Hello guys. Quick question: is there a way to completely bypass
#Fortiweb (7.2.10) for specific URL request? For instance, suppose we
have a web site with a config that looks something like this (this
config inherits a default web protection profile ...
Hello guys, Even though I'm still not sure on how FortiWeb supports
chunked encoding, I'm hoping that someone can help me understand the
faq's content on this topic, specificaly on the behavior form 7.0.2
onwards. The doc starts by saying the followi...
Hello guys. We have a couple of HTTP 1.1 web sites which sit behind our
FortiWeb and we're having some issues with the chunked transfer encoding
configuration. We're trying to follow the fortiweb troubleshooting guide
instructions on the topicHow doe...
Hello guys. Quick question about fortiweb: can it interpret any script
flavor? I've read somewhere that FortiManager supports TCL scripting,
but haven't found anything related with FortiWeb. So, if I need to
recreate lots of similar objects (ex.: sim...
Hello guys. I'm taking a look at how to create custom datasets and I'm
trying to understand what's the purpose of the variable section.
Initially, I thought it could be used for filtering data, but it seems
like I don't need them to filter data in th...
Hello again @Anthony_E . I've just noticed that the link you've sent is
for FortiGate and the question is about FortiWeb
(https://community.fortinet.com/t5/FortiWeb/tkb-p/TKB34).
Hello Anthony.I believe we haven't tried that. We've tried several
combinations (ex:. applying an empty web protection profile, adding urls
to the allow list, etc), but nothing seemed to work.The issue we're
facing is that #Fortiweb will always "buff...
Hello again. Once more, thanks for your reply. @sjoshi wrote:From
version 7.0.2 onwards, FortiWeb's behavior with chunked encoding
involves decoding and reassembling the chunked response, applying the
WAF modules' operations to the assembled message,...
Hello. Thanks for your answer. We've narrowed the issue down to one of
the signature collections (known exploits and trojans) applied to the
Web Protection Profile that the site is using, but we're still not sure
on what going on. Let me give you som...
Hello again. If I'm wrong, please correct me. From my tests, it seems
like variables are useful for those scenarios where you need to have an
expression that needs to be applied to a column before applying it on a
filter (ie, instead of comparing dir...
