FAQ
Why sometimes fail to upload files to the server when file security is enabled?
Check if 'Hold Session While Scanning File' is enabled first. When it is enabled, FortiWeb will upload files to FortiSandbox and wait for scan results before sending the file to the server. This process may take some time, please check if the server will disconnect while waiting.
Why does file security not work?
FortiWeb parses files up to 5M by default, and if it exceeds 5M, the requests will be bypassed.
If you want to increase this value, please configure it as below.
config system antivirus
set uncomp-size-limit 102400
end
Why does the server receive packets from the client even if parameter validation deny is triggered?
When a HTTP request is divided into multiple TCP packets, before the packet which includes the denied parameter appears, the previous TCP packets will still be transmitted to the server.
Why isn't the 'Whole Suffix Files' file type check working as expected?
The "Whole Suffix Files" feature is designed to verify file extensions. A file is recognized as a match if its extension corresponds to the file type specified in the "Whole Suffix Files" settings.
However, hackers can manipulate this by forcibly altering the file extension, such as changing "abc.pdf" to "abc.txt". To effectively block PDF files disguised with a .txt extension, you should configure the settings to inspect the file content. This is done by selecting "Text Files" and then specifying "PDF" within that category. The "Text Files" setting examines the actual payload of the file to determine its true type.