Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config security waf bot-detection

Use this command to configure bot detection policies. Bot detection policies use heuristics to detect client traffic likely to be generated by robots instead of genuine clients. You can use predefined blacklists and whitelists to get started. You can use the user-specified whitelist table to fine-tune detection.

Before you begin:

  • You must have read-write permission for security settings.

After you have created a bot detection policy, you can specify it in a WAF profile configuration.

Syntax

config security waf bot-detection

edit <name>

set status {enable|disable}

set bad-robot {enable|disable}

set search-engine-crawler {enable|disable}

set search-engine list [Ask|Baidu|Bing|DuckDuckGo|Google|Sogou|Yahoo|Yandex ]

set action {datasource}

set http-request-rate <integer>

set severity {high|low|medium}

config whitelist

edit <No.>

set cookie-name-pattern <string>

set ip <subnet>

set url-pattern <string>

set url-parameter-name-pattern <string>

set user-agent-pattern <string>

next

end

next

end

status

Enable/disable bot detection.

bad-robot

Enable/disable the predefined bad robot blacklist.

search-engine-crawler

Enable/disable the predefined search engine spider whitelist.

search-engine-list

Set list of search engines. Default value is all search engines.

action

Specify a WAF action object.

http-request-rate

The default is 0 (off). The valid range is 0-100,000,000 requests per second.

severity

  • high
  • medium
  • low
config whitelist

cookie-name-pattern

Matching string. Regular expressions are supported.

ip

Matching subnet (CIDR format).

url-pattern

Matching string. Regular expressions are supported.

url-parameter-name-pattern

Matching string. Regular expressions are supported.

user-agent-pattern

Matching string. Regular expressions are supported.

Example

ADC-3 (root) # config security waf bot-detection

ADC-3 (bot-detection) # edit waf-bot-detection-policy

ADC-3 (waf-bot-detect~y) # get

status : disable

ADC-3 (waf-bot-detect~y) # set status enable

ADC-3 (waf-bot-detect~y) # get

status : enable

search-engine-crawler : enable

search-engine-list : Bing Google Yahoo

bad-robot : enable

http-request-rate : 0

action :

severity : low

ADC-3 (waf-bot-detect~y) # config whitelist

ADC-3 (whitelist) # edit 1

ADC-3 (1) # get

ip : 0.0.0.0/0

url-pattern :

url-parameter-name-pattern :

user-agent-pattern :

cookie-name-pattern :

ADC-3 (1) # set ip 10.1.1.0/24

ADC-3 (1) # end

ADC-3 (waf-bot-detect~y) # end

config security waf bot-detection

Use this command to configure bot detection policies. Bot detection policies use heuristics to detect client traffic likely to be generated by robots instead of genuine clients. You can use predefined blacklists and whitelists to get started. You can use the user-specified whitelist table to fine-tune detection.

Before you begin:

  • You must have read-write permission for security settings.

After you have created a bot detection policy, you can specify it in a WAF profile configuration.

Syntax

config security waf bot-detection

edit <name>

set status {enable|disable}

set bad-robot {enable|disable}

set search-engine-crawler {enable|disable}

set search-engine list [Ask|Baidu|Bing|DuckDuckGo|Google|Sogou|Yahoo|Yandex ]

set action {datasource}

set http-request-rate <integer>

set severity {high|low|medium}

config whitelist

edit <No.>

set cookie-name-pattern <string>

set ip <subnet>

set url-pattern <string>

set url-parameter-name-pattern <string>

set user-agent-pattern <string>

next

end

next

end

status

Enable/disable bot detection.

bad-robot

Enable/disable the predefined bad robot blacklist.

search-engine-crawler

Enable/disable the predefined search engine spider whitelist.

search-engine-list

Set list of search engines. Default value is all search engines.

action

Specify a WAF action object.

http-request-rate

The default is 0 (off). The valid range is 0-100,000,000 requests per second.

severity

  • high
  • medium
  • low
config whitelist

cookie-name-pattern

Matching string. Regular expressions are supported.

ip

Matching subnet (CIDR format).

url-pattern

Matching string. Regular expressions are supported.

url-parameter-name-pattern

Matching string. Regular expressions are supported.

user-agent-pattern

Matching string. Regular expressions are supported.

Example

ADC-3 (root) # config security waf bot-detection

ADC-3 (bot-detection) # edit waf-bot-detection-policy

ADC-3 (waf-bot-detect~y) # get

status : disable

ADC-3 (waf-bot-detect~y) # set status enable

ADC-3 (waf-bot-detect~y) # get

status : enable

search-engine-crawler : enable

search-engine-list : Bing Google Yahoo

bad-robot : enable

http-request-rate : 0

action :

severity : low

ADC-3 (waf-bot-detect~y) # config whitelist

ADC-3 (whitelist) # edit 1

ADC-3 (1) # get

ip : 0.0.0.0/0

url-pattern :

url-parameter-name-pattern :

user-agent-pattern :

cookie-name-pattern :

ADC-3 (1) # set ip 10.1.1.0/24

ADC-3 (1) # end

ADC-3 (waf-bot-detect~y) # end