I'm setting up my first webapp on a brand new FortiWeb Cloud.
The webapp is going to use the automatic certificates from Let's Encrypt; I also need to setup a very strict Geo IP Block.
Turns out that Let's Enrypt is not going to work with that setup, as HTTP requests from blocked countries will be dropped.
However, on the Let's Encrypt community someone got a solution:
https://community.letsencrypt.org/t/whitelist-letsencrypt-server-ips/215833
How can I implement a whitelist for incoming HTTP request to /.well-known/acme-challenge?
Thanks!
Marco
Solved! Go to Solution.
I opened a ticket on this topic. Support stated that the reported behaviour was fixed in a recent version of FortiWeb Cloud. I can confirm that the setup worked correctly in the following round of certificate renewal from Let's Encrypt.
m.
Have you checked this section from the Administration guide?
Hello Emirjon,
my environment uses FortiWeb Cloud, so I referred to its User Guide.
The corresponding section is: URL Access | FortiWeb Cloud 24.2.0 | Fortinet Document Library
However, URL Access comes much later than GeoIP in the Sequence of Scan for FortiWeb Cloud, so I think it wouldn't be of much help.
m.
I opened a ticket on this topic. Support stated that the reported behaviour was fixed in a recent version of FortiWeb Cloud. I can confirm that the setup worked correctly in the following round of certificate renewal from Let's Encrypt.
m.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.