Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
tnazarov
Staff
Staff

Created on ‎08-19-2024 02:27 AM Edited on ‎08-19-2024 02:49 AM

Article Id 334266

Technical Tip: FortiWeb attack logs show for FortiWeb 'File name [blob]: Illegal file type'

Description

This article describes why FortiWeb attack logs may display the file name as an illegal file type, even when File Security is properly configured in FortiWeb.
Scope

FortiWeb 7.0.0 and later.
Solution

Attack log:

 

illegal.png

 

Sometimes, the message 'File name [blob]: Illegal file type' may appear even after configuring File Security in FortiWeb, leading to the assumption that FortiWeb is not correctly detecting the file type. For example, if FortiWeb is set to block the 'pdf' file extension but fails to detect the file type when a PDF file is uploaded, it may not enforce the block as expected.

 

But, FortiWeb can perceive the files with file extension names and some keywords in file content, it is up to how to select the files File Security Rule in File Security.

 

  1. If the file type under other file categories is selected, FortiWeb will check the keywords in the file content to match the file.
  2. If the file type under Whole Suffixes Files and other file categories is selected, FortiWeb will check both the file extension name and the keywords in the file content to match the file.
     

file-cate(1).gif
656
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.