config security waf action
Use this command to configure web application firewall (WAF) actions. A WAF action is referenced by the WAF policies to define which action will be taken when policies detected attacks.
In many cases, you can use predefined profiles to get started.
Predefined actions |
Description |
---|---|
alert |
WAF policies will only leave a log and didn’t touch the attack traffic |
block |
WAF policies will leave a log, drop current attack session by HTTP 403 message and block attacker (according the attacker’s IP address) for 1 hour |
deny |
WAF policies will leave a log, drop current attack session by HTTP 403 message |
silent-deny
|
WAF policies will drop current attack session by HTTP 403 message, without a log |
The configurations for these actions are shown in the examples that follow. If desired, you can create user-defined actions.
Before you begin:
- Usually, predefined actions are enough for normal usage, and most predefined WAF policies reference the predefined actions. After your define your own action, you must specify it in your WAF policies to let it take effect.
- You must have read-write permission for security settings.
Syntax
config security waf action edit <name>
set type (deny|pass|period-block|redirect|captcha)
set log (enable|disable)
set deny-code (200|202|204|205|400|403|404|405|406|408|410|500|501|502|503|504)
set block-period <1-3600>
set redirect-url <string>
set comment <string>
next
end
type |
Specify action type from the following:
|
log |
Specify if action needs to enable or disable record logs. |
deny-code |
Specify HTTP error message code when action drops the current session. |
block-period |
Specify a time period when action blocks the client. Range from 1- 3600 seconds. |
redirect-url |
Specify a URL when action performs a HTTP redirect; type must set to redirect. |
Example
FortiADC-docs # get security waf action
== [ alert ]
== [ deny ]
== [ block ]
== [ silent-deny ]
FortiADC-docs # get security waf action alert
type : pass
log : enable
comment :
FortiADC-docs # get security waf action deny
type : deny
log : enable
deny-code : 403
comment :
FortiADC-docs # get security waf action block
type : period-block
log : enable
deny-code : 403
block-period : 3600
comment :
FortiADC-docs # get security waf action silent-deny
type : deny
log : disable
deny-code : 403
comment :
FortiADC-docs # config security waf action
FortiADC-docs (action) # edit eval
FortiADC-docs (eval) # get
type : deny
log : enable
deny-code : 403
comment : comments
FortiADC-docs (eval) # set type period-block
FortiADC-docs (eval) # set deny-code 200
FortiADC-docs (eval) # set block-period 30
FortiADC-docs (eval) # set log disable
FortiADC-docs (eval) # end