Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AbdoSoft1
New Contributor

Prevent web application access using real IP address FortiWeb

Hello everyone,

hoping all is well with you , I am using FortiWeb to protect about 10 web servers on my network , I am using subdomain from my domain from Godaddy like ( abc.xyz.com ) and assign NATed real IP to the subdomain so users can use this subdomain to access the web applications that protected by FortiWeb, but if a user use the real IP the web application works fine but I need to prevent using Real IP I need block this , I need users to use only my subdomains , because there are many Bot scanners try to attack my web applications and using Real IP at the column ( HTTP Host )

WAF.png

Abdullah Shehatah
Network Security Engineer
Abdullah ShehatahNetwork Security Engineer
8 REPLIES 8
jintrah_FTNT
Staff
Staff

hi,

Could you mention the mode of deployment? Is it not reverse proxy?

 

Best regards,

Jin

AbdoSoft1

Reverse Proxy Mode

Abdullah Shehatah
Network Security Engineer
Abdullah ShehatahNetwork Security Engineer
jintrah_FTNT

So by default, traffic cannot go through directly to a real server via FortiWeb but through a VIP. Did you change any other settings?

 

best regards,

Jin

jintrah_FTNT

Or are you trying to prevent access by users using the vip/virtual server IP address? But instead access should only occur by means of a FQDN/hostname?

 

Best regards,

Jin

AbdoSoft1

exactly access should only occur by means of a FQDN/hostname

Abdullah Shehatah
Network Security Engineer
Abdullah ShehatahNetwork Security Engineer
jintrah_FTNT

Ok, this can be easily setup using protected hostname definitions where only FQDNs are to be defined, please see https://help.fortinet.com/fweb/571/Content/FortiWeb/fortiweb-admin/define_protected_host.htm

 

Best regards,

Jin

AbdoSoft1

Unfortunatly this is not working

Abdullah Shehatah
Network Security Engineer
Abdullah ShehatahNetwork Security Engineer
jintrah_FTNT

It means configuration for protected hostnames is not blocking the access with IP address as hostname. Hope fqdn hostnames were added with action allow. I guess we should also define the hostname IP address and add it to the list but with action deny. Afterwards apply the same through server policy.

 

best regards,

Jin

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors