Serving information's behind FortiGate's, I thought about why not actually leveraging Web Filters on my HTTP/HTTPS access granting policies. This in order to enforce possible requests toward a single domain name uniquely.
It turns out that denying access based on Reverse Web Filtering wasn't really suitable to my requirements, it works fine but this wasn't exactly how I'd wanted to control availability. Hence, I'm relying on IPS & Application Control in order to make sure that the requests are geared towards the allowed resource and this in due form, so by the time the traffic reaches the Web Filtering module, it's been already validated and most probably harmless.
Above, a view from the FortiOS UTM/NGFW packet flow: proxy-based inspection flow chart. All the FortiOS inspections flow charts according to your current settings can be found here.
Nevertheless, leaving that Web Filtering profile, or Reverse Web Filtering in this case, in place gives me a good amount of insights over the incoming traffic.
Here is a view from my settings:
I'm only allowing a wildcard to my domain here as a URL Filter, so nothing magical really.. Although and that's the good part of it, you'll have access logs of everything that passed this Web Filtering profile.
As you can see above, you can gather nice information like Referrer URI amongst others things. You could depending on your settings, see for example malicious requests toward your backend Web Servers or unexpected ways/FQDN requests getting through.
That was it for that one.
Cheers,
Obuno
Image credit; https://robertsspaceindustries.com/star-citizen