Hi,
I have a problem with the GeoIP block message after updating from 6.3 to 7.0.
When GeoIP blocking is enabled in an inline web protection profile, FortiWeb just reset the connections instead of displaying a block message page related to Geo IP blocking!!!
Does anybody know how we could handle this?
Thanks.
Solved! Go to Solution.
Hi arash7362,
Please make sure the X-Forwarded-For policy is configured with the options 'Use X-Header to Identify Original Client's IP' and 'Block Using Original Client's IP'.
Also, in the Geo IP policy, the 'Ignore X-Forwarded-For' setting should be disabled.
Otherwise, FortiWeb performs the Geo IP check at the TCP level (Sends TCP Reset). Displaying the block page is possible on the HTTP level in which X-Forwarded-For is needed.
Hello arash7362,
FortiWeb responds with HTTP 500 return code when source IP matches GeoIP policy region blocklist with attack replacement message regardless of action set in GeoIP policy.
Verify if an attack log generated due to Geo IP block and if client had indeed receive the return code to properly get the replacement message.
Thanks.
Regards,
Shafiq
Thanks, dear shafiq23 for your response,
Yes, in the device attack log page, I see the attack log has been generated due to denying the client's IP address.
But the problem is that FortiWeb does not send the HTTP return code and the related message page, instead it reset the TCP session without sending anything!!!
Hi arash7362,
Please make sure the X-Forwarded-For policy is configured with the options 'Use X-Header to Identify Original Client's IP' and 'Block Using Original Client's IP'.
Also, in the Geo IP policy, the 'Ignore X-Forwarded-For' setting should be disabled.
Otherwise, FortiWeb performs the Geo IP check at the TCP level (Sends TCP Reset). Displaying the block page is possible on the HTTP level in which X-Forwarded-For is needed.
Dear emete_FTNT,
Thank you very much for your help. It works.
I have been involved in this issue for a long time.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.