Fortinet black logo

CLI Reference

config security waf action

config security waf action

Use this command to configure web application firewall (WAF) actions. A WAF action is referenced by the WAF policies to define which action will be taken when policies detected attacks.

In many cases, you can use predefined profiles to get started.

Predefined actions

Description

alert

WAF policies will only leave a log and didn’t touch the attack traffic

block

WAF policies will leave a log, drop current attack session by HTTP 403 message and block attacker (according the attacker’s IP address) for 1 hour

deny

WAF policies will leave a log, drop current attack session by HTTP 403 message

silent-deny

WAF policies will drop current attack session by HTTP 403 message, without a log

The configurations for these actions are shown in the examples that follow. If desired, you can create user-defined actions.

Before you begin:

  • Usually, predefined actions are enough for normal usage, and most predefined WAF policies reference the predefined actions. After your define your own action, you must specify it in your WAF policies to let it take effect.
  • You must have read-write permission for security settings.

Syntax

config security waf action edit <name>

set type (deny|pass|period-block|redirect|captcha)

set log (enable|disable)

set deny-code (200|202|204|205|400|403|404|405|406|408|410|500|501|502|503|504)

set block-period <1-3600>

set redirect-url <string>

set comment <string>

next

end

type

Specify action type from the following:

  • deny—This will drop the current session by a HTTP error message.
  • pass— This won’t touch the current session.
  • period-block— This will drop the current session by a HTTP error message and block client for a period.
  • redirect— This will drop the current session by a HTTP 302 redirect message and let client redirect to another URL.
  • captcha

log

Specify if action needs to enable or disable record logs.

deny-code

Specify HTTP error message code when action drops the current session.

block-period

Specify a time period when action blocks the client. Range from 1- 3600 seconds.

redirect-url

Specify a URL when action performs a HTTP redirect; type must set to redirect.

Example

FortiADC-docs # get security waf action

== [ alert ]

== [ deny ]

== [ block ]

== [ silent-deny ]

FortiADC-docs # get security waf action alert

type : pass

log : enable

comment :

FortiADC-docs # get security waf action deny

type : deny

log : enable

deny-code : 403

comment :

FortiADC-docs # get security waf action block

type : period-block

log : enable

deny-code : 403

block-period : 3600

comment :

FortiADC-docs # get security waf action silent-deny

type : deny

log : disable

deny-code : 403

comment :

FortiADC-docs # config security waf action

FortiADC-docs (action) # edit eval

FortiADC-docs (eval) # get

type : deny

log : enable

deny-code : 403

comment : comments

FortiADC-docs (eval) # set type period-block

FortiADC-docs (eval) # set deny-code 200

FortiADC-docs (eval) # set block-period 30

FortiADC-docs (eval) # set log disable

FortiADC-docs (eval) # end

config security waf action

config security waf action

Use this command to configure web application firewall (WAF) actions. A WAF action is referenced by the WAF policies to define which action will be taken when policies detected attacks.

In many cases, you can use predefined profiles to get started.

Predefined actions

Description

alert

WAF policies will only leave a log and didn’t touch the attack traffic

block

WAF policies will leave a log, drop current attack session by HTTP 403 message and block attacker (according the attacker’s IP address) for 1 hour

deny

WAF policies will leave a log, drop current attack session by HTTP 403 message

silent-deny

WAF policies will drop current attack session by HTTP 403 message, without a log

The configurations for these actions are shown in the examples that follow. If desired, you can create user-defined actions.

Before you begin:

  • Usually, predefined actions are enough for normal usage, and most predefined WAF policies reference the predefined actions. After your define your own action, you must specify it in your WAF policies to let it take effect.
  • You must have read-write permission for security settings.

Syntax

config security waf action edit <name>

set type (deny|pass|period-block|redirect|captcha)

set log (enable|disable)

set deny-code (200|202|204|205|400|403|404|405|406|408|410|500|501|502|503|504)

set block-period <1-3600>

set redirect-url <string>

set comment <string>

next

end

type

Specify action type from the following:

  • deny—This will drop the current session by a HTTP error message.
  • pass— This won’t touch the current session.
  • period-block— This will drop the current session by a HTTP error message and block client for a period.
  • redirect— This will drop the current session by a HTTP 302 redirect message and let client redirect to another URL.
  • captcha

log

Specify if action needs to enable or disable record logs.

deny-code

Specify HTTP error message code when action drops the current session.

block-period

Specify a time period when action blocks the client. Range from 1- 3600 seconds.

redirect-url

Specify a URL when action performs a HTTP redirect; type must set to redirect.

Example

FortiADC-docs # get security waf action

== [ alert ]

== [ deny ]

== [ block ]

== [ silent-deny ]

FortiADC-docs # get security waf action alert

type : pass

log : enable

comment :

FortiADC-docs # get security waf action deny

type : deny

log : enable

deny-code : 403

comment :

FortiADC-docs # get security waf action block

type : period-block

log : enable

deny-code : 403

block-period : 3600

comment :

FortiADC-docs # get security waf action silent-deny

type : deny

log : disable

deny-code : 403

comment :

FortiADC-docs # config security waf action

FortiADC-docs (action) # edit eval

FortiADC-docs (eval) # get

type : deny

log : enable

deny-code : 403

comment : comments

FortiADC-docs (eval) # set type period-block

FortiADC-docs (eval) # set deny-code 200

FortiADC-docs (eval) # set block-period 30

FortiADC-docs (eval) # set log disable

FortiADC-docs (eval) # end