Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.2.2 CLI Reference
    7.2.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config security waf biometrics-based-detection

    config security waf biometrics-based-detection

    Use this command to configure Biometrics Based Detection policies. FortiADC uses Biometrics Based Detection policies to determine whether requests are generated by robots instead of a human by checking client events within a specified period. With JavaScript enabled on the client browser, FortiADC can collect behavioral biometrics (such as mouse movement, keyboard, screen touch, and scroll) and monitor as client events for a specified period. FortiADC can then determine whether the behavioral biometrics from the request is indicative of a bot or a human.

    After you have configured Biometrics Based Detection policies, you can select them in WAF profiles.

    Before you begin:
    • You must have read-write permission for security settings.

    Syntax

    config security waf biometrics-based-detection

    edit <name>

    set ignore-js-check {enable|disable}

    set monitor-client-event [mouse-movement|click|keyboard|screen-touch|scroll]

    set event-collection-time <integer>

    set bot-effective-time <integer>

    set js-request-url <string>

    set action <datasource>

    set severity {high|medium|low}

    set exception <datasource>

    config url-list

    edit <No.>

    set host-status {enable/disable}

    set host <string>

    set request-url <string>

    next

    end

    next

    end

    ignore-js-check

    Enable/disable to redirect to a warning page to enable JavaScript. This is disabled by default.

    • disable — FortiADC will check if JavaScript is enabled on the client browser. If JavaScript is not enabled, then FortiADC will redirect to a warning page to let the user enable JavaScript. If the client does not enable JavaScript within 10 seconds, the traffic may be recognized as a bad bot.
    • enable — FortiADC will not check if JavaScript is enabled on the client browser. If JavaScript is enabled on the client browser, events can be collected normally and FortiADC can determine if it is a bot or not. But if JavaScript is disabled on the client browser, the client will be recognized as a bot after the Event Collection Time, since events cannot be collected by FortiADC.

    monitor-client-event

    Select one or more client events to monitor:

    • mouse-movement

    • click

    • keyboard

    • screen-touch

    • scroll

    By default, mouse-movement, click, and keyboard are preselected. If the configuration is saved with no monitor-client-event selected, it will default to the preselected client events.

    event-collection-time

    		 Specify for how long the events will be collected from the client. Default: 60 Range: 10-3600 seconds.

    bot-effective-time

    		 Specify the time interval before FortiADC tests and verifies a bot again, once a bot has been detected. Default: 5 Range: 1-60 minute(s).

    js-request-url

    		 Specify the URL to use to insert JavaScript code to the client machine. Default: /fadc_client/default_index.js.

    action

    Select the action profile to apply when a bot is detected. See config security waf action.

    The default action is alert.

    severity

    Select the event severity to log when a bot is detected:

    • high — Log as high severity events.
    • medium — Log as a medium severity events.
    • low — Log as low severity events.

    The default is low.

    exception

    Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.

    config url-list

    host-status

    		 If enabled, require authorization only for the specified host. If disabled, ignore hostname in the HTTP request header and require authorization for requests with any Host header. Disabled by default.

    host

    The host option is available if host-status is enabled.

    Specify the HTTP Host header. If Host Status is enabled, the policy matches only if the Host header matches this value. Complete, exact matching is required. For example, www.example.com matches www.example.com but not www.example.com.hk.

    request-url

    		 The literal URL, such as /index.php, or a regular expression, such as ^/*.php that the HTTP request must contain in order to match the rule. Multiple URLs are supported.

    Example

    config security waf biometrics-based-detection

    edit "Test"

    set ignore-js-check disable

    set monitor-client-events click

    set event-collection-time 10

    set bot-effective-time 1

    set js-request-url /fadc_client/default_index.js

    set action deny

    set severity low

    set exception IP_exception

    config url-list

    edit 1

    set host-status disable

    set request-url .*

    next

    end

    next

    end

    Previous
    Next

    config security waf biometrics-based-detection

    config security waf biometrics-based-detection

    Use this command to configure Biometrics Based Detection policies. FortiADC uses Biometrics Based Detection policies to determine whether requests are generated by robots instead of a human by checking client events within a specified period. With JavaScript enabled on the client browser, FortiADC can collect behavioral biometrics (such as mouse movement, keyboard, screen touch, and scroll) and monitor as client events for a specified period. FortiADC can then determine whether the behavioral biometrics from the request is indicative of a bot or a human.

    After you have configured Biometrics Based Detection policies, you can select them in WAF profiles.

    Before you begin:
    • You must have read-write permission for security settings.

    Syntax

    config security waf biometrics-based-detection

    edit <name>

    set ignore-js-check {enable|disable}

    set monitor-client-event [mouse-movement|click|keyboard|screen-touch|scroll]

    set event-collection-time <integer>

    set bot-effective-time <integer>

    set js-request-url <string>

    set action <datasource>

    set severity {high|medium|low}

    set exception <datasource>

    config url-list

    edit <No.>

    set host-status {enable/disable}

    set host <string>

    set request-url <string>

    next

    end

    next

    end

    ignore-js-check

    Enable/disable to redirect to a warning page to enable JavaScript. This is disabled by default.

    • disable — FortiADC will check if JavaScript is enabled on the client browser. If JavaScript is not enabled, then FortiADC will redirect to a warning page to let the user enable JavaScript. If the client does not enable JavaScript within 10 seconds, the traffic may be recognized as a bad bot.
    • enable — FortiADC will not check if JavaScript is enabled on the client browser. If JavaScript is enabled on the client browser, events can be collected normally and FortiADC can determine if it is a bot or not. But if JavaScript is disabled on the client browser, the client will be recognized as a bot after the Event Collection Time, since events cannot be collected by FortiADC.

    monitor-client-event

    Select one or more client events to monitor:

    • mouse-movement

    • click

    • keyboard

    • screen-touch

    • scroll

    By default, mouse-movement, click, and keyboard are preselected. If the configuration is saved with no monitor-client-event selected, it will default to the preselected client events.

    event-collection-time

    		 Specify for how long the events will be collected from the client. Default: 60 Range: 10-3600 seconds.

    bot-effective-time

    		 Specify the time interval before FortiADC tests and verifies a bot again, once a bot has been detected. Default: 5 Range: 1-60 minute(s).

    js-request-url

    		 Specify the URL to use to insert JavaScript code to the client machine. Default: /fadc_client/default_index.js.

    action

    Select the action profile to apply when a bot is detected. See config security waf action.

    The default action is alert.

    severity

    Select the event severity to log when a bot is detected:

    • high — Log as high severity events.
    • medium — Log as a medium severity events.
    • low — Log as low severity events.

    The default is low.

    exception

    Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.

    config url-list

    host-status

    		 If enabled, require authorization only for the specified host. If disabled, ignore hostname in the HTTP request header and require authorization for requests with any Host header. Disabled by default.

    host

    The host option is available if host-status is enabled.

    Specify the HTTP Host header. If Host Status is enabled, the policy matches only if the Host header matches this value. Complete, exact matching is required. For example, www.example.com matches www.example.com but not www.example.com.hk.

    request-url

    		 The literal URL, such as /index.php, or a regular expression, such as ^/*.php that the HTTP request must contain in order to match the rule. Multiple URLs are supported.

    Example

    config security waf biometrics-based-detection

    edit "Test"

    set ignore-js-check disable

    set monitor-client-events click

    set event-collection-time 10

    set bot-effective-time 1

    set js-request-url /fadc_client/default_index.js

    set action deny

    set severity low

    set exception IP_exception

    config url-list

    edit 1

    set host-status disable

    set request-url .*

    next

    end

    next

    end

    Previous
    Next