Fortinet black logo

CLI Reference

waf profile

Web application firewall configuration.

  config waf profile
      Description: Web application firewall configuration.
      edit <name>
          set external [disable|enable]
          set extended-log [enable|disable]
          config signature
              Description: WAF signatures.
              config main-class
                  Description: Main signature class.
                  edit <id>
                      set status [enable|disable]
                      set action [allow|block|...]
                      set log [enable|disable]
                      set severity [high|medium|...]
                  next
              end
              set disabled-sub-class <id1>, <id2>, ...
              set disabled-signature <id1>, <id2>, ...
              set credit-card-detection-threshold {integer}
              config custom-signature
                  Description: Custom signature.
                  edit <name>
                      set status [enable|disable]
                      set action [allow|block|...]
                      set log [enable|disable]
                      set severity [high|medium|...]
                      set direction [request|response]
                      set case-sensitivity [disable|enable]
                      set pattern {string}
                      set target {option1}, {option2}, ...
                  next
              end
          end
          config constraint
              Description: WAF HTTP protocol restrictions.
              config header-length
                  Description: HTTP header length in request.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config content-length
                  Description: HTTP content length in request.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config param-length
                  Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config line-length
                  Description: HTTP line length in request.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config url-param-length
                  Description: Maximum length of parameter in URL.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config version
                  Description: Enable/disable HTTP version check.
                  set status [enable|disable]
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config method
                  Description: Enable/disable HTTP method check.
                  set status [enable|disable]
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config hostname
                  Description: Enable/disable hostname check.
                  set status [enable|disable]
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config malformed
                  Description: Enable/disable malformed HTTP request check.
                  set status [enable|disable]
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config max-cookie
                  Description: Maximum number of cookies in HTTP request.
                  set status [enable|disable]
                  set max-cookie {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config max-header-line
                  Description: Maximum number of HTTP header line.
                  set status [enable|disable]
                  set max-header-line {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config max-url-param
                  Description: Maximum number of parameters in URL.
                  set status [enable|disable]
                  set max-url-param {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config max-range-segment
                  Description: Maximum number of range segments in HTTP range line.
                  set status [enable|disable]
                  set max-range-segment {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config exception
                  Description: HTTP constraint exception.
                  edit <id>
                      set pattern {string}
                      set regex [enable|disable]
                      set address {string}
                      set header-length [enable|disable]
                      set content-length [enable|disable]
                      set param-length [enable|disable]
                      set line-length [enable|disable]
                      set url-param-length [enable|disable]
                      set version [enable|disable]
                      set method [enable|disable]
                      set hostname [enable|disable]
                      set malformed [enable|disable]
                      set max-cookie [enable|disable]
                      set max-header-line [enable|disable]
                      set max-url-param [enable|disable]
                      set max-range-segment [enable|disable]
                  next
              end
          end
          config method
              Description: Method restriction.
              set status [enable|disable]
              set log [enable|disable]
              set severity [high|medium|...]
              set default-allowed-methods {option1}, {option2}, ...
              config method-policy
                  Description: HTTP method policy.
                  edit <id>
                      set pattern {string}
                      set regex [enable|disable]
                      set address {string}
                      set allowed-methods {option1}, {option2}, ...
                  next
              end
          end
          config address-list
              Description: Black address list and white address list.
              set status [enable|disable]
              set blocked-log [enable|disable]
              set severity [high|medium|...]
              set trusted-address <name1>, <name2>, ...
              set blocked-address <name1>, <name2>, ...
          end
          config url-access
              Description: URL access list
              edit <id>
                  set address {string}
                  set action [bypass|permit|...]
                  set log [enable|disable]
                  set severity [high|medium|...]
                  config access-pattern
                      Description: URL access pattern.
                      edit <id>
                          set srcaddr {string}
                          set pattern {string}
                          set regex [enable|disable]
                          set negate [enable|disable]
                      next
                  end
              next
          end
          set comment {var-string}
      next
  end

config waf profile

Parameter Name Description Type Size
external Disable/Enable external HTTP Inspection.
disable: Disable external inspection.
enable: Enable external inspection.
option -
extended-log Enable/disable extended logging.
enable: Enable setting.
disable: Disable setting.
option -
comment Comment. var-string Maximum length: 1023

config signature

Parameter Name Description Type Size
disabled-sub-class <id> Disabled signature subclasses.
Signature subclass ID.
integer Minimum value: 0 Maximum value: 4294967295
disabled-signature <id> Disabled signatures
Signature ID.
integer Minimum value: 0 Maximum value: 4294967295
credit-card-detection-threshold The minimum number of Credit cards to detect violation. integer Minimum value: 0 Maximum value: 128

config main-class

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
erase: Erase credit card numbers.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config custom-signature

