config waf profile

Configure Web application firewall configuration.

config waf profile
    Description: Configure Web application firewall configuration.
    edit <name>
        set external [disable|enable]
        set extended-log [enable|disable]
        config signature
            Description: WAF signatures.
            config main-class
                Description: Main signature class.
                edit <id>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                next
            end
            set disabled-sub-class <id1>, <id2>, ...
            set disabled-signature <id1>, <id2>, ...
            set credit-card-detection-threshold {integer}
            config custom-signature
                Description: Custom signature.
                edit <name>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                    set direction [request|response]
                    set case-sensitivity [disable|enable]
                    set pattern {string}
                    set target {option1}, {option2}, ...
                next
            end
        end
        config constraint
            Description: WAF HTTP protocol restrictions.
            config header-length
                Description: HTTP header length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config content-length
                Description: HTTP content length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config param-length
                Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config line-length
                Description: HTTP line length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config url-param-length
                Description: Maximum length of parameter in URL.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config version
                Description: Enable/disable HTTP version check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config method
                Description: Enable/disable HTTP method check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config hostname
                Description: Enable/disable hostname check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config malformed
                Description: Enable/disable malformed HTTP request check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-cookie
                Description: Maximum number of cookies in HTTP request.
                set status [enable|disable]
                set max-cookie {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-header-line
                Description: Maximum number of HTTP header line.
                set status [enable|disable]
                set max-header-line {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-url-param
                Description: Maximum number of parameters in URL.
                set status [enable|disable]
                set max-url-param {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-range-segment
                Description: Maximum number of range segments in HTTP range line.
                set status [enable|disable]
                set max-range-segment {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config exception
                Description: HTTP constraint exception.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set header-length [enable|disable]
                    set content-length [enable|disable]
                    set param-length [enable|disable]
                    set line-length [enable|disable]
                    set url-param-length [enable|disable]
                    set version [enable|disable]
                    set method [enable|disable]
                    set hostname [enable|disable]
                    set malformed [enable|disable]
                    set max-cookie [enable|disable]
                    set max-header-line [enable|disable]
                    set max-url-param [enable|disable]
                    set max-range-segment [enable|disable]
                next
            end
        end
        config method
            Description: Method restriction.
            set status [enable|disable]
            set log [enable|disable]
            set severity [high|medium|...]
            set default-allowed-methods {option1}, {option2}, ...
            config method-policy
                Description: HTTP method policy.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set allowed-methods {option1}, {option2}, ...
                next
            end
        end
        config address-list
            Description: Address block and allow lists.
            set status [enable|disable]
            set blocked-log [enable|disable]
            set severity [high|medium|...]
            set trusted-address <name1>, <name2>, ...
            set blocked-address <name1>, <name2>, ...
        end
        config url-access
            Description: URL access list.
            edit <id>
                set address {string}
                set action [bypass|permit|...]
                set log [enable|disable]
                set severity [high|medium|...]
                config access-pattern
                    Description: URL access pattern.
                    edit <id>
                        set srcaddr {string}
                        set pattern {string}
                        set regex [enable|disable]
                        set negate [enable|disable]
                    next
                end
            next
        end
        set comment {var-string}
    next
end

config waf profile

Parameter

Description

Type

Size

Default

external

Disable/Enable external HTTP Inspection.

option

-

disable

Option

Description

disable

Disable external inspection.

enable

Enable external inspection.

extended-log

Enable/disable extended logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

comment

Comment.

var-string

Maximum length: 1023

config signature

Parameter

Description

Type

Size

Default

disabled-sub-class <id>

Disabled signature subclasses.

Signature subclass ID.

integer

Minimum value: 0 Maximum value: 4294967295

disabled-signature <id>

Disabled signatures.

Signature ID.

integer

Minimum value: 0 Maximum value: 4294967295

credit-card-detection-threshold

The minimum number of Credit cards to detect violation.

integer

Minimum value: 0 Maximum value: 128

3

config main-class

Parameter

Description

Type

Size

Default

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config custom-signature

Parameter

Description

Type

Size

Default

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

direction

Traffic direction.

option

-

request

Option

Description

request

Match HTTP request.

response

Match HTTP response.

case-sensitivity

Case sensitivity in pattern.

option

-

disable

Option

Description

disable

Case insensitive in pattern.

enable

Case sensitive in pattern.

pattern

Match pattern.

string

Maximum length: 511

target

Match HTTP target.

option

-

Option

Description

arg

HTTP arguments.

arg-name

Names of HTTP arguments.

req-body

HTTP request body.

req-cookie

HTTP request cookies.

req-cookie-name

HTTP request cookie names.

req-filename

HTTP request file name.

req-header

HTTP request headers.

req-header-name

HTTP request header names.

req-raw-uri

Raw URI of HTTP request.

req-uri

URI of HTTP request.

resp-body

HTTP response body.

resp-hdr

HTTP response headers.

resp-status

HTTP response status.

config header-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP header in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config content-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP content in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

67108864

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config param-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config line-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP line in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

1024

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config url-param-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of URL parameter in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config version

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

Default

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity

medium

medium severity

low

low severity

default-allowed-methods

Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config hostname

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config malformed

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-cookie

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-cookie

Maximum number of cookies in HTTP request (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

16

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-header-line

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-header-line

Maximum number HTTP header lines (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

32

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable