Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiAppSec Cloud User Guide

    File Protection

    File Protection

    You can configure FortiAppSec Cloud to perform the following tasks.

    • Restrict file uploads based upon file type and size.
    • Scan uploaded files for viruses and Trojans.
    • Submit uploaded files for evaluation and generate attack log messages for files that FortiAppSec Cloud has identified as threats.
    1. Go to Security Rules > File Protection.
      You must have already enabled this module in Add Modules. See Add and Remove Modules.
    2. Configure these settings.

      Setting

      Description

      Trojans/Backdoor

      Attackers may attempt to upload Trojan horse code (written in scripting languages such as PHP and ASP) to the back-end web servers. The Trojan then infects clients who access an infected web page.

      Enable to detect Trojans in the uploaded files.

      Antivirus Scan

      Enable to scan for viruses, malware, and greyware. Please note that due to caching limits, this feature can only process files smaller than 5 MB.

      Advanced Threat Protection

      Enable to send matching files to FortiSandbox Sandbox for evaluation.

      Sandbox file evaluation is performed in the same region where the FortiAppSec Cloud cluster is located. This ensures compliance with various data regulations such as GDPR.

      This option works only when your application is hosted on AWS or Azure.

      File Size Limit

      Define the maximum allowed size for the file to upload.

      File Type Validation

      Define the allowed and blocked file types.

      Select file types by clicking Change button, and then select to allow or block such files with Allow and Block buttons.

      Note: The ".zip" file compressed from the compression software (not the command line) that comes with the MacOS and Linux GUI operating systems has the same binary code with the ".jar" file. As a result, blocking the ".jar" file may incorrectly block the ".zip" file.

      To solve this problem, either warn your users not to use the compression methods mentioned above, or do not block the Java Archive(.jar) type.

      Target URL

      Define the target URL that accepts the uploads.

      JSON File Support

      Enable if you want to further parse the information contained in uploaded JSON files.

      File Name JSON Key Field- Locate the value of the filename parameter, and compare it against the value you entered in this field. This is optional.

      File Upload JSON Key Field- Locate the value of the content parameter, and compare it against the value you set in this field.

    3. Configure custom file types (optional) to manage handling for nonstandard file formats and extensions.

      1. Click Create Custom File Type.
      2. Enter a Name for the custom file type.
      3. Enter the File Extension.
        FortiAppSec Cloud WAF only checks file extensions if you configure them here. Once configured, all files must have this exact extension to be processed as the custom file type, in addition to meeting the File Content Match Rules defined below.
      4. Click Create Rule to define match conditions based on file content. Use this when you want the configured actions to apply only to files that contain specific traits or patterns. This opens the Create File Content Match Rule pop-up.
        1. Configure the following:

          Setting

          Description

          Offset From

          • Beginning: Starts for the Data Value at the beginning of the file content.

          • End of Last Match: Starts searching for the Data Value immediately after the rule's previous successful match. This enables detection of multiple, non-overlapping matches within the same file.

          Offset

          Enter the position in the file after the Offset from position where matching should begin.

          For example:

          • An Offset of 0 when Offset From is Beginning starts matching at the very first character of the file.

          • An Offset of 10 when Offset From is Beginning starts matching at character position 10 (skipping the first 10 characters).

          • An Offset of 5 when Offset From is End of Last Match starts matching 5 positions after the rule's previous successful match.

          Operation

          Select the matching logic that the system uses when scanning files.

          • Equal: The file content must be exactly the same as the specified value.

          • Search: The file content is checked to see if it contains the specified value anywhere.

          • Regex: The file content is checked against a regular expression pattern for flexible or complex matching.

          Data Type

          Select the Data Value's data type.

          • String

          • Hexarray (only available when the selected Operation is Equal

          Data Value

          Enter the value the match is looking for.

          Relationship with previous rule

          • AND: The rule will apply concurrently with the previous rule, meaning both conditions must be met. This creates a stricter condition where all linked rules must be met.

          • OR: The rule will apply as an alternative to the previous rule, meaning either condition can be met.

          For the first rule in a routing sequence, this field has no effect.

          Please note, rules bound by an AND relationship take precedence over those with OR relationships. This ensures all AND conditions must be met before considering OR conditions.

        2. Click OK to apply changes.
      5. Use the arrows under Action to arrange the file content match rules in the desired order.
      6. Click Save to apply changes.
    4. Select the action that FortiAppSec Cloud takes when it detects a violation of the rule from the top right corner.

      Alert

      Accept the request and generate a log message.

      Alert & Deny

      Block the request (or reset the connection) and generate a log message.

      Deny (no log)

      Block the request (or reset the connection) but do not generate log messages.

