config security waf url-protection

Use this command to configure URL protection policies. URL protection policies can filter HTTP requests that match specific character strings and file extensions.

Before you begin:

• You must have read-write permission for security settings.

After you have created a URL protection policy, you can specify it in a WAF profile configuration.

Syntax

config security waf url-protection

edit <name>

set exception <datasource>

config url-access-rule

edit <No.>

set exception <datasource>

set action {datasource}

set severity {high|medium|low}

set url-pattern <url-pattern>

next

end

config file-extension-rule

edit <No.>

set exception <datasource>

set action {datasource}

set severity {high|medium|low}

set file-extension-pattern <file-extension-pattern>

next

end

next

end

exception	Specify an exception configuration object.
action	Specify a WAF action object.
severity	high medium low
url-pattern	Matching string. Regular expressions are supported.
file-extension-pattern	Matching string. Regular expressions are supported.

Example

FortiADC-docs # config security waf url-protection

FortiADC-docs (url-protection) # edit url-policy

Add new entry 'url-policy' for node 3050

FortiADC-docs (url-policy) # config url-access-rule

FortiADC-docs (url-access-rule) # edit 1

Add new entry '1' for node 3052

FortiADC-docs (1) # get

url-pattern :

action : alert

severity : low

exception :

FortiADC-docs (1) # set url-pattern tmp

FortiADC-docs (1) # end

FortiADC-docs (url-policy) # config file-extension-rule

FortiADC-docs (file-extension~r) # edit 1

Add new entry '1' for node 3057

FortiADC-docs (1) # get

file-extension-pattern :

action : alert

severity : low

exception :

FortiADC-docs (1) # set file-extension-pattern tmp

FortiADC-docs (1) # end

FortiADC-docs (url-policy) # end