config security waf bot-detection
Use this command to configure bot detection policies. Bot detection policies use heuristics to detect client traffic likely to be generated by robots instead of genuine clients. You can use predefined blacklists and whitelists to get started. You can use the user-specified whitelist table to fine-tune detection.
Before you begin:
- You must have read-write permission for security settings.
After you have created a bot detection policy, you can specify it in a WAF profile configuration.
Syntax
config security waf bot-detection
edit <name>
set status {enable|disable}
set bad-robot {enable|disable}
set search-engine-crawler {enable|disable}
set action {datasource}
set http-request-rate <integer>
set severity {high | low | medium}
config whitelist
edit <No.>
set cookie-name-pattern <string>
set ip <subnet>
set url-pattern <string>
set url-parameter-name-pattern <string>
set user-agent-pattern <string>
next
end
next
end
status |
Enable/disable bot detection. |
bad-robot |
Enable/disable the predefined bad robot blacklist. |
search-engine-crawler |
Enable/disable the predefined search engine spider whitelist. |
action |
Specify a WAF action object. |
http-request-rate |
The default is 0 (off). The valid range is 0-100,000,000 requests per second. |
severity |
|
config whitelist | |
cookie-name-pattern |
Matching string. Regular expressions are supported. |
ip |
Matching subnet (CIDR format). |
url-pattern |
Matching string. Regular expressions are supported. |
url-parameter-name-pattern |
Matching string. Regular expressions are supported. |
user-agent-pattern |
Matching string. Regular expressions are supported. |
Example
FortiADC-VM # config security waf bot-detection
FortiADC-VM (bot-detection) # edit waf-bot-detection-policy
Add new entry 'waf-bot-detection-policy' for node 3220
FortiADC-VM (waf-bot-detect~o) # get
status : disable
FortiADC-VM (waf-bot-detect~o) # set status enable
FortiADC-VM (waf-bot-detect~o) # get
status : enable
search-engine-crawler : enable
bad-robot : enable
http-request-rate : 0
action : alert
severity : low
FortiADC-VM (waf-bot-detect~o) # config whitelist
FortiADC-VM (whitelist) # edit 1
Add new entry '1' for node 3228
FortiADC-VM (1) # get
ip : 0.0.0.0/0
url-pattern :
url-parameter-name-pattern :
user-agent-pattern :
cookie-name-pattern :
FortiADC-VM (1) # set ip 10.1.1.0/24
FortiADC-VM (1) # end
FortiADC-VM (waf-bot-detect~o) # end
FortiADC-VM #