget

In addition to HTTP and HTTPS statistics, now the Throughput widget also displays web cache statistics.

Up to 192 characters in virtual server name

FortiWeb now supports up to 192 characters in virtual server name.

Active-Passive HA cluster with Unicast Heartbeat

FortiWeb now supports Active-Passive HA cluster with Unicast Heartbeat on KVM.

Cloud-init support for FortiWeb-VM on Google Cloud

FortiWeb-VM on Google Cloud now supports Cloud-init. You can preset the CLI settings and license in metadata.

Flex-VM support

FortiWeb now supports Flex-VM license on private cloud platforms as well as public cloud platforms including AWS, Azure, and GCP. With Flex-VM license, resource consumption is calculated on a daily basis.

 

What's new

FortiWeb 7.0.1 offers the following new features and enhancements.

Link Cloaking

Link Cloaking is introduced in this release to prevent web pages in your application from being scanned by web crawlers and scanning software.

For more information, see Link cloaking.

Parameter support in URL access rule

It's now supported to check the parameter and data type of its value in URL access rule.

For more information, see Restricting access to specific URLs.

Custom rule enhancements

The following enhancements are implemented in custom rule:

  • Support checking the value of HTTP predefined header “Authorization” with Scheme “Basic”.

  • Filters for request and response traffic can be added together in one custom rule.

Cloud Connector enhancements

When choosing Cloud Connector as the server type in server pool, it's now supported to locate your VM resources not only by instant ID, but also by other filters such as Private DNS name, Public DNS name, Instance Type, etc.

Bypassing obviously invalid content in parameter decoder

In System > Config > Advanced, you can configure FortiWeb to bypass obviously invalid content which has extremely long parameter name or non-printable characters.

For more information, see Advanced settings.

Machine learning Anomaly Detection enhancements

  • Two CLI options are added in config waf machine-learning-policy to identify the anomalies at the first place when they are screened by the HMM model.

  • Support detecting noSQL injections.

IP address or port override in WSDL

You can enable Override IP and Port in WSDL in XML Protection so that only the URL will be used to match the service in WSDL. If a URL corresponds to multiple services, the first service will be matched.

Allow method in HTTP request headers

FortiWeb now supports to check methods from the override headers/parameters as well as the HTTP method used in the actual request.

Blocking unknown GEO IPs

It's now supported to block IP addresses if they are from unknown countries. Select "Unknown Country/Region" to the block list in GEO IP.

HTTP Protocol Constraint enhancements

The HTTP Protocol Constraint (HPC) exception now works better with malformed requests. You can also adjust the priority of the exceptions. In HPC attack logs, more detailed information is provided against the malformed requests.

HTTP content routing table enhancements

A "Status" column is added in the HTTP content routing table in server policy. You can now search among the entries and adjust priority.

Chunk decoding support in XML Protection

The XML Protection can now support chunk decoding in request direction.

Web cache statistics in Throughput widget

In addition to HTTP and HTTPS statistics, now the Throughput widget also displays web cache statistics.

Up to 192 characters in virtual server name

FortiWeb now supports up to 192 characters in virtual server name.

Active-Passive HA cluster with Unicast Heartbeat

FortiWeb now supports Active-Passive HA cluster with Unicast Heartbeat on KVM.

Cloud-init support for FortiWeb-VM on Google Cloud

FortiWeb-VM on Google Cloud now supports Cloud-init. You can preset the CLI settings and license in metadata.

Flex-VM support

FortiWeb now supports Flex-VM license on private cloud platforms as well as public cloud platforms including AWS, Azure, and GCP. With Flex-VM license, resource consumption is calculated on a daily basis.