config waf profile
Configure Web application firewall configuration.
config waf profile Description: Configure Web application firewall configuration. edit <name> set external [disable|enable] set extended-log [enable|disable] config signature Description: WAF signatures. config main-class Description: Main signature class. edit <id> set status [enable|disable] set action [allow|block|...] set log [enable|disable] set severity [high|medium|...] next end set disabled-sub-class <id1>, <id2>, ... set disabled-signature <id1>, <id2>, ... set credit-card-detection-threshold {integer} config custom-signature Description: Custom signature. edit <name> set status [enable|disable] set action [allow|block|...] set log [enable|disable] set severity [high|medium|...] set direction [request|response] set case-sensitivity [disable|enable] set pattern {string} set target {option1}, {option2}, ... next end end config constraint Description: WAF HTTP protocol restrictions. config header-length Description: HTTP header length in request. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config content-length Description: HTTP content length in request. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config param-length Description: Maximum length of parameter in URL, HTTP POST request or HTTP body. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config line-length Description: HTTP line length in request. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config url-param-length Description: Maximum length of parameter in URL. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config version Description: Enable/disable HTTP version check. set status [enable|disable] set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config method Description: Enable/disable HTTP method check. set status [enable|disable] set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config hostname Description: Enable/disable hostname check. set status [enable|disable] set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config malformed Description: Enable/disable malformed HTTP request check. set status [enable|disable] set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config max-cookie Description: Maximum number of cookies in HTTP request. set status [enable|disable] set max-cookie {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config max-header-line Description: Maximum number of HTTP header line. set status [enable|disable] set max-header-line {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config max-url-param Description: Maximum number of parameters in URL. set status [enable|disable] set max-url-param {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config max-range-segment Description: Maximum number of range segments in HTTP range line. set status [enable|disable] set max-range-segment {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config exception Description: HTTP constraint exception. edit <id> set pattern {string} set regex [enable|disable] set address {string} set header-length [enable|disable] set content-length [enable|disable] set param-length [enable|disable] set line-length [enable|disable] set url-param-length [enable|disable] set version [enable|disable] set method [enable|disable] set hostname [enable|disable] set malformed [enable|disable] set max-cookie [enable|disable] set max-header-line [enable|disable] set max-url-param [enable|disable] set max-range-segment [enable|disable] next end end config method Description: Method restriction. set status [enable|disable] set log [enable|disable] set severity [high|medium|...] set default-allowed-methods {option1}, {option2}, ... config method-policy Description: HTTP method policy. edit <id> set pattern {string} set regex [enable|disable] set address {string} set allowed-methods {option1}, {option2}, ... next end end config address-list Description: Address block and allow lists. set status [enable|disable] set blocked-log [enable|disable] set severity [high|medium|...] set trusted-address <name1>, <name2>, ... set blocked-address <name1>, <name2>, ... end config url-access Description: URL access list. edit <id> set address {string} set action [bypass|permit|...] set log [enable|disable] set severity [high|medium|...] config access-pattern Description: URL access pattern. edit <id> set srcaddr {string} set pattern {string} set regex [enable|disable] set negate [enable|disable] next end next end set comment {var-string} next end
config waf profile
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
external |
Disable/Enable external HTTP Inspection. |
option |
- |
disable |
||||||
|
|
|||||||||
extended-log |
Enable/disable extended logging. |
option |
- |
disable |
||||||
|
|
|||||||||
comment |
Comment. |
var-string |
Maximum length: 1023 |
|
config signature
Parameter |
Description |
Type |
Size |
Default |
---|---|---|---|---|
disabled-sub-class |
Disabled signature subclasses. Signature subclass ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|
disabled-signature |
Disabled signatures. Signature ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|
credit-card-detection-threshold |
The minimum number of Credit cards to detect violation. |
integer |
Minimum value: 0 Maximum value: 128 |
3 |
config main-class
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Status. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
enable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config custom-signature
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Status. |
option |
- |
disable |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
action |
Action. |
option |
- |
allow |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
direction |
Traffic direction. |
option |
- |
request |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
case-sensitivity |
Case sensitivity in pattern. |
option |
- |
disable |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
pattern |
Match pattern. |
string |
Maximum length: 511 |
|
||||||||||||||||||||||||||||
target |
Match HTTP target. |
option |
- |
|
||||||||||||||||||||||||||||
|
|
config header-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Length of HTTP header in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
8192 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config content-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Length of HTTP content in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
67108864 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config param-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
8192 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config line-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Length of HTTP line in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
1024 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config url-param-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Maximum length of URL parameter in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
8192 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config version
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config method
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config method
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Status. |
option |
- |
disable |
||||||||||||||||||||
|
|
|||||||||||||||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||||||||||||||
|
|
|||||||||||||||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||||||||||||||
|
|
|||||||||||||||||||||||
default-allowed-methods |
Methods. |
option |
- |
|
||||||||||||||||||||
|
|
config hostname
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config malformed
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config max-cookie
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
max-cookie |
Maximum number of cookies in HTTP request (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
16 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config max-header-line
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||
|
|
|||||||||
max-header-line |
Maximum number HTTP header lines (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
32 |
||||||
action |
Action. |
option |
- |
allow |
||||||
|
|
|||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||
|
|