Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AbdoSoft1
New Contributor

Created on ‎10-04-2022 01:39 AM

Prevent web application access using real IP address FortiWeb

Hello everyone,

hoping all is well with you , I am using FortiWeb to protect about 10 web servers on my network , I am using subdomain from my domain from Godaddy like ( abc.xyz.com ) and assign NATed real IP to the subdomain so users can use this subdomain to access the web applications that protected by FortiWeb, but if a user use the real IP the web application works fine but I need to prevent using Real IP I need block this , I need users to use only my subdomains , because there are many Bot scanners try to attack my web applications and using Real IP at the column ( HTTP Host )

WAF.png

Abdullah Shehatah
Network Security Engineer
Abdullah ShehatahNetwork Security Engineer
Labels:
1963
0 Kudos
8 REPLIES 8
jintrah_FTNT
Staff
Staff

Created on ‎10-04-2022 01:54 AM

hi,

Could you mention the mode of deployment? Is it not reverse proxy?

 

Best regards,

Jin

1960
0 Kudos
AbdoSoft1
New Contributor
In response to jintrah_FTNT

Created on ‎10-04-2022 02:34 AM

Reverse Proxy Mode

Abdullah Shehatah
Network Security Engineer
Abdullah ShehatahNetwork Security Engineer
1956
0 Kudos
jintrah_FTNT
Staff
Staff
In response to AbdoSoft1

Created on ‎10-04-2022 03:34 AM

So by default, traffic cannot go through directly to a real server via FortiWeb but through a VIP. Did you change any other settings?

 

best regards,

Jin

1953
0 Kudos
jintrah_FTNT
Staff
Staff
In response to jintrah_FTNT

Created on ‎10-04-2022 04:09 AM

Or are you trying to prevent access by users using the vip/virtual server IP address? But instead access should only occur by means of a FQDN/hostname?

 

Best regards,

Jin

1948
0 Kudos
AbdoSoft1
New Contributor
In response to jintrah_FTNT

Created on ‎10-04-2022 05:07 AM

exactly access should only occur by means of a FQDN/hostname

Abdullah Shehatah
Network Security Engineer
Abdullah ShehatahNetwork Security Engineer
1937
0 Kudos
jintrah_FTNT
Staff
Staff
In response to AbdoSoft1

Created on ‎10-04-2022 05:56 AM

Ok, this can be easily setup using protected hostname definitions where only FQDNs are to be defined, please see https://help.fortinet.com/fweb/571/Content/FortiWeb/fortiweb-admin/define_protected_host.htm

 

Best regards,

Jin

1934
0 Kudos
AbdoSoft1
New Contributor
In response to jintrah_FTNT

Created on ‎10-10-2022 07:25 AM

Unfortunatly this is not working

Abdullah Shehatah
Network Security Engineer
Abdullah ShehatahNetwork Security Engineer
1919
0 Kudos
jintrah_FTNT
Staff
Staff
In response to AbdoSoft1

Created on ‎10-10-2022 11:21 PM

It means configuration for protected hostnames is not blocking the access with IP address as hostname. Hope fqdn hostnames were added with action allow. I guess we should also define the hostname IP address and add it to the list but with action deny. Afterwards apply the same through server policy.

 

best regards,

Jin

1914
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.