Lucene search

K
fortinetFortiGuard LabsFG-IR-18-058
HistoryAug 23, 2018 - 12:00 a.m.

FortiWeb Recursive URL Decoding is not enabled by default

2018-08-2300:00:00
FortiGuard Labs
www.fortiguard.com
18

FortiWeb’s “Recursive URL Decoding” feature can detect URL-based attacks (among which XSS and SQL injection attempts) even when the malicious URL is recursively encoded. However, this feature is not enabled by default in FortiWeb’s system settings for FortiWeb version 6.0.0 and below.