From 1f60dfc835c119777b56089697a286e83c0dab9f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 16 Oct 2017 11:42:11 +0200
Subject: [PATCH] Minor patch for WAF mechanism

---
 lib/controller/checks.py | 3 +++
 waf/fortiweb.py          | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 349c37342..12c89d212 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1382,6 +1382,9 @@ def identifyWaf():
     retVal = []
 
     for function, product in kb.wafFunctions:
+        if retVal and "unknown" in product.lower():
+            continue
+
         try:
             logger.debug("checking for WAF/IPS/IDS product '%s'" % product)
             found = function(_)
diff --git a/waf/fortiweb.py b/waf/fortiweb.py
index 13f2ff88e..099310a93 100644
--- a/waf/fortiweb.py
+++ b/waf/fortiweb.py
@@ -16,8 +16,9 @@ def detect(get_page):
     retval = False
 
     for vector in WAF_ATTACK_VECTORS:
-        _, headers, _ = get_page(get=vector)
+        page, headers, _ = get_page(get=vector)
         retval = re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
+        retval |= all(_ in (page or "") for _ in (".fgd_icon", ".blocked", ".authenticate"))
         if retval:
             break