Fortinet Community

Khidzir_MN · ‎04-02-2023

Description

This article describes how to limit access to specific URL from specific source address.
It is maybe necessary to preconfigure other respective Application setup and refer to the documentation at the end of this article for more information on onboarding your application.

Scope

FortiWeb Cloud WAF-as-a-Service

Solution

It is necessary to limit access to specific URLs from specific source addresses.

For example:

There is a requirement to allow source IP 10.10.10.10 (using private IP as an example, the actual requirement maybe be using a Public IP) to access https://www.example.com/abc

The Custom Rule feature may be used for the requirement.

1) Go to ADVANCED APPLICATIONS -> Custom Rule.

It is maybe necessary to enable this module in the '+ ADD MODULES' menu, under ADVANCED APPLICATIONS -> Custom Rule.

2) Select the '+ Create Rule' button on the right.

3) For the Create Custom Rule, enter the respective information.
For Name, specify the respective name to identify the rule, and for
Operation, select Alert & Deny.

4) Select the 'ADD FILTER' button on the right. For Filter Type, select Source IP and for IP/IP Range, input the respective source IP that needs to be allowed access. Enable the Reverse Matching option.

Select the SAVE FILTER.

5) Click the 'ADD FILTER' button again. For Filter Type, select URL and for URL Pattern, input the respective URL that needs to be allowed access. Select the SAVE FILTER.

6) Select 'OK'.

7) Select 'SAVE' on the Custom Rule page to apply the Custom Rule.

Related document on Onboarding applications:

https://docs.fortinet.com/document/fortiweb-cloud/latest/user-guide/32019/onboarding-applications

Fortinet Community

Technical Tip: How to limit access to specific URL from specific source address