Hello,
we are using Fortiweb VM version 7.0.8 and i'm not specialist in the system. Our Exchange server is behind the fortiweb. We have a lot of attempt to connect to the exchange using EWS.
I can see in the Traffic (Log & Report) for attempts and the return code is 401 (forbidden).
My question : Is it possible to create a rule/policy to automatically block IP for all attempt getting the Return code 401?
Thank you
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
In fact our Fortiweb was configured by an external provider.
I finally found my way:
All working as expected !
Hi
I'm used to integrate and administer FortiWeb but I personally don't know such feature.
And logically talking, since 401 is not actually an attack then I don't think you can do such action in FortiWeb.
Hello,
in fact to develop our problem, we can see theses errors in the traffic logs: It's all connection attempt to our Exchange using EWS. We can see the return code 401
I found a way to normally block this by creating a new custom policy:
But this rule seems not block anythings.
Can you help me?
Thank you
Hello,
you can try to blacklist the source IP and Fortiweb should present a general error page.
There is also the option to customize http responses to show less about the error:
Hi ,
thank you. In fact theses attacks are from a lot of differents ip. I suppose doing by bots.
It will be not usefull to blacklist ip by hand.
It's why automatically block when Fortiweb detect a forbidden message could be very good for the security.
Have you an idea to how troubleshoot this?
Thank you very much
I'd not do it that way because in case one legitimate user accesses unintentionally a forbidden resource (which is not an attack), he will be blocklisted while he shouldn't.
Since you want to block bad bots I think the right way in your case is to allow/block requests based on IP reputation.
Hello,
In fact our Fortiweb was configured by an external provider.
I finally found my way:
All working as expected !
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.