config security waf biometrics-based-detection
Use this command to configure Biometrics Based Detection policies. FortiADC uses Biometrics Based Detection policies to determine whether requests are generated by robots instead of a human by checking client events within a specified period. With JavaScript enabled on the client browser, FortiADC can collect behavioral biometrics (such as mouse movement, keyboard, screen touch, and scroll) and monitor as client events for a specified period. FortiADC can then determine whether the behavioral biometrics from the request is indicative of a bot or a human.
After you have configured Biometrics Based Detection policies, you can select them in WAF profiles.
Before you begin:
- You must have read-write permission for security settings.
Syntax
config security waf biometrics-based-detection
edit <name>
set ignore-js-check {enable|disable}
set monitor-client-event [mouse-movement|click|keyboard|screen-touch|scroll]
set event-collection-time <integer>
set bot-effective-time <integer>
set js-request-url <string>
set action <datasource>
set severity {high|medium|low}
set exception <datasource>
config url-list
edit <No.>
set host-status {enable/disable}
set host <string>
set request-url <string>
next
end
next
end
ignore-js-check |
Enable/disable redirect to a warning page to enable JavaScript. This is disabled by default.
|
monitor-client-event |
Select one or more client events to monitor:
By default, mouse-movement, click, and keyboard are preselected. If the configuration is saved with no monitor-client-event selected, it will default to the preselected client events. |
event-collection-time |
Specify for how long the events will be collected from the client. Default: 60 Range: 10-3600 seconds. |
bot-effective-time |
Specify the time interval before FortiADC tests and verifies a bot again, once a bot has been detected. Default: 5 Range: 1-60 minute(s). |
js-request-url |
Specify the URL to use to insert JavaScript code to the client machine. Default: /fadc_client/default_index.js . |
action |
Select the action profile to apply when a bot is detected. See config security waf action. The default action is alert. |
severity |
Select the event severity to log when a bot is detected:
The default is low. |
exception |
Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule. |
config url-list |
|
host-status |
If enabled, require authorization only for the specified host. If disabled, ignore hostname in the HTTP request header and require authorization for requests with any Host header. Disabled by default. |
host |
The host option is available if host-status is enabled. Specify the HTTP Host header. If Host Status is enabled, the policy matches only if the Host header matches this value. Complete, exact matching is required. For example, |
request-url |
The literal URL, such as /index.php , or a regular expression, such as ^/*.php that the HTTP request must contain in order to match the rule. Multiple URLs are supported.
|
Example
config security waf biometrics-based-detection
edit "Test"
set ignore-js-check disable
set monitor-client-events click
set event-collection-time 10
set bot-effective-time 1
set js-request-url /fadc_client/default_index.js
set action deny
set severity low
set exception IP_exception
config url-list
edit 1
set host-status disable
set request-url .*
next
end
next
end