Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 6.2.2 CLI Reference
    6.2.2
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config security waf action

    config security waf action

    Use this command to configure web application firewall (WAF) actions. A WAF action is referenced by the WAF policies to define which action will be taken when policies detected attacks.

    In many cases, you can use predefined profiles to get started.

    Predefined actions

    Description

    alert

    WAF policies will only leave a log and didn’t touch the attack traffic

    block

    WAF policies will leave a log, drop current attack session by HTTP 403 message and block attacker (according the attacker’s IP address) for 1 hour

    deny

    WAF policies will leave a log, drop current attack session by HTTP 403 message

    silent-deny

    WAF policies will drop current attack session by HTTP 403 message, without a log

    The configurations for these actions are shown in the examples that follow. If desired, you can create user-defined actions.

    Before you begin:

    • Usually, predefined actions are enough for normal usage, and most predefined WAF policies reference the predefined actions. After your define your own action, you must specify it in your WAF policies to let it take effect.
    • You must have read-write permission for security settings.

    Syntax

    config security waf action edit <name>

    set type (deny|pass|period-block|redirect)

    set log (enable|disable)

    set deny-code (200|202|204|205|400|403|404|405|406|408|410|500|501|502|503|504)

    set block-period <1-3600>

    set redirect-url <string>

    set comment <string>

    next

    end

    type

    Specify action type from the following:

    • deny—This will drop the current session by a HTTP error message.
    • pass— This won’t touch the current session.
    • period-block— This will drop the current session by a HTTP error message and block client for a period.
    • redirect— This will drop the current session by a HTTP 302 redirect message and let client redirect to another URL.

    log

    Specify if action needs to enable or disable record logs.

    deny-code

    Specify HTTP error message code when action drops the current session.

    block-period

    Specify a time period when action blocks the client. Range from 1- 3600 seconds.

    redirect-url

    Specify a URL when action performs a HTTP redirect; type must set to redirect.

    Example

    FortiADC-docs # get security waf action

    == [ alert ]

    == [ deny ]

    == [ block ]

    == [ silent-deny ]

    FortiADC-docs # get security waf action alert

    type : pass

    log : enable

    comment :

    FortiADC-docs # get security waf action deny

    type : deny

    log : enable

    deny-code : 403

    comment :

    FortiADC-docs # get security waf action block

    type : period-block

    log : enable

    deny-code : 403

    block-period : 3600

    comment :

    FortiADC-docs # get security waf action silent-deny

    type : deny

    log : disable

    deny-code : 403

    comment :

    FortiADC-docs # config security waf action

    FortiADC-docs (action) # edit eval

    FortiADC-docs (eval) # get

    type : deny

    log : enable

    deny-code : 403

    comment : comments

    FortiADC-docs (eval) # set type period-block

    FortiADC-docs (eval) # set deny-code 200

    FortiADC-docs (eval) # set block-period 30

    FortiADC-docs (eval) # set log disable

    FortiADC-docs (eval) # end

    Previous
    Next

    config security waf action

    config security waf action

    Use this command to configure web application firewall (WAF) actions. A WAF action is referenced by the WAF policies to define which action will be taken when policies detected attacks.

    In many cases, you can use predefined profiles to get started.

    Predefined actions

    Description

    alert

    WAF policies will only leave a log and didn’t touch the attack traffic

    block

    WAF policies will leave a log, drop current attack session by HTTP 403 message and block attacker (according the attacker’s IP address) for 1 hour

    deny

    WAF policies will leave a log, drop current attack session by HTTP 403 message

    silent-deny

    WAF policies will drop current attack session by HTTP 403 message, without a log

    The configurations for these actions are shown in the examples that follow. If desired, you can create user-defined actions.

    Before you begin:

    • Usually, predefined actions are enough for normal usage, and most predefined WAF policies reference the predefined actions. After your define your own action, you must specify it in your WAF policies to let it take effect.
    • You must have read-write permission for security settings.

    Syntax

    config security waf action edit <name>

    set type (deny|pass|period-block|redirect)

    set log (enable|disable)

    set deny-code (200|202|204|205|400|403|404|405|406|408|410|500|501|502|503|504)

    set block-period <1-3600>

    set redirect-url <string>

    set comment <string>

    next

    end

    type

    Specify action type from the following:

    • deny—This will drop the current session by a HTTP error message.
    • pass— This won’t touch the current session.
    • period-block— This will drop the current session by a HTTP error message and block client for a period.
    • redirect— This will drop the current session by a HTTP 302 redirect message and let client redirect to another URL.

    log

    Specify if action needs to enable or disable record logs.

    deny-code

    Specify HTTP error message code when action drops the current session.

    block-period

    Specify a time period when action blocks the client. Range from 1- 3600 seconds.

    redirect-url

    Specify a URL when action performs a HTTP redirect; type must set to redirect.

    Example

    FortiADC-docs # get security waf action

    == [ alert ]

    == [ deny ]

    == [ block ]

    == [ silent-deny ]

    FortiADC-docs # get security waf action alert

    type : pass

    log : enable

    comment :

    FortiADC-docs # get security waf action deny

    type : deny

    log : enable

    deny-code : 403

    comment :

    FortiADC-docs # get security waf action block

    type : period-block

    log : enable

    deny-code : 403

    block-period : 3600

    comment :

    FortiADC-docs # get security waf action silent-deny

    type : deny

    log : disable

    deny-code : 403

    comment :

    FortiADC-docs # config security waf action

    FortiADC-docs (action) # edit eval

    FortiADC-docs (eval) # get

    type : deny

    log : enable

    deny-code : 403

    comment : comments

    FortiADC-docs (eval) # set type period-block

    FortiADC-docs (eval) # set deny-code 200

    FortiADC-docs (eval) # set block-period 30

    FortiADC-docs (eval) # set log disable

    FortiADC-docs (eval) # end

    Previous
    Next