You can customize the following FortiWeb HTML pages:
Pages that FortiWeb presents to clients when it authenticates users.
FortiWeb uses these pages when the client authentication method in a site publishing configuration is HTML Form Authentication. For more information, see "Single sign-on (SSO) (site publishing)" on page 1.
FortiWeb uses these pages for all server policies. If you require a page content that is customized for a specific policy, create an ADOM that contains the custom pages for that policy.
You can specify the HTTP reponse code that the attack block message page displays. If the error status code allows an attacker to fingerprint a vulnerable application, you can customize it to display a more vague reply. (For all other pages, you cannot change the default response code.)
The following codes are examples of HTTP response codes:
200— OK. Typically indicates success, and accompanies resource requested by the client.
400— Bad Request. Typically indicates wrong syntax.
403— Forbidden. Typically indicates inaccessible files.
404— File Not Found. Typically indicates missing files.
500— Internal Server Error. Typically indicates one of many possible conditions such as a servlet runtime error.
501— Not Implemented. Typically indicates a non-existent function on the web application.
When it generates error and authentication messages, FortiWeb generates some of the message content using macros. It uses two type of macros: label macros and image macros.
Although you can add the predefined macros to your custom messages, you cannot create macros and you cannot modify the label macros. You can modify an image macro to reference a predefined image or one that you have uploaded.
You can use the following label macros anywhere in the HTML code for Attack Block Page and Server Unavailable Message messages:
Inserts one of the following URLs:
|%%SOURCE_IP%%||The source IP address of the client that attempted to access the web service.|
|%%DEST_IP%%||The IP address of the web server.|
|%%VSERVER_IP%%||The IP address of the virtual server.|
|%%EVENT_ID%%||An ID number that identifies the attack type. Use this number to help you locate the log for the event in the FortiWeb attack log.|
You can use the following label macros anywhere in the HTML code for the Site Publish Authentication messages:
|%%ORG_LOCATION_VAL%%||The original URL that the client tried to access.|
|%%REPLY_TAG%%||The authentication server reply message.|
|%%LOGIN_POST_URL%%||The login URL where users post their credentials.|
|%%TOKEN_POST_URL%%||The login URL where users insert their token code.|
|%%RSA_LOGIN_POST_URL%%||The login URL where users post their RSA SecurID credentials.|
|%%RSAC_POST_URL%%||The login URL where users post their RSA SecurID credentials.|
Use the following format to add an image macro anywhere in a custom error or authentication message:
<image_name> is the name of either a predefined image or one you have uploaded. To view or upload images, go to System > Status > Replacement Message, and then click Manage Images. For more information, see To view or add images used in error or authentication pages.
For example, in the default Attack Block Page message, the macro
%%IMAGE%%:logo_v2_fnet%% adds the predefined image
logo_v2_fnet. If you add the image
test to the list of images, use
%%IMAGE%%:test%% to add it to the HTML code.
1. If your custom page requires a custom image, see To view or add images used in error or authentication pages.
2. Go to System > Config > Replacement Message.
3. Select the page you want to edit in the list of pages.
4. If you selected Attack block page and want to change the HTTP response code it displays, click Edit HTTP Response Code. Enter a new value for the code, and then click Apply.
5. In the bottom-right pane, edit the HTML code as required.
The results of any changes you make are displayed immediately in the bottom-left pane.
For information about using macros in the code, see Macros in custom error and authentication pages.
6. Click Save to save your changes or Restore Defaults to revert to the preset version of the page.
1. Go to System > Config > Replacement Message.
2. Click Manage Images, and then click Create New.
3. Specify a name for the image file, select its content type, and then click Choose File to browse to the file and select it.
Ensure the image is no larger than 24 kb and that its type matches the value you selected for Content Type.
4. Click OK, and then click Return to return to the list of customizable pages.
Open topic with navigation