config security waf exception
Use this command to create exception configuration objects. An exception configuration object defines hosts or URLs that should not be processed by the WAF rule.
Before you begin:
- You must have read-write permission for security settings.
After you have created exception objects, you can specify them in the WAF profile configuration or the WAF feature configurations. You can specify an exception per signature rule, per method rule, per response rule, per URL access rule, per file extension rule, per SQL injection rule, and per XSS injection rule.
Syntax
config security waf exception
edit <name>
config exception-rule
edit <No.>
set host-status {enable|disable}
set host-pattern <host-pattern>
set url-pattern <url-pattern>
next
end
next
end
|
host-status |
Enable/disable setting exceptions by host pattern. |
|
host-pattern |
Matching string. Regular expressions are supported. For example, you can specify www.example.com, *.example.com, or www.example.* to match a literal host pattern or a wildcard host pattern. |
|
url-pattern |
Matching string. Must begin with a URL path separator (/). Regular expressions are supported. For example, you can specify pathnames and files with expressions like |
Example
FortiADC-docs # config security waf exception
FortiADC-docs (exception) # edit exception-group
Add new entry 'exception-group' for node 3200
FortiADC-docs (exception-group) # config exception-rule
FortiADC-docs (exception-rule) # edit 1
Add new entry '1' for node 3202
FortiADC-docs (1) # set host-status enable
FortiADC-docs (1) # set host-pattern example.com
FortiADC-docs (1) # set url-pattern /1.index
FortiADC-docs (1) # end
FortiADC-docs (exception-group) # end