FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
jintrah_FTNT
Staff
Staff
Article Id 193372
Description
This article describes how to use FortiWeb advanced protection rules and policies to restrict access to web applications from certain browsers or block unknown browsers/user-agents.

Solution
In FortiWeb restrict browsers by:
- Creating FortiWeb custom rules and policies to detect browsers based on http header 'User-Agent'. 
- Add the custom policies protection profiles

In the FortiWeb GUI Create custom policy
- Web Protection -> Advanced Protection -> Custom Policy.
This example prevents access to application from Firefox browser.




Note:  If 'Header Value Reverse Match' is turned ON, then access to application is only allowed from Firefox browsers.

CLI Config:

config waf custom-access rule
 edit "Block_UserAgent"
    set action alert_deny
    set severity Low
    config  http-header-filter
      edit 1
        set predefined-header user-agent
        set header-value Firefox
        set pre-header-type regular
      next
    end
 next
end

Contributors