Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
arash7362
New Contributor

FortiWeb does not show replacement message when GeoIP is enabled

Hi,

I have a problem with the GeoIP block message after updating from 6.3 to 7.0.

When GeoIP blocking is enabled in an inline web protection profile, FortiWeb just reset the connections instead of displaying a block message page related to Geo IP blocking!!!

Does anybody know how we could handle this?

Thanks.

1 Solution
emete_FTNT
Staff
Staff

Hi arash7362,

 

Please make sure the X-Forwarded-For policy is configured with the options 'Use X-Header to Identify Original Client's IP' and 'Block Using Original Client's IP'.XFF-Geo IP.png

Also, in the Geo IP policy, the 'Ignore X-Forwarded-For' setting should be disabled.

Ignore XFF Disabled.png

Otherwise, FortiWeb performs the Geo IP check at the TCP level (Sends TCP Reset). Displaying the block page is possible on the HTTP level in which X-Forwarded-For is needed.

View solution in original post

4 REPLIES 4
shafiq23
Staff
Staff

Hello arash7362,

 

FortiWeb responds with HTTP 500 return code when source IP matches GeoIP policy region blocklist with attack replacement message regardless of action set in GeoIP policy.

 

Verify if an attack log generated due to Geo IP block and if client had indeed receive the return code to properly get the replacement message.

 

attack_log1.png

block_page.png

 

Thanks.

 

Regards,
Shafiq

arash7362

Thanks, dear shafiq23 for your response,

Yes, in the device attack log page, I see the attack log has been generated due to denying the client's IP address.

But the problem is that FortiWeb does not send the HTTP return code and the related message page, instead it reset the TCP session without sending anything!!!

emete_FTNT
Staff
Staff

Hi arash7362,

 

Please make sure the X-Forwarded-For policy is configured with the options 'Use X-Header to Identify Original Client's IP' and 'Block Using Original Client's IP'.XFF-Geo IP.png

Also, in the Geo IP policy, the 'Ignore X-Forwarded-For' setting should be disabled.

Ignore XFF Disabled.png

Otherwise, FortiWeb performs the Geo IP check at the TCP level (Sends TCP Reset). Displaying the block page is possible on the HTTP level in which X-Forwarded-For is needed.

arash7362

Dear emete_FTNT,

Thank you very much for your help. It works.
I have been involved in this issue for a long time.

Top Kudoed Authors