Fortinet black logo

CLI Reference

config security waf url-protection

config security waf url-protection

Use this command to configure URL protection policies. URL protection policies can filter HTTP requests that match specific character strings and file extensions.

Before you begin:

  • You must have read-write permission for security settings.

After you have created a URL protection policy, you can specify it in a WAF profile configuration.

Syntax

config security waf url-protection

edit <name>

set exception <datasource>

config url-access-rule

edit <No.>

set exception <datasource>

set action {datasource}

set severity {high|medium|low}

set url-pattern <url-pattern>

next

end

config file-extension-rule

edit <No.>

set exception <datasource>

set action {datasource}

set severity {high|medium|low}

set file-extension-pattern <file-extension-pattern>

next

end

next

end

exception

Specify an exception configuration object.

action

Specify a WAF action object.

severity

  • high
  • medium
  • low

url-pattern

Matching string. Regular expressions are supported.

file-extension-pattern

Matching string. Regular expressions are supported.

Example

FortiADC-docs # config security waf url-protection

FortiADC-docs (url-protection) # edit url-policy

Add new entry 'url-policy' for node 3050

FortiADC-docs (url-policy) # config url-access-rule

FortiADC-docs (url-access-rule) # edit 1

Add new entry '1' for node 3052

FortiADC-docs (1) # get

url-pattern :

action : alert

severity : low

exception :

FortiADC-docs (1) # set url-pattern tmp

FortiADC-docs (1) # end

FortiADC-docs (url-policy) # config file-extension-rule

FortiADC-docs (file-extension~r) # edit 1

Add new entry '1' for node 3057

FortiADC-docs (1) # get

file-extension-pattern :

action : alert

severity : low

exception :

FortiADC-docs (1) # set file-extension-pattern tmp

FortiADC-docs (1) # end

FortiADC-docs (url-policy) # end

config security waf url-protection

Use this command to configure URL protection policies. URL protection policies can filter HTTP requests that match specific character strings and file extensions.

Before you begin:

  • You must have read-write permission for security settings.

After you have created a URL protection policy, you can specify it in a WAF profile configuration.

Syntax

config security waf url-protection

edit <name>

set exception <datasource>

config url-access-rule

edit <No.>

set exception <datasource>

set action {datasource}

set severity {high|medium|low}

set url-pattern <url-pattern>

next

end

config file-extension-rule

edit <No.>

set exception <datasource>

set action {datasource}

set severity {high|medium|low}

set file-extension-pattern <file-extension-pattern>

next

end

next

end

exception

Specify an exception configuration object.

action

Specify a WAF action object.

severity

  • high
  • medium
  • low

url-pattern

Matching string. Regular expressions are supported.

file-extension-pattern

Matching string. Regular expressions are supported.

Example

FortiADC-docs # config security waf url-protection

FortiADC-docs (url-protection) # edit url-policy

Add new entry 'url-policy' for node 3050

FortiADC-docs (url-policy) # config url-access-rule

FortiADC-docs (url-access-rule) # edit 1

Add new entry '1' for node 3052

FortiADC-docs (1) # get

url-pattern :

action : alert

severity : low

exception :

FortiADC-docs (1) # set url-pattern tmp

FortiADC-docs (1) # end

FortiADC-docs (url-policy) # config file-extension-rule

FortiADC-docs (file-extension~r) # edit 1

Add new entry '1' for node 3057

FortiADC-docs (1) # get

file-extension-pattern :

action : alert

severity : low

exception :

FortiADC-docs (1) # set file-extension-pattern tmp

FortiADC-docs (1) # end

FortiADC-docs (url-policy) # end