Fortinet black logo

CLI Reference

config security waf allowed-origin

config security waf allowed-origin

Use this command to configure the Allowed Origin List for Cross-Origin Resource Sharing (CORS) Protection.

The Allowed Origin List specifies the allowed domains using the HTTP response header. The header can contain either a * to indicate that all domains are allowed OR a specified domain to indicate the specified allowed domain.

The CORS Protection configuration requires Allowed Origin to function correctly. If the Allowed Origin List is not applied, the CORS Protection would not work as the empty list would not match the condition.

Syntax

config security waf allowed-origin

edit <name>

config allowed-origin-list

edit <name>

set protocol {HTTP|HTTPS|ANY}

set origin-name <string>

set port <integer>

set include-sub-domains {enable|disable}

next

end

next

end

protocol

Specify which type of protocols are allowed for the connections between foreign applications and your application.

  • HTTP

  • HTTPS

  • ANY

The default is HTTP.

origin-name

Enter the foreign application's domain name or IP address.

Wildcards are supported. (Range: 1-128 characters).

port Specify the TCP port number for the CORS connections. (Range: 0-65535; default: 80).
include-sub-domains

Enable/disable to allow/disallow the Origin Value to match with the domains of its sub level.

This is disabled by default.

Example

config security waf allowed-origin

edit "1"

config allowed-origin-list

edit 1

set protocol ANY

set origin-name *

set port 0

set include-sub-domains enable

next

end

next

end

config security waf allowed-origin

Use this command to configure the Allowed Origin List for Cross-Origin Resource Sharing (CORS) Protection.

The Allowed Origin List specifies the allowed domains using the HTTP response header. The header can contain either a * to indicate that all domains are allowed OR a specified domain to indicate the specified allowed domain.

The CORS Protection configuration requires Allowed Origin to function correctly. If the Allowed Origin List is not applied, the CORS Protection would not work as the empty list would not match the condition.

Syntax

config security waf allowed-origin

edit <name>

config allowed-origin-list

edit <name>

set protocol {HTTP|HTTPS|ANY}

set origin-name <string>

set port <integer>

set include-sub-domains {enable|disable}

next

end

next

end

protocol

Specify which type of protocols are allowed for the connections between foreign applications and your application.

  • HTTP

  • HTTPS

  • ANY

The default is HTTP.

origin-name

Enter the foreign application's domain name or IP address.

Wildcards are supported. (Range: 1-128 characters).

port Specify the TCP port number for the CORS connections. (Range: 0-65535; default: 80).
include-sub-domains

Enable/disable to allow/disallow the Origin Value to match with the domains of its sub level.

This is disabled by default.

Example

config security waf allowed-origin

edit "1"

config allowed-origin-list

edit 1

set protocol ANY

set origin-name *

set port 0

set include-sub-domains enable

next

end

next

end