Fortinet black logo

CLI Reference

config security waf bot-detection

config security waf bot-detection

Use this command to configure bot detection policies. Bot detection policies use heuristics to detect client traffic likely to be generated by robots instead of genuine clients. You can use predefined blacklists and whitelists to get started. You can use the user-specified whitelist table to fine-tune detection.

Before you begin:

  • You must have read-write permission for security settings.

After you have created a bot detection policy, you can specify it in a WAF profile configuration.

Syntax

config security waf bot-detection

edit <name>

set status {enable|disable}

set bad-robot {enable|disable}

set search-engine-crawler {enable|disable}

set action {datasource}

set http-request-rate <integer>

set severity {high | low | medium}

config whitelist

edit <No.>

set cookie-name-pattern <string>

set ip <subnet>

set url-pattern <string>

set url-parameter-name-pattern <string>

set user-agent-pattern <string>

next

end

next

end

status

Enable/disable bot detection.

bad-robot

Enable/disable the predefined bad robot blacklist.

search-engine-crawler

Enable/disable the predefined search engine spider whitelist.

action

Specify a WAF action object.

http-request-rate

The default is 0 (off). The valid range is 0-100,000,000 requests per second.

severity

  • high
  • medium
  • low
config whitelist

cookie-name-pattern

Matching string. Regular expressions are supported.

ip

Matching subnet (CIDR format).

url-pattern

Matching string. Regular expressions are supported.

url-parameter-name-pattern

Matching string. Regular expressions are supported.

user-agent-pattern

Matching string. Regular expressions are supported.

Example

FortiADC-VM # config security waf bot-detection

FortiADC-VM (bot-detection) # edit waf-bot-detection-policy

Add new entry 'waf-bot-detection-policy' for node 3220

FortiADC-VM (waf-bot-detect~o) # get

status : disable

FortiADC-VM (waf-bot-detect~o) # set status enable

FortiADC-VM (waf-bot-detect~o) # get

status : enable

search-engine-crawler : enable

bad-robot : enable

http-request-rate : 0

action : alert

severity : low

FortiADC-VM (waf-bot-detect~o) # config whitelist

FortiADC-VM (whitelist) # edit 1

Add new entry '1' for node 3228

FortiADC-VM (1) # get

ip : 0.0.0.0/0

url-pattern :

url-parameter-name-pattern :

user-agent-pattern :

cookie-name-pattern :

FortiADC-VM (1) # set ip 10.1.1.0/24

FortiADC-VM (1) # end

FortiADC-VM (waf-bot-detect~o) # end

FortiADC-VM #

config security waf bot-detection

Use this command to configure bot detection policies. Bot detection policies use heuristics to detect client traffic likely to be generated by robots instead of genuine clients. You can use predefined blacklists and whitelists to get started. You can use the user-specified whitelist table to fine-tune detection.

Before you begin:

  • You must have read-write permission for security settings.

After you have created a bot detection policy, you can specify it in a WAF profile configuration.

Syntax

config security waf bot-detection

edit <name>

set status {enable|disable}

set bad-robot {enable|disable}

set search-engine-crawler {enable|disable}

set action {datasource}

set http-request-rate <integer>

set severity {high | low | medium}

config whitelist

edit <No.>

set cookie-name-pattern <string>

set ip <subnet>

set url-pattern <string>

set url-parameter-name-pattern <string>

set user-agent-pattern <string>

next

end

next

end

status

Enable/disable bot detection.

bad-robot

Enable/disable the predefined bad robot blacklist.

search-engine-crawler

Enable/disable the predefined search engine spider whitelist.

action

Specify a WAF action object.

http-request-rate

The default is 0 (off). The valid range is 0-100,000,000 requests per second.

severity

  • high
  • medium
  • low
config whitelist

cookie-name-pattern

Matching string. Regular expressions are supported.

ip

Matching subnet (CIDR format).

url-pattern

Matching string. Regular expressions are supported.

url-parameter-name-pattern

Matching string. Regular expressions are supported.

user-agent-pattern

Matching string. Regular expressions are supported.

Example

FortiADC-VM # config security waf bot-detection

FortiADC-VM (bot-detection) # edit waf-bot-detection-policy

Add new entry 'waf-bot-detection-policy' for node 3220

FortiADC-VM (waf-bot-detect~o) # get

status : disable

FortiADC-VM (waf-bot-detect~o) # set status enable

FortiADC-VM (waf-bot-detect~o) # get

status : enable

search-engine-crawler : enable

bad-robot : enable

http-request-rate : 0

action : alert

severity : low

FortiADC-VM (waf-bot-detect~o) # config whitelist

FortiADC-VM (whitelist) # edit 1

Add new entry '1' for node 3228

FortiADC-VM (1) # get

ip : 0.0.0.0/0

url-pattern :

url-parameter-name-pattern :

user-agent-pattern :

cookie-name-pattern :

FortiADC-VM (1) # set ip 10.1.1.0/24

FortiADC-VM (1) # end

FortiADC-VM (waf-bot-detect~o) # end

FortiADC-VM #