Configuring OpenAPI Detection
The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs, which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, you can understand and interact with the remote service with a minimal amount of implementation logic.
FortiADC can parse the OpenAPI description file and provide additional security to APIs by making sure that access is based on the definitions described in the OpenAPI file.
Note: FortiADC supports OpenAPI 3.0.
To configure OpenAPI Detection:
- Go to Web Application Firewall > OpenAPI Validation.
- Click the OpenAPI Detection tab.
- Click Create New to display the configuration editor and set up the configuration.
- Save the configuration.
Configure the name. Valid characters are A-Z, a-z, 0-9, _, and -. Whitespaces not allowed.
Note: Once saved, the name cannot be changed.
|OpenAPI Schema Check||Before enabling OpenAPI Schema Check, you must upload an OpenAPI schema file to check whether OpenAPI content is permitted. Enable to use OpenAPI schema to validate OpenAPI content. See Importing OpenAPI schema.|
|OpenAPI Schema||Select the OpenAPI schema file that you want to use to check whether OpenAPI content is valid.|
Select the action profile that you want to apply. See Configuring WAF Action objects.
The default is Alert.
When FortiADC records violations of this rule in the attack log, each log message contains a Severity Level (severity_level) field. Select the severity level FortiADC uses when using Input Validation:
The default is Low.
|Exception||Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.|