Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
mtogo_FTNT
Staff
Staff

Created on ‎09-28-2016 07:39 PM Edited on ‎10-30-2024 07:53 AM By Moderator

Article Id 197821

Technical Tip : How does FortiWeb handle 'waf file-upload-restriction-rule' parameters

Description

 
This article describes that FortiWeb has a function to protect Web servers against a file being uploaded. The function can be configured from CLI 'waf file-upload-restriction-rule' or the Web GUI: Web Protection -> Input Validation -> File Security.


Scope

 

This article provides complementary information to the FortiWeb CLI and Administration guides. FortiWeb v6.x and v7.x.


Solution

 

The 'waf file-upload-restriction-rule' can have multiple rules and one consists of parameters as follows. Parameters like host, request-type, and request-file are filters to match conditions for a policy to take effect.
 
config waf file-upload-restriction-rule
    edit "Example_Rule"
        set host-status disable
        unset host
        set request-type regular
        set request-file /.*
        set file-size-limit 1
            config  file-types
                edit 2
                    set file-type-name AVI
                    set file-type-id 00016
                next
                edit 3
                    set file-type-name "Word Template(.dotx)"
                    set file-type-id 00062
                next
            end
    next
end
 
It is possible to find the information from GUI:
 
File validation.png
The rule recognizes uploading a large file as a kind of attack but how large is decided by the user and its size is file-size-limit between 0 and 102,400 KBytes. If uploading a file whose size is bigger than the file-size-limit, the rule will consider it as an attack. However, when the file-size-limit is set to 0, file-size detection will not take effect.

102,400 KBytes is the maximum size of Maximum Antivirus Buffer Size, and file-size-limit is a size of the file which can be uploaded.

File upload detects five kinds of attacks, which are AntiVirus Scan, Trojan Detection, Scan Files with FortiSandbox, File-size Detection and File-type Detection.

Detecting order is File-size Detection, File-type Detection, Trojan Detection, AntiVirus Scan, Scan Files with FortiSandbox.

A 'File Upload Restriction Policy' can hold multiple 'File Upload Restriction Rules'. However, during a HTTP/HTTPS session, only one rule will take effect. Which rule will take effect is depends on the host and the request URL configured in the 'File Upload Restriction Rule'.
Labels:
2042
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.