Fortinet black logo

Handbook

Home FortiADC 7.4.2 Handbook
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7

Configuring a File Restriction rule

Configuring a File Restriction rule

Define the File Restriction rule for Input Validation to restrict file uploads based on file type and size.

The File Restriction rule function can do the following:

  • Check the HOST by simple string or regular expression matching.
  • Check the URL by simple string or regular expression matching.
  • Check the uploaded file type and file size by simple string or regular expression matching.

If the conditions are successfully matched, it will execute the specified action.

To configure a File Restriction rule:
  1. Go to Web Application Firewall > Input Validation.
  2. Click the File Restriction tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following File Restriction settings:

    Setting

    Description

    Name

    Enter a unique File Restriction policy name. Valid characters are A-Z, a-z, 0-9, _, and -. No space is allowed.

    Note: Once saved, the name of a File Restriction policy cannot be changed.

    Host Status

    Enable to require that the Host: field of the HTTP request match a protected host name's entry in order to match the URL access rule. Also configure Host.

    Host

    The Host option is available if Host Status is enabled.

    Select which protected host name's entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the URL access rule.

    Request URL

    The HTTP request URL must be start with /. eg./login. This item must be set when configuring the rule. FortiADC will match the other item (rule) when matching the request URL; if the match fails, FortiADC will not attempt to match others.

    Action

    Select the action profile that you want to apply. See Configuring WAF Action objects.

    The default value is Alert.

    Severity

    When FortiADC records violations of this rule in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level FortiADC uses when using Input Validation:

    • Low
    • Medium
    • High

    The default value is Low.

    Upload File Status

    Allow: Only allow the selected file type to upload.

    Block: Block any upload of the selected file type.

    Upload File Size

    The maximum size of the uploaded file.

  5. Click Save.
    Once the File Restriction configuration is saved, the Upload File Type section can be configured.
  6. Under the Upload File Type section, click Create New to display the configuration editor.
  7. In the Field Type field, select the supported file types for the uploaded file.
  8. Click Save to update the File Restriction configuration.

After the File Restriction rule has been saved, you can include it in an Input Validation Policy.

Previous
Next

Configuring a File Restriction rule

Define the File Restriction rule for Input Validation to restrict file uploads based on file type and size.

The File Restriction rule function can do the following:

  • Check the HOST by simple string or regular expression matching.
  • Check the URL by simple string or regular expression matching.
  • Check the uploaded file type and file size by simple string or regular expression matching.

If the conditions are successfully matched, it will execute the specified action.

To configure a File Restriction rule:
  1. Go to Web Application Firewall > Input Validation.
  2. Click the File Restriction tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following File Restriction settings:

    Setting

    Description

    Name

    Enter a unique File Restriction policy name. Valid characters are A-Z, a-z, 0-9, _, and -. No space is allowed.

    Note: Once saved, the name of a File Restriction policy cannot be changed.

    Host Status

    Enable to require that the Host: field of the HTTP request match a protected host name's entry in order to match the URL access rule. Also configure Host.

    Host

    The Host option is available if Host Status is enabled.

    Select which protected host name's entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the URL access rule.

    Request URL

    The HTTP request URL must be start with /. eg./login. This item must be set when configuring the rule. FortiADC will match the other item (rule) when matching the request URL; if the match fails, FortiADC will not attempt to match others.

    Action

    Select the action profile that you want to apply. See Configuring WAF Action objects.

    The default value is Alert.

    Severity

    When FortiADC records violations of this rule in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level FortiADC uses when using Input Validation:

    • Low
    • Medium
    • High

    The default value is Low.

    Upload File Status

    Allow: Only allow the selected file type to upload.

    Block: Block any upload of the selected file type.

    Upload File Size

    The maximum size of the uploaded file.

  5. Click Save.
    Once the File Restriction configuration is saved, the Upload File Type section can be configured.
  6. Under the Upload File Type section, click Create New to display the configuration editor.
  7. In the Field Type field, select the supported file types for the uploaded file.
  8. Click Save to update the File Restriction configuration.

After the File Restriction rule has been saved, you can include it in an Input Validation Policy.

Previous
Next