Description | This article describes how to add an exception for a Signature. |
Scope | |
Solution |
Explanation.
There are multiple ways to add an exception in the Signature. Let’s take a look at a sample attack log (Pic1) generated on ForitWeb and then see how it is possible to add an exception for the triggered HTTP request in the signature.
The attack log says fortiweb blocked the HTTP request containing the matching pattern .jsp%00 in the URI.
Let’s check what this signature is all about by simply selecting the ‘Message: RAWURI triggered signature ID 050160001 of signature policy Signature_Policy’ and then selecting ‘View Signature’ option.
The description of the signature says: 'This signature prevents information disclosure. This injection can be achieved in HTTP URL.'
To explain in detail, an attacker can make the remote web server discloses the source code of its JSP pages by appending a NULL character to the name of the JSP files requested (eg, 'foo.jsp%00' , ‘test.jsp%00’ ) With this signature enabled, HTTP request contains URI with a NULL character %00 appended to the name of the JSP files request triggers the signature and based on the action set, Fortiweb will perform an action.
If this type of request is legitimate in the environment, then it is possible to add an exception by using one of the methods mentioned below.
Method1:
It is possible to select the desired Element type based on the strictness level of the exception to add.
Method2:
Navigate to Web Protection -> Known attacks -> Signatures -> Generic Attacks(SubType) -> SRC Disclosure (Signature Subclass type) and find the Signature ID 050160001 in the list.
Select the Exception button and add an exception.
Method3:
In this case, the triggered Signature ID is 050160001.
Once the exception is added, the HTTP request matching the exception rule will not be blocked. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.