Hello everyone, I wanted to share an odd issue we're encountering while
using Let's Encrypt certificates (TLS-ALPN challenge) with FortiWeb.
We're running FortiWeb 7.2.10 in a HA active-passive configuration, set
up as a reverse proxy. The setup invo...
Hello guys. I'm trying to use an openapi doc to validate all the web api
calls made to one of our web apps. I've already uploaded the openapi doc
and set everything up. However, there's an issue: it seems like FWB
can't handle array parameters passed...
Hello guys. Quick question: is there a way to completely bypass
#Fortiweb (7.2.10) for specific URL request? For instance, suppose we
have a web site with a config that looks something like this (this
config inherits a default web protection profile ...
Hello guys, Even though I'm still not sure on how FortiWeb supports
chunked encoding, I'm hoping that someone can help me understand the
faq's content on this topic, specificaly on the behavior form 7.0.2
onwards. The doc starts by saying the followi...
Hello guys. We have a couple of HTTP 1.1 web sites which sit behind our
FortiWeb and we're having some issues with the chunked transfer encoding
configuration. We're trying to follow the fortiweb troubleshooting guide
instructions on the topicHow doe...
Hello again. Just to let you know that this behavior (buffered content
not being totally delivered when the chunk module is active) is a bug
and should be fixed on the next release.
Hello again. Just to mention that the docs are wrong (hoping they will
eventually get fixed). Fortiweb will always delay the packages until it
gets all of the chunks from the server so that it can scan the response.
Since there's currently no way to ...
Hello again. After opening a ticket, it seems like there's no way to
exempt the response from being scanned. This is cleary a missing feature
which I'd love to see in a future release (after all, there's an option
to exempt the request from same scan...
Hello guys. After all, it wasn't an issue related with the array
parameters passed through query string. The problem was that the API had
2 routes (/api/pedidosassistencias/{id} and
/api/pedidosassistencias/pesquisa) and the validation helper was pic...