Description |
This article describes how to block URLs when they are redirected within a parameter.
Example: It is desired to block all access to /ecp path on the mail server but the mail server redirects the traffic to a login page and adds the URL in the request in a parameter called URL.
When trying to access https://mailserver.local/ecp, it will redirect to https://mailserver.local/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.aguasdoporto.pt...
To configure a URL-access policy matching /ecp* using the below steps, it will not block the URL within the parameter:
config waf url-access url-access-rule edit "Block_ECP" set action deny_no_log config match-condition edit 1 set reg-exp /ecp* set type regex-expression next end next end
config waf url-access url-access-policy edit "Block_ECP" config rule edit 1 set url-access-rule-name Block_ECP next end next end
config waf web-protection-profile inline-protection edit "Block_ECP_WPP" set url-access-policy Block_ECP next end
When testing with https://mailserver.local/ecp, it will be blocked. However, when attempting to access https://mailserver.local/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.aguasdoporto.pt..., it will not be blocked. |
Scope | FortiWeb. |
Solution |
To use Custom-access policies to match the parameter url for any value containing ECP:
Afterward, access to the URL containing the redirected URL is no longer allowed:
Related documents: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.