Fortinet black logo

Script Reference Guide

Home FortiADC 7.4.2 Script Reference Guide
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.4
7.2.0
6.2.0
5.4.1
5.4.0
5.3.0

WAF events

WAF events

Use the WAF events to insert an action before or after a WAF scan.

In FortiADC, the WAF has six stages for when modules can scan for attacks:

  • WAF_SCAN_STAGE_REQ_HEADER

  • WAF_SCAN_STAGE_REQ_BODY (streaming stage)

  • WAF_SCAN_STAGE_REQ_WHOLE_BODY

  • WAF_SCAN_STAGE_RES_HEADER

  • WAF_SCAN_STAGE_RES_BODY (streaming stage)

  • WAF_SCAN_STAGE_RES_WHOLE_BODY

The WAF event may be applied to specific WAF stages depending on their hook point.

Event

Hook point

Example
WAF_REQUEST_BEFORE_SCAN

Before WAF_SCAN_STAGE_REQ_HEADER start.

If WAF function is not enabled on VS, then this will not be triggered.

when WAF_REQUEST_BEFORE_SCAN {

debug("test WAF_REQUEST_BEFORE_SCAN\n")

}
WAF_RESPONSE_BEFORE_SCAN

Before WAF_SCAN_STAGE_RES_HEADER start.

If WAF function is not enabled on VS, then this will not be triggered.

when WAF_REQUEST_ATTACK_DETECTED {

debug("test WAF_REQUEST_ATTACK_DETECTED\n")

}
WAF_REQUEST_ATTACK_DETECTED

After all request stages when there are attacks detected (violation).

If WAF function is not enabled on VS, then this will not be triggered.

If WAF module does not detect any violations, then this will not be triggered.

when WAF_RESPONSE_BEFORE_SCAN {

debug("test WAF_RESPONSE_BEFORE_SCAN\n")

}
WAF_RESPONSE_ATTACK_DETECTED

After all response stages when there are attacks detected (violation).

If WAF function is not enabled on VS, then this will not be triggered.

If WAF module does not detect any violations, then this will not be triggered.

when WAF_RESPONSE_ATTACK_DETECTED {

debug("test WAF_RESPONSE_ATTACK_DETECTED\n")

}
Previous
Next

WAF events

Use the WAF events to insert an action before or after a WAF scan.

In FortiADC, the WAF has six stages for when modules can scan for attacks:

  • WAF_SCAN_STAGE_REQ_HEADER

  • WAF_SCAN_STAGE_REQ_BODY (streaming stage)

  • WAF_SCAN_STAGE_REQ_WHOLE_BODY

  • WAF_SCAN_STAGE_RES_HEADER

  • WAF_SCAN_STAGE_RES_BODY (streaming stage)

  • WAF_SCAN_STAGE_RES_WHOLE_BODY

The WAF event may be applied to specific WAF stages depending on their hook point.

Event

Hook point

Example
WAF_REQUEST_BEFORE_SCAN

Before WAF_SCAN_STAGE_REQ_HEADER start.

If WAF function is not enabled on VS, then this will not be triggered.

when WAF_REQUEST_BEFORE_SCAN {

debug("test WAF_REQUEST_BEFORE_SCAN\n")

}
WAF_RESPONSE_BEFORE_SCAN

Before WAF_SCAN_STAGE_RES_HEADER start.

If WAF function is not enabled on VS, then this will not be triggered.

when WAF_REQUEST_ATTACK_DETECTED {

debug("test WAF_REQUEST_ATTACK_DETECTED\n")

}
WAF_REQUEST_ATTACK_DETECTED

After all request stages when there are attacks detected (violation).

If WAF function is not enabled on VS, then this will not be triggered.

If WAF module does not detect any violations, then this will not be triggered.

when WAF_RESPONSE_BEFORE_SCAN {

debug("test WAF_RESPONSE_BEFORE_SCAN\n")

}
WAF_RESPONSE_ATTACK_DETECTED

After all response stages when there are attacks detected (violation).

If WAF function is not enabled on VS, then this will not be triggered.

If WAF module does not detect any violations, then this will not be triggered.

when WAF_RESPONSE_ATTACK_DETECTED {

debug("test WAF_RESPONSE_ATTACK_DETECTED\n")

}
Previous
Next