Fortinet black logo

Handbook

Configuring a URL Protection policy

Configuring a URL Protection policy

URL protection policies can filter HTTP requests that match specific character strings and file extensions.

Before you begin:

  • You must have Read-Write permission for Security settings.

After you have configured URL protection policies, you can select them in WAF profiles.

To configure a URL Protection policy:
  1. Go to Web Application Firewall > Access Protection.
  2. Click the URL Protection tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in URL Protection configuration.
  5. Save the configuration Table 56.

URL Protection configuration

Settings Guidelines

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

URL Access Rule

Full URL Pattern

Matching string. Regular expressions are supported.

Action

Select the action profile that you want to apply. See Configuring WAF Action objects

The default is Alert.

Severity

  • High—Log as high severity events.
  • Medium—Log as a medium severity events.
  • Low—Log as low severity events.

The default is low.

Exception Name Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.

File Extension Rule

File Extension Pattern

Matching string. Regular expressions are supported.

Action

Select the action profile that you want to apply. See Configuring WAF Action objects

The default is Alert.

Severity

  • High—Log as high severity events.
  • Medium—Log as a medium severity events.
  • Low—Log as low severity events.

The default is low.

Exception Name Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.

Configuring a URL Protection policy

URL protection policies can filter HTTP requests that match specific character strings and file extensions.

Before you begin:

  • You must have Read-Write permission for Security settings.

After you have configured URL protection policies, you can select them in WAF profiles.

To configure a URL Protection policy:
  1. Go to Web Application Firewall > Access Protection.
  2. Click the URL Protection tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in URL Protection configuration.
  5. Save the configuration Table 56.

URL Protection configuration

Settings Guidelines

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

After you initially save the configuration, you cannot edit the name.

URL Access Rule

Full URL Pattern

Matching string. Regular expressions are supported.

Action

Select the action profile that you want to apply. See Configuring WAF Action objects

The default is Alert.

Severity

  • High—Log as high severity events.
  • Medium—Log as a medium severity events.
  • Low—Log as low severity events.

The default is low.

Exception Name Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.

File Extension Rule

File Extension Pattern

Matching string. Regular expressions are supported.

Action

Select the action profile that you want to apply. See Configuring WAF Action objects

The default is Alert.

Severity

  • High—Log as high severity events.
  • Medium—Log as a medium severity events.
  • Low—Log as low severity events.

The default is low.

Exception Name Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.