Fortinet black logo

Handbook

Configuring WAF Action objects

Configuring WAF Action objects

Configure what action FortiADC should take when it meets the WAF conditions.

After you have created an action object, you can specify it in individual WAF feature rules.

Before you begin:

  • You must have Read-Write permission for Security settings.

In many cases, you can use predefined profiles to get started.

Predefined actions

Description

alert

WAF policies will allow the traffic to pass and log the event.

block

WAF policies will drop the current attack session by HTTP 403 message and block the attacker (according the attacker’s IP address) for 1 hour, and log the event.

captcha

WAF policies will allow the traffic to pass if the client successfully fulfills the CAPTCHA request, and log the event.

deny

WAF policies will the drop current attack session by HTTP 403 message, and log the event.

silent-deny

WAF policies will drop the current attack session by HTTP 403 message, without logging the event.

To configure a WAF Action object:

1. Go to Web Application Firewall > WAF Profile.

2. Click the Action tab.

3. Click Create New to display the configuration editor.

4. Complete the configuration of WAF Action objects.

5. Save the configuration.

Settings Guidelines
Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

Action Type

Select which action FortiADC takes when the conditions are fulfilled for WAF:

  • Pass — Allow the request.

  • Deny — Block the request.

  • Period Block — Deny all the HTTP requests from a source IP within a period which specified by Period Block.

  • Redirect — Send a redirect. You must specify the redirect URL.

  • Captcha — Requires the client to successfully fulfill the CAPTCHA request.

Deny Code

The Deny Code option is available if the Action Type is Deny or Period Block.

Select the HTTP response code, Default: 403.

200, 202, 204, 205, 400, 403, 404, 405, 406, 408, 410, 500, 501, 502, 503, 504

Period Block

The Period Block option is available if the Action Type is Period Block.

Specify a time period when action blocks the client. Default: 60 seconds, Range: 1- 3600 seconds.

Redirect URL

The Redirect URL option is available if the Action Type is Redirect.

Specify the URL that you want to redirect.

Log Status Enable/Disable log of events
Comment Enter comment or description of the action for your records.

Configuring WAF Action objects

Configure what action FortiADC should take when it meets the WAF conditions.

After you have created an action object, you can specify it in individual WAF feature rules.

Before you begin:

  • You must have Read-Write permission for Security settings.

In many cases, you can use predefined profiles to get started.

Predefined actions

Description

alert

WAF policies will allow the traffic to pass and log the event.

block

WAF policies will drop the current attack session by HTTP 403 message and block the attacker (according the attacker’s IP address) for 1 hour, and log the event.

captcha

WAF policies will allow the traffic to pass if the client successfully fulfills the CAPTCHA request, and log the event.

deny

WAF policies will the drop current attack session by HTTP 403 message, and log the event.

silent-deny

WAF policies will drop the current attack session by HTTP 403 message, without logging the event.

To configure a WAF Action object:

1. Go to Web Application Firewall > WAF Profile.

2. Click the Action tab.

3. Click Create New to display the configuration editor.

4. Complete the configuration of WAF Action objects.

5. Save the configuration.

Settings Guidelines
Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

Action Type

Select which action FortiADC takes when the conditions are fulfilled for WAF:

  • Pass — Allow the request.

  • Deny — Block the request.

  • Period Block — Deny all the HTTP requests from a source IP within a period which specified by Period Block.

  • Redirect — Send a redirect. You must specify the redirect URL.

  • Captcha — Requires the client to successfully fulfill the CAPTCHA request.

Deny Code

The Deny Code option is available if the Action Type is Deny or Period Block.

Select the HTTP response code, Default: 403.

200, 202, 204, 205, 400, 403, 404, 405, 406, 408, 410, 500, 501, 502, 503, 504

Period Block

The Period Block option is available if the Action Type is Period Block.

Specify a time period when action blocks the client. Default: 60 seconds, Range: 1- 3600 seconds.

Redirect URL

The Redirect URL option is available if the Action Type is Redirect.

Specify the URL that you want to redirect.

Log Status Enable/Disable log of events
Comment Enter comment or description of the action for your records.