Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.4.3 CLI Reference
    7.4.3
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config security waf action

    config security waf action

    Use this command to configure web application firewall (WAF) actions. A WAF action is referenced by the WAF policies to define which action will be taken when policies detect attacks.

    In many cases, you can use predefined profiles to get started.

    Predefined actions

    Description

    alert

    WAF policies will allow the traffic to pass and log the event.

    block

    WAF policies will drop the current attack session by HTTP 403 message and block the attacker (according the attacker’s IP address) for 1 hour, and log the event.

    captcha

    WAF policies will allow the traffic to pass if the client successfully fulfills the CAPTCHA request, and log the event.

    deny

    WAF policies will the drop current attack session by HTTP 403 message, and log the event.

    silent-deny

    WAF policies will drop the current attack session by HTTP 403 message, without logging the event.

    The configurations for these actions are shown in the examples that follow. If desired, you can create user-defined actions.

    Before you begin:
    • Usually, predefined actions are enough for normal usage, and most predefined WAF policies reference the predefined actions. After you define your own action, you must specify it in your WAF policies for it to take effect.
    • You must have read-write permission for security settings.

    Syntax

    config security waf action

    edit <name>

    set type {deny|pass|period-block|redirect|captcha}

    set log {enable|disable}

    set deny-code {200|202|204|205|400|403|404|405|406|408|410|500|501|502|503|504}

    set block-period <integer>

    set redirect-url <string>

    set comment <string>

    next

    end

    type

    Specify action type from the following:

    • deny — Blocks the request. This will drop the current session by a HTTP error message.
    • pass — Allows the request. The current session will be allowed to continue.
    • period-block — Denies all HTTP requests from a source IP within a period which is specified in the block-period. This will drop the current session by a HTTP error message and block the client for a period.
    • redirect — Sends a redirect. This will drop the current session by a HTTP 302 redirect message and allow the client to redirect to another URL.
    • captcha — Requires the client to successfully fulfill the CAPTCHA request. The current session will be allowed to continue after the client successfully fulfills the CAPTCHA request.

    log

    Enable/disable to log the event.

    deny-code

    The deny-code option is available if the type is deny or period-block.

    Specify HTTP error message code when the action drops the current session. Default: 403.

    200, 202, 204, 205, 400, 403, 404, 405, 406, 408, 410, 500, 501, 502, 503, 504

    block-period

    The block-period option is available if the type is period-block.

    Specify a time period when action blocks the client. Default: 60 seconds, Range: 1- 3600 seconds.

    redirect-url

    The redirect-url option is available if the type is redirect.

    Specify a URL when the action performs a HTTP redirect.

    Example

    FortiADC-docs # get security waf action

    == [ alert ]

    == [ deny ]

    == [ block ]

    == [ silent-deny ]

    FortiADC-docs # get security waf action alert

    type : pass

    log : enable

    comment :

    FortiADC-docs # get security waf action deny

    type : deny

    log : enable

    deny-code : 403

    comment :

    FortiADC-docs # get security waf action block

    type : period-block

    log : enable

    deny-code : 403

    block-period : 3600

    comment :

    FortiADC-docs # get security waf action silent-deny

    type : deny

    log : disable

    deny-code : 403

    comment :

    FortiADC-docs # config security waf action

    FortiADC-docs (action) # edit eval

    FortiADC-docs (eval) # get

    type : deny

    log : enable

    deny-code : 403

    comment : comments

    FortiADC-docs (eval) # set type period-block

    FortiADC-docs (eval) # set deny-code 200

    FortiADC-docs (eval) # set block-period 30

    FortiADC-docs (eval) # set log disable

    FortiADC-docs (eval) # end

    Previous
    Next

    config security waf action

    config security waf action

    Use this command to configure web application firewall (WAF) actions. A WAF action is referenced by the WAF policies to define which action will be taken when policies detect attacks.

    In many cases, you can use predefined profiles to get started.

    Predefined actions

    Description

    alert

    WAF policies will allow the traffic to pass and log the event.

    block

    WAF policies will drop the current attack session by HTTP 403 message and block the attacker (according the attacker’s IP address) for 1 hour, and log the event.

    captcha

    WAF policies will allow the traffic to pass if the client successfully fulfills the CAPTCHA request, and log the event.

    deny

    WAF policies will the drop current attack session by HTTP 403 message, and log the event.

    silent-deny

    WAF policies will drop the current attack session by HTTP 403 message, without logging the event.

    The configurations for these actions are shown in the examples that follow. If desired, you can create user-defined actions.

    Before you begin:
    • Usually, predefined actions are enough for normal usage, and most predefined WAF policies reference the predefined actions. After you define your own action, you must specify it in your WAF policies for it to take effect.
    • You must have read-write permission for security settings.

    Syntax

    config security waf action

    edit <name>

    set type {deny|pass|period-block|redirect|captcha}

    set log {enable|disable}

    set deny-code {200|202|204|205|400|403|404|405|406|408|410|500|501|502|503|504}

    set block-period <integer>

    set redirect-url <string>

    set comment <string>

    next

    end

    type

    Specify action type from the following:

    • deny — Blocks the request. This will drop the current session by a HTTP error message.
    • pass — Allows the request. The current session will be allowed to continue.
    • period-block — Denies all HTTP requests from a source IP within a period which is specified in the block-period. This will drop the current session by a HTTP error message and block the client for a period.
    • redirect — Sends a redirect. This will drop the current session by a HTTP 302 redirect message and allow the client to redirect to another URL.
    • captcha — Requires the client to successfully fulfill the CAPTCHA request. The current session will be allowed to continue after the client successfully fulfills the CAPTCHA request.

    log

    Enable/disable to log the event.

    deny-code

    The deny-code option is available if the type is deny or period-block.

    Specify HTTP error message code when the action drops the current session. Default: 403.

    200, 202, 204, 205, 400, 403, 404, 405, 406, 408, 410, 500, 501, 502, 503, 504

    block-period

    The block-period option is available if the type is period-block.

    Specify a time period when action blocks the client. Default: 60 seconds, Range: 1- 3600 seconds.

    redirect-url

    The redirect-url option is available if the type is redirect.

    Specify a URL when the action performs a HTTP redirect.

    Example

    FortiADC-docs # get security waf action

    == [ alert ]

    == [ deny ]

    == [ block ]

    == [ silent-deny ]

    FortiADC-docs # get security waf action alert

    type : pass

    log : enable

    comment :

    FortiADC-docs # get security waf action deny

    type : deny

    log : enable

    deny-code : 403

    comment :

    FortiADC-docs # get security waf action block

    type : period-block

    log : enable

    deny-code : 403

    block-period : 3600

    comment :

    FortiADC-docs # get security waf action silent-deny

    type : deny

    log : disable

    deny-code : 403

    comment :

    FortiADC-docs # config security waf action

    FortiADC-docs (action) # edit eval

    FortiADC-docs (eval) # get

    type : deny

    log : enable

    deny-code : 403

    comment : comments

    FortiADC-docs (eval) # set type period-block

    FortiADC-docs (eval) # set deny-code 200

    FortiADC-docs (eval) # set block-period 30

    FortiADC-docs (eval) # set log disable

    FortiADC-docs (eval) # end

    Previous
    Next