Fortinet black logo

CLI Reference

config security waf exception

config security waf exception

Use this command to create exception configuration objects. An exception configuration object defines hosts or URLs that should not be processed by the WAF rule.

Before you begin:

  • You must have read-write permission for security settings.

After you have created exception objects, you can specify them in the WAF profile configuration or the WAF feature configurations. You can specify an exception per signature rule, per method rule, per response rule, per URL access rule, per file extension rule, per SQL injection rule, and per XSS injection rule.

Syntax

config security waf exception

edit <name>

config exception-rule

edit <No.>

set host-status {enable|disable}

set host-pattern <host-pattern>

set url-pattern <url-pattern>

next

end

next

end

host-status

Enable/disable setting exceptions by host pattern.

host-pattern

Matching string. Regular expressions are supported. For example, you can specify www.example.com, *.example.com, or www.example.* to match a literal host pattern or a wildcard host pattern.

url-pattern

Matching string. Must begin with a URL path separator (/). Regular expressions are supported. For example, you can specify pathnames and files with expressions like \/admin, .*\/data\/1.html, or \/data.*.

Example

FortiADC-docs # config security waf exception

FortiADC-docs (exception) # edit exception-group

Add new entry 'exception-group' for node 3200

FortiADC-docs (exception-group) # config exception-rule

FortiADC-docs (exception-rule) # edit 1

Add new entry '1' for node 3202

FortiADC-docs (1) # set host-status enable

FortiADC-docs (1) # set host-pattern example.com

FortiADC-docs (1) # set url-pattern /1.index

FortiADC-docs (1) # end

FortiADC-docs (exception-group) # end

config security waf exception

Use this command to create exception configuration objects. An exception configuration object defines hosts or URLs that should not be processed by the WAF rule.

Before you begin:

  • You must have read-write permission for security settings.

After you have created exception objects, you can specify them in the WAF profile configuration or the WAF feature configurations. You can specify an exception per signature rule, per method rule, per response rule, per URL access rule, per file extension rule, per SQL injection rule, and per XSS injection rule.

Syntax

config security waf exception

edit <name>

config exception-rule

edit <No.>

set host-status {enable|disable}

set host-pattern <host-pattern>

set url-pattern <url-pattern>

next

end

next

end

host-status

Enable/disable setting exceptions by host pattern.

host-pattern

Matching string. Regular expressions are supported. For example, you can specify www.example.com, *.example.com, or www.example.* to match a literal host pattern or a wildcard host pattern.

url-pattern

Matching string. Must begin with a URL path separator (/). Regular expressions are supported. For example, you can specify pathnames and files with expressions like \/admin, .*\/data\/1.html, or \/data.*.

Example

FortiADC-docs # config security waf exception

FortiADC-docs (exception) # edit exception-group

Add new entry 'exception-group' for node 3200

FortiADC-docs (exception-group) # config exception-rule

FortiADC-docs (exception-rule) # edit 1

Add new entry '1' for node 3202

FortiADC-docs (1) # set host-status enable

FortiADC-docs (1) # set host-pattern example.com

FortiADC-docs (1) # set url-pattern /1.index

FortiADC-docs (1) # end

FortiADC-docs (exception-group) # end