Fortiguard Web Filtering Options - Fortinet FortiGate Series Administration Manual

Firewall Protection Profile
Character sets and Web content filtering, Email filtering banned word,
and DLP scanning

FortiGuard Web Filtering options

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
HTTP POST Action
Normal
Block
Comfort
Blocked pages are replaced with a message indicating that the page is not accessible
according to the Internet usage policy. To configure replacement messages, go to
System > Config > Replacement Messages.
For more information on web filter configuration options, see
For details on how web URL filter lists are used with HTTP and HTTPS URLs, see
formats" on page 558.
The FortiGate unit converts HTTP, HTTPS, and email content to the UTF-8 character set
before applying email filtering banned word checking, web filtering and DLP content
scanning as specified in the protection profile.
For email messages, while parsing the MIME content, the FortiGate unit converts the
content to UTF-8 encoding according to the email message charset field before applying
Email filtering banned word checking and DLP scanning.
For HTTP get pages, the FortiGate unit converts the content to UTF-8 encoding according
to the character set specified for the page before applying web content filtering and DLP
scanning.
For HTTP post pages, because character sets are not always accurately indicated in
HTTP posts, you can use the following CLI command to specify up to five character set
encodings.
config firewall profile
edit <profile_name>
set http-post-lang <charset1> [<charset2> ... <charset5>]
end
The FortiGate unit performs a forced conversion of HTTP post pages to UTF-8 for each
specified character set. After each conversion the FortiGate unit applies web content
filtering and DLP scanning to the content of the converted page.
Caution: Specifying multiple character sets reduces web filtering and DLP performance.
To view the list of available character sets, enter set http-post-lang ? from within
the edit shell for the protection profile. Separate multiple character set names with a
space. You can add up to 5 character set names.
You can enable and apply FortiGuard Web Filtering options using a protection profile.
Select the action to take with HTTP POST traffic.
Do not affect HTTP POST traffic.
Block HTTP POST requests. When the post request is blocked the
FortiGate unit sends a web page to the user's web browser instead of
the requested POST page. You can configure the content of this web
page by going to from System > Config > Replacement Message by
customizing the HTTP > POST message.
Use the comfort amount and interval settings to send "comfort" bytes
to the server in case the client connection is too slow. Select this
option to prevent a server timeout when scanning or other filtering tool
is turned on.
Configuring a protection profile
"Web Filter" on page 549.
"URL
495