Hi All, Sometimes small simple checks, or boobytraps as I like to call
them, can have big results. I am sure there are all kind of smart people
here that do smart things to protect the websites behind the WAF. With
the FortiWeb as the Swiss Army Knii...
I noticed for a certain Server Policy the Information Disclosure didn't
strip the server information.After some troubleshooting I discovered
that I used an URL Access Rule, URL Type Simple String, URL Pattern:
"/*"When i changed it to URL Pattern "/"...
You dont need to use Content Routing to reuse policies, although I like
them more and more and use them now whenever i can. With content routing
you can use different Web Protection Profiles per Content Routing Policy
(as in version 5.7 for sure), or...
