mtogo_FTNT
Staff
Staff

Description

FortiWeb has a function to protect Web servers against a file being uploaded.  The function can be configured from CLI "waf file-upload-restriction-rule" or from the Web GUI: Web Protection > Input Validation > File Upload Restriction Rule.


Scope

This article provides complementary information to the FortiWeb CLI and Administration guides. At the time of writing the latest version of FortiWeb is 5.5.4.


Solution

The "waf file-upload-restriction-rule" can have multiple rules and one consists of parameters as follows.  Parameters like host, request-type and request-file are filters to match conditions for a policy to take effect.
    config waf file-upload-restriction-rule
      edit "Example_Rule"
        set host-status disable
        unset host
        set request-type regular
        set request-file /.*
        set file-size-limit 1
        config  file-types
          edit 2
            set file-type-name AVI
            set file-type-id 00016
          next
          edit 3
            set file-type-name "Word Template(.dotx)"
            set file-type-id 00062
          next
        end
      next
    end

The rule recognizes uploading a large file as a kind of attack but how large is decided by the user and its size is file-size-limit between 0 and 102,400 KBytes.  If uploading a file whose size is bigger than the file-size-limit, the rule will consider it as an attack.  However, when the file-size-limit is set to 0, file-size detection will not take effect.

102,400 KBytes is the maximum size of Maximum Antivirus Buffer Size, and file-size-limit is a size of the file which can be uploaded.

File upload detects five kinds of attacks, which are AntiVirus Scan, Trojan Detection, Scan Files with FortiSandbox, File-size Detection and File-type Detection.

Detecting order is File-size Detection, File-type Detection, Trojan Detection, AntiVirus Scan, Scan Files with FortiSandbox.

A "File Upload Restriction Policy" can hold multiple "File Upload Restriction Rules".  However, during a HTTP/HTTPS session, only one rule will take effect.  Which rule will take effect is depends on the host and the request URL configured in the "File Upload Restriction Rule".
Contributors