system advanced
Use this command to configure several system-wide options that determine how FortiWeb scans traffic.
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the sysgrp
area. For details, see Permissions.
Syntax
config system advanced
set circulate-url-decode {enable | disable}
set decoding-enhancement {enable | disable}
set max-cache-size <cache_int>
set max-dlp-cache-size <percentage_int>
set max-dos-alert-interval <seconds_int>
set share-ip {enable | disable}
set anypktstream {enable | disable}
set max-bot-alert-interval <interval_int>
set ignore-undefined-query-param {enable | disable}
set key-attr {enable | disable}
set key-printable {enable | disable}
set owasp-top10-compliance {enable | disable}
end
Variable | Description | Default |
Enable to detect URL-embedded attacks that are obfuscated using recursive URL encoding (that is, multiple levels’ worth of URL encoding). Encoded URLs can be legitimately used for non-English URLs, but can also be used to avoid detection of attacks that use special characters. Encoded URLs can now be decoded to scan for these types of attacks. Several encoding types are supported. For example, you could detect the character Disable to decode only one level’s worth of the URL, if encoded. |
enable
|
|
Enable to decode cookies and parameters using base64 or CSS for specified URLs. To configure decoding enhancement, see system decoding enhancement. |
disable |
|
Type the maximum size (in KB) of the body of the HTTP response from the web server that FortiWeb will cache per URL for body compression, decompression, rewriting, and XML detection. Increasing the body cache may decrease performance. Valid values range from 32 to 10240. The default value is 64. Increasing the body cache may decrease performance. |
512
|
|
Type the maximum percentage of max-cache-size <cache_int>—the body of the HTTP response from the web server—that FortiWeb buffers and scans. Responses are cached to improve performance on compression, decompression, and rewriting on often-requested URLs. |
12
|
|
Type the maximum amount of time that FortiWeb will converge into a single log message during a DoS attack or padding oracle attack. | 180
|
|
Enable to analyze the ID field of IP headers in order to attempt to detect when multiple clients share the same source IP address. To configure the difference between packets’ ID fields that FortiWeb will treat as a shared IP, see system ip-detection. Enabling this option is required for features that have a separate threshold for shared IP addresses. If you disable the option, those features will behave as if there is only a single threshold, regardless of whether the source IP is shared by many clients. |
disable
|
|
Enable to configure FortiWeb to scan partial TCP connections. In some cases, FortiWeb is deployed after a client has already created a connection with a back-end server. If this option is disabled, FortiWeb ignores any traffic that is part of a pre-existing session. |
disable
|
|
Type the maximum amount of interval time that FortiWeb will send an attack log during a bot attack. The valid range is 0-300 seconds. | 60 | |
Enable to bypass undefined query parameters in policies. |
|
|
Requests with certain content types, such as PDF, tend to have extremely long parameter names or non-printable characters. While these characteristics are legitimate, they are prone to triggering signatures, resulting in unnecessary resource consumption and numerous false positives. To avoid such situations, you can enable However, it's important to note that in certain content types listed below, an unusually long parameter name or non-printable characters can actually be an indicator of attacks. In these cases, FortiWeb will conduct a security scan on requests with these content types, regardless of the
|
disable |
|
If the parameter name exceeds the max length value you have specified, FortiWeb will skip the security check and directly pass it on to the back-end server. The valid range is 1-1,024. |
1024 |
|
If this option is enabled, all the characters in the parameter name must be printable. Otherwise FortiWeb will skip the security check and directly pass it on to the back-end server. If this option is disabled, regardless whether the characters in the parameter name is printable or not, it should be proceeded for security check. |
disable |
|
Enable this option so that the OWASP Top10 Compliance dashboard will display as one of the monitors in Dashboard. It provides visibility into the level of security your applications have in terms of protection from OWASP (Open Web Application Security Project) vulnerabilities. |
disable |