Protecting the passwords
For the user input field which is in the "password" type, FortiWeb can obfuscate the name of the password input field, and use encryption and anti-keylogger to protect the value of the password input field.
To add the password input fields in the MiTB rule:
- Go to Web Protection > Advanced Protection > Man in the Browser Protection, select the Man in the Browser Protection Rule tab, select the MiTB rule you want to edit, then click Edit. See this topic to add the MiTB rule if you have not yet added one.
- In the Protected Parameter Table section at the middle of the page, click Create New.
- Enter the name of the password input filed. It should be exactly the same with the name of password input field in the source code of the web page.
- Select Password Input for the Type.
- Enable Obfuscate, Encrypt, and Anti-Keylogger according to your own needs.
- Click OK.