Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiWeb 8.0.3 CLI Reference
    8.0.3
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0

    waf url-access-parameter

    waf url-access-parameter

    Use this command to add URL access parameter rules. It should be referred in an URL access rule.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

    Syntax

    config waf url-access-parameter

    edit waf url-access-parameter

    config waf url-access-parameter-list

    edit <index>

    set argument-name-type {plain | regular}

    set argument-name <string>

    set optional {enable | disable}

    set type-checked {enable | disable}

    set argument-type {data-type | regular-expression | custom-data-type}

    set data-type <data_type>

    set argument-expression <string>

    set custom-data-type <datasource>

    next

    end

    next

    end

    Variable Description Default

    "<url-access-parameter-rule_name>"

    Enter the name of a new or existing rule. The maximum length is 63 characters.

    To display the list of existing rules, enter:

    edit ?

    		No default.

    argument-name-type {plain | regular}

    Select whether the parameter name field must contain either:

    • plain —The field is a string that the name must match exactly.

    • regular —The field is a regular expression that defines a set of matching names.

    plain

    argument-name <string>

    Depending on your selection in Type, enter either:

    • The literal name that the HTTP request must contain in order to match the rule.
    • A regular expression.

    To create and test a regular expression, click the >> (test) icon. This opens the Regular Expression Validator window where you can fine-tune the expression. For details, see "Regular expression syntax" on page 1.

    		 No default.

    optional {enable | disable}

    Specifies whether the parameter must appear in the request for the URL Access rule to match. When enabled, the rule matches regardless of parameter presence, but still validates the parameter if it appears.

    disable

    type-checked {enable | disable}

    If type-checked is enabled, parameter value must match the argument specified.

    disable

    argument-type {data-type | regular-expression | custom-data-type}

    The argument-type option is available if type-checked is enabled.

    Select the type of the parameter value:

    • data-type

    • regular-expression

    • custom-data-type

    data-type

    data-type <data_type>

    		 If data-type is selected as the argument-type, select the specific data type.

    No default.

    argument-expression <string>

    If regular-expression is selected as the argument-type, enter the regular expression.

    No default.

    custom-data-type <datasource>

    If custom-data-type is selected as the argument-type, select the custom data type.

    No default.
    Previous
    Next

    waf url-access-parameter

    waf url-access-parameter

    Use this command to add URL access parameter rules. It should be referred in an URL access rule.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

    Syntax

    config waf url-access-parameter

    edit waf url-access-parameter

    config waf url-access-parameter-list

    edit <index>

    set argument-name-type {plain | regular}

    set argument-name <string>

    set optional {enable | disable}

    set type-checked {enable | disable}

    set argument-type {data-type | regular-expression | custom-data-type}

    set data-type <data_type>

    set argument-expression <string>

    set custom-data-type <datasource>

    next

    end

    next

    end

    Variable Description Default

    "<url-access-parameter-rule_name>"

    Enter the name of a new or existing rule. The maximum length is 63 characters.

    To display the list of existing rules, enter:

    edit ?

    		No default.

    argument-name-type {plain | regular}

    Select whether the parameter name field must contain either:

    • plain —The field is a string that the name must match exactly.

    • regular —The field is a regular expression that defines a set of matching names.

    plain

    argument-name <string>

    Depending on your selection in Type, enter either:

    • The literal name that the HTTP request must contain in order to match the rule.
    • A regular expression.

    To create and test a regular expression, click the >> (test) icon. This opens the Regular Expression Validator window where you can fine-tune the expression. For details, see "Regular expression syntax" on page 1.

    		 No default.

    optional {enable | disable}

    Specifies whether the parameter must appear in the request for the URL Access rule to match. When enabled, the rule matches regardless of parameter presence, but still validates the parameter if it appears.

    disable

    type-checked {enable | disable}

    If type-checked is enabled, parameter value must match the argument specified.

    disable

    argument-type {data-type | regular-expression | custom-data-type}

    The argument-type option is available if type-checked is enabled.

    Select the type of the parameter value:

    • data-type

    • regular-expression

    • custom-data-type

    data-type

    data-type <data_type>

    		 If data-type is selected as the argument-type, select the specific data type.

    No default.

    argument-expression <string>

    If regular-expression is selected as the argument-type, enter the regular expression.

    No default.

    custom-data-type <datasource>

    If custom-data-type is selected as the argument-type, select the custom data type.

    No default.
    Previous
    Next