    5. Click Save.
    Previous
    Next

    File Protection

    File Protection

    You can configure FortiAppSec Cloud to perform the following tasks.

    • Restrict file uploads based upon file type and size.
    • Scan uploaded files for viruses and Trojans.
    • Submit uploaded files for evaluation and generate attack log messages for files that FortiAppSec Cloud has identified as threats.
    1. Go to Security Rules > File Protection.
      You must have already enabled this module in Add Modules. See Add and Remove Modules.
    2. Configure these settings.

      Setting

      Description

      Trojans/Backdoor

      Attackers may attempt to upload Trojan horse code (written in scripting languages such as PHP and ASP) to the back-end web servers. The Trojan then infects clients who access an infected web page.

      Enable to detect Trojans in the uploaded files.

      Antivirus Scan

      Enable to scan for viruses, malware, and greyware. Please note that due to caching limits, this feature can only process files smaller than 5 MB.

      Advanced Threat Protection

      Enable to send matching files to FortiSandbox Sandbox for evaluation.

      Sandbox file evaluation is performed in the same region where the FortiAppSec Cloud cluster is located. This ensures compliance with various data regulations such as GDPR.

      This option works only when your application is hosted on AWS or Azure.

      File Size Limit

      Define the maximum allowed size for the file to upload.

      File Type Validation

      Define the allowed and blocked file types.

      Select file types by clicking Change button, and then select to allow or block such files with Allow and Block buttons.

      Note: The ".zip" file compressed from the compression software (not the command line) that comes with the MacOS and Linux GUI operating systems has the same binary code with the ".jar" file. As a result, blocking the ".jar" file may incorrectly block the ".zip" file.

      To solve this problem, either warn your users not to use the compression methods mentioned above, or do not block the Java Archive(.jar) type.

      Target URL

      Define the target URL that accepts the uploads.

      JSON File Support

      Enable if you want to further parse the information contained in uploaded JSON files.

      File Name JSON Key Field- Locate the value of the filename parameter, and compare it against the value you entered in this field. This is optional.

      File Upload JSON Key Field- Locate the value of the content parameter, and compare it against the value you set in this field.

    3. Configure custom file types (optional) to manage handling for nonstandard file formats and extensions.

      1. Click Create Custom File Type.
      2. Enter a Name for the custom file type.
      3. Enter the File Extension.
        FortiAppSec Cloud WAF only checks file extensions if you configure them here. Once configured, all files must have this exact extension to be processed as the custom file type, in addition to meeting the File Content Match Rules defined below.
      4. Click Create Rule to define match conditions based on file content. Use this when you want the configured actions to apply only to files that contain specific traits or patterns. This opens the Create File Content Match Rule pop-up.
        1. Configure the following:

          Setting

          Description

          Offset From

          • Beginning: Starts for the Data Value at the beginning of the file content.

          • End of Last Match: Starts searching for the Data Value immediately after the rule's previous successful match. This enables detection of multiple, non-overlapping matches within the same file.

          Offset

          Enter the position in the file after the Offset from position where matching should begin.

          For example:

          • An Offset of 0 when Offset From is Beginning starts matching at the very first character of the file.

          • An Offset of 10 when Offset From is Beginning starts matching at character position 10 (skipping the first 10 characters).

          • An Offset of 5 when Offset From is End of Last Match starts matching 5 positions after the rule's previous successful match.

          Operation

          Select the matching logic that the system uses when scanning files.

          • Equal: The file content must be exactly the same as the specified value.

          • Search: The file content is checked to see if it contains the specified value anywhere.

          • Regex: The file content is checked against a regular expression pattern for flexible or complex matching.

          Data Type

          Select the Data Value's data type.

          • String

          • Hexarray (only available when the selected Operation is Equal

          Data Value

          Enter the value the match is looking for.

          Relationship with previous rule

          • AND: The rule will apply concurrently with the previous rule, meaning both conditions must be met. This creates a stricter condition where all linked rules must be met.

          • OR: The rule will apply as an alternative to the previous rule, meaning either condition can be met.

          For the first rule in a routing sequence, this field has no effect.

          Please note, rules bound by an AND relationship take precedence over those with OR relationships. This ensures all AND conditions must be met before considering OR conditions.

        2. Click OK to apply changes.
      5. Use the arrows under Action to arrange the file content match rules in the desired order.
      6. Click Save to apply changes.
    4. Select the action that FortiAppSec Cloud takes when it detects a violation of the rule from the top right corner.

      Alert

      Accept the request and generate a log message.

      Alert & Deny

      Block the request (or reset the connection) and generate a log message.

      Deny (no log)

      Block the request (or reset the connection) but do not generate log messages.

    5. Click Save.
    Previous
    Next