Advanced/optional system settings : Advanced settings
 
Advanced settings
Several system-wide options that determine how FortiWeb scans traffic and caches server responses are configurable on System > Config > Advanced.
 
You can also configure the size of FortiWeb’s scan buffers. For details, see config system advanced in the FortiWeb CLI Reference.
Table 49: System > Config > Advanced
Setting Name
Description
Shared IP
Enable to analyze the identification (ID) field in IP packet headers in order to distinguish source IP addresses that are actually Internet connections shared by multiple clients, not single clients. For an example, see “Example: Setting a separate rate limit for shared Internet connections”.
You can configure the ID difference threshold that triggers shared IP detection. For details, see config system ip-detection in the FortiWeb CLI Reference.
Note: The shared IP address rate limit for some features (see “Preventing brute force logins” and “Limiting the total HTTP request rate from an IP”) will be ignored unless you enable this option.
Tip: To improve performance and reduce memory consumption, if all source IP addresses should receive the same rate limit regardless of the number of clients sharing each connection, disable this option.
Recursive URL Decoding
Enable to detect URL-embedded attacks that are obfuscated using recursive URL encoding (that is, multiple levels’ worth of URL encoding).
Encoded URLs can be legitimately used for non-English URLs, but can also be used to avoid detection of attacks that use special characters. FortiWeb can decode encoded URLs to scan for these types of attacks. Several encoding types are supported, including IIS-specific Unicode encoding.
For example, you could detect the character A that is encoded as either %41, %x41, %u0041, or \t41.
Disable to decode only one level, if the URL is encoded.
Maximum Body Cache Size
Type the maximum size in kilobytes (KB) of the body of the HTTP response from the web server that FortiWeb will cache per URL.
Responses are cached to improve performance on compression, decompression, and rewriting on often-requested URLs.
Valid values range from 32 to 1,024. The default value is 64.
Maximum DLP Cache Size
Type the maximum size in kilobytes (KB) of the body of the HTTP response from the web server that FortiWeb will buffer and scan for data leak protection (DLP).
Responses are cached to improve performance on compression, decompression, and rewriting on often-requested URLs.
Valid values vary by Maximum Body Cache Size.
See also
Defeating cipher padding attacks on individually encrypted inputs
Limiting the total HTTP request rate from an IP
Preventing brute force logins
Example: Setting a separate rate limit for shared Internet connections
Blocking known attacks & data leaks
Rewriting & redirecting
Compression & decompression
Supported cipher suites & protocol versions