Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 6.2.3 Handbook
    6.2.3
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring WAF Action objects

    Configuring WAF Action objects

    Configure what action FortiADC should take when it meets the WAF conditions.

    Before you begin:

    • You must have Read-Write permission for Security settings.

    After you have created an action object, you can specify it in individual WAF feature rules.

    To configure an exception object:

    1. Go to Web Application Firewall > WAF Profile.

    2. Click the Action tab.

    3. Click Create New to display the configuration editor.

    4. Complete the configuration of WAF Action objects.

    5. Save the configuration.

    Settings Guidelines
    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.
    Action Type

    Select which action FortiADC takes when the conditions are fulfilled for WAF:

    Pass—Allow the request.

    Deny—Block the request.

    Period Block—Deny all the HTTP requests from a source IP within a period which specified by Period Block.

    Redirect—Send a redirect. You must specify the redirect URL.

    Captcha—Requires the client to successfully fulfill the CAPTCHA request.
    Deny Code

    Specify the HTTP response code, Default: 403.

    200, 202, 204, 205, 400, 403, 404, 406, 408, 410, 500, 501, 502, 503, 504

    Note: This option is only available when the action type is Deny or Period Block.
    Period Block

    1-3600 seconds; Default: 60.

    Note: This option is only available when the action type is Period Block.
    Redirect URL

    Specify the URL that you want to redirect.

    Note: This option is only available when the action type is Redirect.
    Log Status Enable/Disable log of events
    Comment Enter comment or description of the action for your records.
    Previous
    Next

    Configuring WAF Action objects

    Configuring WAF Action objects

    Configure what action FortiADC should take when it meets the WAF conditions.

    Before you begin:

    • You must have Read-Write permission for Security settings.

    After you have created an action object, you can specify it in individual WAF feature rules.

    To configure an exception object:

    1. Go to Web Application Firewall > WAF Profile.

    2. Click the Action tab.

    3. Click Create New to display the configuration editor.

    4. Complete the configuration of WAF Action objects.

    5. Save the configuration.

    Settings Guidelines
    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.

    After you initially save the configuration, you cannot edit the name.
    Action Type

    Select which action FortiADC takes when the conditions are fulfilled for WAF:

    Pass—Allow the request.

    Deny—Block the request.

    Period Block—Deny all the HTTP requests from a source IP within a period which specified by Period Block.

    Redirect—Send a redirect. You must specify the redirect URL.

    Captcha—Requires the client to successfully fulfill the CAPTCHA request.
    Deny Code

    Specify the HTTP response code, Default: 403.

    200, 202, 204, 205, 400, 403, 404, 406, 408, 410, 500, 501, 502, 503, 504

    Note: This option is only available when the action type is Deny or Period Block.
    Period Block

    1-3600 seconds; Default: 60.

    Note: This option is only available when the action type is Period Block.
    Redirect URL

    Specify the URL that you want to redirect.

    Note: This option is only available when the action type is Redirect.
    Log Status Enable/Disable log of events
    Comment Enter comment or description of the action for your records.
    Previous
    Next