Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate D100 prevent Mobile Browser HttpInfo flood

I'm using Fortigate D100 in office. When I double check our Apache 2.2 web server. I found out the access_log full of the Http info which matched UserAgent show in, the source ip address to post this is different after few seconds. - - [21/Sep/2017:00:04:04 +0800] "GET / HTTP/1.1" 200 60549 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; MSIECrawler)THISISTESTOPEN"


I think about a way how to use my Fortigate to prevent all the entries post in our Apache server. I intent to use Moziila all signature rules in Intrusion menu. Seems it works quite alright.


But when I take a look on some entries, - - [21/Sep/2017:00:05:41 +0800] "GET /apple-touch-icon-120x120-precomposed.png HTTP/1.1" 404 320 "-" "MobileSafari/601.1 CFNetwork/758.3.15 Darwin/15.4.0" - - [21/Sep/2017:00:05:41 +0800] "GET /apple-touch-icon-120x120.png HTTP/1.1" 404 308 "-" "MobileSafari/601.1 CFNetwork/758.3.15 Darwin/15.4.0" - - [21/Sep/2017:00:05:42 +0800] "GET /apple-touch-icon.png HTTP/1.1" 404 300 "-" "MobileSafari/601.1 CFNetwork/758.3.15 Darwin/15.4.0" - - [21/Sep/2017:00:05:42 +0800] "GET /apple-touch-icon.png HTTP/1.1" 404 300 "-" "MobileSafari/601.1 CFNetwork/758.3.15 Darwin/15.4.0"


But I found out there are some http info looks like from Mobile browser to flood, I'm not sure which Signature Rules in Intrusion menu can prevent this. So can somebody give me a clue? 


Million thanks



Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors