Fortinet black logo

Handbook

Configuring an Input Validation policy

Configuring an Input Validation policy

An Input Validation policy can prevent suspicious HTTP requests. This function will verify the user input from scan points such as URL parameter, HTML form, hidden fields, and uploaded files. If the input format is incorrect or FortiADC detects other attacks, the request will be blocked.

Input Validation policies consist of the following components that must have already been configured if they are to be included in the policy:

To configure an Input Validation policy:
  1. Go to Web Application Firewall > Input Validation.
    The configuration page displays the Input Validation Policy tab.
  2. Click Create New to display the configuration editor.
  3. Enter a unique Input Validation policy name. Valid characters are A-Z, a-z, 0-9, _, and -. No space is allowed. The name of the policy cannot be changed after saving initially.
  4. Click Save to create the Input Validation Policy.
    Once the Input Validation Policy has been saved, the Parameter Validation Rule, Hidden Field Rule, and File Restriction Rule sections are available to configure.
  5. Under the Parameter Validation Rule section, add Parameter Validation rules to the Input Validation Policy.
    1. Click Create New to display the configuration editor.
    2. Select an existing Parameter Validation Rule or create a new configuration.
    3. Click Save to submit and exit out of the configuration editor.
  6. Under the Hidden Field Rule section, add Hidden Field rules to the Input Validation Policy.
    1. Click Create New to display the configuration editor.
    2. Select an existing Hidden Field Rule or create a new configuration.
    3. Click Save to submit and exit out of the configuration editor.
  7. Under the File Restriction Rule section, add File Restriction rules to the Input Validation Policy.
    1. Click Create New to display the configuration editor.
    2. Select an existing File Restriction Rule or create a new configuration.
    3. Click Save to submit and exit out of the configuration editor.
  8. Click Save to update the Input Validation policy.

After you have configured your Input Validation policy, you can reference it in a WAF Profile.

Configuring an Input Validation policy

An Input Validation policy can prevent suspicious HTTP requests. This function will verify the user input from scan points such as URL parameter, HTML form, hidden fields, and uploaded files. If the input format is incorrect or FortiADC detects other attacks, the request will be blocked.

Input Validation policies consist of the following components that must have already been configured if they are to be included in the policy:

To configure an Input Validation policy:
  1. Go to Web Application Firewall > Input Validation.
    The configuration page displays the Input Validation Policy tab.
  2. Click Create New to display the configuration editor.
  3. Enter a unique Input Validation policy name. Valid characters are A-Z, a-z, 0-9, _, and -. No space is allowed. The name of the policy cannot be changed after saving initially.
  4. Click Save to create the Input Validation Policy.
    Once the Input Validation Policy has been saved, the Parameter Validation Rule, Hidden Field Rule, and File Restriction Rule sections are available to configure.
  5. Under the Parameter Validation Rule section, add Parameter Validation rules to the Input Validation Policy.
    1. Click Create New to display the configuration editor.
    2. Select an existing Parameter Validation Rule or create a new configuration.
    3. Click Save to submit and exit out of the configuration editor.
  6. Under the Hidden Field Rule section, add Hidden Field rules to the Input Validation Policy.
    1. Click Create New to display the configuration editor.
    2. Select an existing Hidden Field Rule or create a new configuration.
    3. Click Save to submit and exit out of the configuration editor.
  7. Under the File Restriction Rule section, add File Restriction rules to the Input Validation Policy.
    1. Click Create New to display the configuration editor.
    2. Select an existing File Restriction Rule or create a new configuration.
    3. Click Save to submit and exit out of the configuration editor.
  8. Click Save to update the Input Validation policy.

After you have configured your Input Validation policy, you can reference it in a WAF Profile.