Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 6.2.6 CLI Reference
    6.2.6
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config security waf brute-force-login

    config security waf brute-force-login

    Brute Force Attack Detection policies can prevent too many login tests. If an HTTP client tries to log into a server via FortiADC and fails too many times, Brute Force Attack Detection policies can stop it.

    Syntax

    configure security waf brute-force-login

    edit <name>

    set description <string>

    set action <string>

    config login-page-member

    edit 1

    set access-limit-ip <integer>

    set request-url <regular express string>

    set login-failed-code <HTTP status code>

    set host-status [ enable | disable ]

    set host <regular express string>

    next

    end

    next

    end

    CLI specification

    CLI Parameter

    Help message

    Type

    Scope

    Default

    Must

    set description

    HTTP connection limit

    string

    Null

    No

    action

    the action when reach the limit

    object

    Null

    Yes

    access-limit-ip

    Login failed times limit

    integer

    1-65535

    1

    No

    request-url

    Type the URL that the HTTP request must match to be included in the brute force login attack’s rate calculations.

    string

    regular express

    Null

    Yes

    login-failed-code

    Response code which is used to judge if the login is failed or not.

    integer

    0-1000

    0

    No

    host-status

    Decides to match host name or not.

    choice

    enable

    disable

    disable

    No

    host

    Host name

    string

    regular express

    Null

    No

    CLI Parameter

    Visible condition

    Special value

    Effective condition

    set description

    always visible

    N/A

    Work through the WAF framework

    action

    always visible

    N/A

    access-limit-ip

    always visible

    N/A

    request-url

    always visible

    N/A

    login-failed-code

    always visible

    0, means not match status code

    host-status

    always visible

    N/A

    host

    always visible

    host-status == enable

    Function description

    CLI Parameter

    Description

    set description

    Save description message.

    action

    Brute force attack protect action.

    access-limit-ip

    When the count of brute force attack reaches the limit, FortiADC will take action based on the source IP.

    request-url

    This URL is used to identify the login request. If login-failed-code is not set, it will be used to detect the login failed event.

    login-failed-code

    This code is used to identify the login failed event. If login-failed-code is not set, request-url and host will be used instead.

    host-status

    Decides whether or not the Host field of the HTTP request will take part in the identification of the login request or login failed event together with request-url.

    host

    After matching url, FortiADC will match the Host.

    Example

    configure security waf brute-force-login

    edit brute-login

    set description “brute-force-login detection”

    set action deny-action

    config login-page-member

    edit 1

    set access-limit-ip 3

    set request-url /login*

    set login-failed-code 401

    set host-status enable

    set host www.xxx.com

    next

    end

    edit 2

    set access-limit-ip 5

    set request-url /aaalogin*

    next

    end

    next

    end

    WAF Profile

    config security waf profile

    edit <name>

    set brute-force-login <name>

    next

    end

    Previous
    Next

    config security waf brute-force-login

    config security waf brute-force-login

    Brute Force Attack Detection policies can prevent too many login tests. If an HTTP client tries to log into a server via FortiADC and fails too many times, Brute Force Attack Detection policies can stop it.

    Syntax

    configure security waf brute-force-login

    edit <name>

    set description <string>

    set action <string>

    config login-page-member

    edit 1

    set access-limit-ip <integer>

    set request-url <regular express string>

    set login-failed-code <HTTP status code>

    set host-status [ enable | disable ]

    set host <regular express string>

    next

    end

    next

    end

    CLI specification

    CLI Parameter

    Help message

    Type

    Scope

    Default

    Must

    set description

    HTTP connection limit

    string

    Null

    No

    action

    the action when reach the limit

    object

    Null

    Yes

    access-limit-ip

    Login failed times limit

    integer

    1-65535

    1

    No

    request-url

    Type the URL that the HTTP request must match to be included in the brute force login attack’s rate calculations.

    string

    regular express

    Null

    Yes

    login-failed-code

    Response code which is used to judge if the login is failed or not.

    integer

    0-1000

    0

    No

    host-status

    Decides to match host name or not.

    choice

    enable

    disable

    disable

    No

    host

    Host name

    string

    regular express

    Null

    No

    CLI Parameter

    Visible condition

    Special value

    Effective condition

    set description

    always visible

    N/A

    Work through the WAF framework

    action

    always visible

    N/A

    access-limit-ip

    always visible

    N/A

    request-url

    always visible

    N/A

    login-failed-code

    always visible

    0, means not match status code

    host-status

    always visible

    N/A

    host

    always visible

    host-status == enable

    Function description

    CLI Parameter

    Description

    set description

    Save description message.

    action

    Brute force attack protect action.

    access-limit-ip

    When the count of brute force attack reaches the limit, FortiADC will take action based on the source IP.

    request-url

    This URL is used to identify the login request. If login-failed-code is not set, it will be used to detect the login failed event.

    login-failed-code

    This code is used to identify the login failed event. If login-failed-code is not set, request-url and host will be used instead.

    host-status

    Decides whether or not the Host field of the HTTP request will take part in the identification of the login request or login failed event together with request-url.

    host

    After matching url, FortiADC will match the Host.

    Example

    configure security waf brute-force-login

    edit brute-login

    set description “brute-force-login detection”

    set action deny-action

    config login-page-member

    edit 1

    set access-limit-ip 3

    set request-url /login*

    set login-failed-code 401

    set host-status enable

    set host www.xxx.com

    next

    end

    edit 2

    set access-limit-ip 5

    set request-url /aaalogin*

    next

    end

    next

    end

    WAF Profile

    config security waf profile

    edit <name>

    set brute-force-login <name>

    next

    end

    Previous
    Next