FortiWeb leverages IP reputation as a critical defense mechanism, analyzing the past activities of IP addresses to identify and block potentially malicious traffic. By mitigating risks associated with web application vulnerabilities, DDoS attacks, and unauthorized access attempts, FortiWeb's IP reputation feature empowers organizations to strengthen their security posture.

1. Verify IP Reputation database version update.

Navigate to System -> Config -> FortiGuard:

Subsequently, verify the latest database version release on the FortiGuard website:
Botnet

2. IP Reputation Policy action to prevent threat actors.

Navigate to IP Protection -> IP Reputation:

By default, FortiWeb takes action against a poor IP address’s reputation by ‘Block Period’ for 60 seconds.

Ensure IP Reputation is turned on in the respective Web Protection Profile.

3. Blocklisting IP addresses manually.

Navigate to IP Protection -> IP List

1. Create an IP List policy.
2. Create an IP List Policy Member and specify the malicious IP address with its type.
3. Associate the IP List policy with the respective Web Protection Profile.

Related document:

IP List - Blocklisting & whitelisting clients using a source IP or source IP range

4. Submit a re-evaluation request of the malicious IP address.

Threat actors may use IP addresses that are not updated in the latest IP Reputation DB.

In such cases, a request can be submitted to FortiGuard to re-evaluate the IP address.

FortiWeb Application Security Contact Form

Refer to the FortiWeb Administrator Guide for more information regarding IP Reputation:
IP Reputation - Blocklisting source IPs with poor reputation