You can also configure the size of FortiWeb’s scan buffers. For details, see config system advanced in the FortiWeb CLI Reference. |
Setting Name | Description |
Shared IP | Enable to analyze the identification (ID) field in IP packet headers in order to distinguish source IP addresses that are actually Internet connections shared by multiple clients, not single clients. For an example, see “Example: Setting a separate rate limit for shared Internet connections”. You can configure the ID difference threshold that triggers shared IP detection. For details, see config system ip-detection in the FortiWeb CLI Reference. Note: The shared IP address rate limit for some features (see “Preventing brute force logins” and “Limiting the total HTTP request rate from an IP”) will be ignored unless you enable this option. Tip: To improve performance and reduce memory consumption, if all source IP addresses should receive the same rate limit regardless of the number of clients sharing each connection, disable this option. |
Recursive URL Decoding | Enable to detect URL-embedded attacks that are obfuscated using recursive URL encoding (that is, multiple levels’ worth of URL encoding). Encoded URLs can be legitimately used for non-English URLs, but can also be used to avoid detection of attacks that use special characters. FortiWeb can decode encoded URLs to scan for these types of attacks. Several encoding types are supported, including IIS-specific Unicode encoding. For example, you could detect the character A that is encoded as either %41, %x41, %u0041, or \t41. Disable to decode only one level, if the URL is encoded. |
Maximum Body Cache Size | Type the maximum size in kilobytes (KB) of the body of the HTTP response from the web server that FortiWeb will cache per URL. Responses are cached to improve performance on compression, decompression, and rewriting on often-requested URLs. Valid values range from 32 to 1,024. The default value is 64. |
Maximum DLP Cache Size | Type the maximum size in kilobytes (KB) of the body of the HTTP response from the web server that FortiWeb will buffer and scan for data leak protection (DLP). Responses are cached to improve performance on compression, decompression, and rewriting on often-requested URLs. Valid values vary by Maximum Body Cache Size. |