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
erase: Erase credit card numbers.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -
direction Traffic direction.
request: Match HTTP request.
response: Match HTTP response.
option -
case-sensitivity Case sensitivity in pattern.
disable: Case insensitive in pattern.
enable: Case sensitive in pattern.
option -
pattern Match pattern. string Maximum length: 511
target Match HTTP target.
arg: HTTP arguments.
arg-name: Names of HTTP arguments.
req-body: HTTP request body.
req-cookie: HTTP request cookies.
req-cookie-name: HTTP request cookie names.
req-filename: HTTP request file name.
req-header: HTTP request headers.
req-header-name: HTTP request header names.
req-raw-uri: Raw URI of HTTP request.
req-uri: URI of HTTP request.
resp-body: HTTP response body.
resp-hdr: HTTP response headers.
resp-status: HTTP response status.
option -

config header-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Length of HTTP header in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config content-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Length of HTTP content in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config param-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config line-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Length of HTTP line in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config url-param-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Maximum length of URL parameter in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config version

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config method

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config method

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity
medium: medium severity
low: low severity
option -
default-allowed-methods Methods.
get: HTTP GET method.
post: HTTP POST method.
put: HTTP PUT method.
head: HTTP HEAD method.
connect: HTTP CONNECT method.
trace: HTTP TRACE method.
options: HTTP OPTIONS method.
delete: HTTP DELETE method.
others: Other HTTP methods.
option -

config hostname

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config malformed

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config max-cookie

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
max-cookie Maximum number of cookies in HTTP request (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config max-header-line

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
max-header-line Maximum number HTTP header lines (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config max-url-param

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
max-url-param Maximum number of parameters in URL (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config max-range-segment

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
max-range-segment Maximum number of range segments in HTTP range line (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config exception

Parameter Name Description Type Size
pattern URL pattern. string Maximum length: 511
regex Enable/disable regular expression based pattern match.
enable: Enable setting.
disable: Disable setting.
option -
address Host address. string Maximum length: 79
header-length HTTP header length in request.
enable: Enable setting.
disable: Disable setting.
option -
content-length HTTP content length in request.
enable: Enable setting.
disable: Disable setting.
option -
param-length Maximum length of parameter in URL, HTTP POST request or HTTP body.
enable: Enable setting.
disable: Disable setting.
option -
line-length HTTP line length in request.
enable: Enable setting.
disable: Disable setting.
option -
url-param-length Maximum length of parameter in URL.
enable: Enable setting.
disable: Disable setting.
option -
version Enable/disable HTTP version check.
enable: Enable setting.
disable: Disable setting.
option -
method Enable/disable HTTP method check.
enable: Enable setting.
disable: Disable setting.
option -
hostname Enable/disable hostname check.
enable: Enable setting.
disable: Disable setting.
option -
malformed Enable/disable malformed HTTP request check.
enable: Enable setting.
disable: Disable setting.
option -
max-cookie Maximum number of cookies in HTTP request.
enable: Enable setting.
disable: Disable setting.
option -
max-header-line Maximum number of HTTP header line.
enable: Enable setting.
disable: Disable setting.
option -
max-url-param Maximum number of parameters in URL.
enable: Enable setting.
disable: Disable setting.
option -
max-range-segment Maximum number of range segments in HTTP range line.
enable: Enable setting.
disable: Disable setting.
option -

config method

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config method

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity
medium: medium severity
low: low severity
option -
default-allowed-methods Methods.
get: HTTP GET method.
post: HTTP POST method.
put: HTTP PUT method.
head: HTTP HEAD method.
connect: HTTP CONNECT method.
trace: HTTP TRACE method.
options: HTTP OPTIONS method.
delete: HTTP DELETE method.
others: Other HTTP methods.
option -

config method-policy

Parameter Name Description Type Size
pattern URL pattern. string Maximum length: 511
regex Enable/disable regular expression based pattern match.
enable: Enable setting.
disable: Disable setting.
option -
address Host address. string Maximum length: 79
allowed-methods Allowed Methods.
get: HTTP GET method.
post: HTTP POST method.
put: HTTP PUT method.
head: HTTP HEAD method.
connect: HTTP CONNECT method.
trace: HTTP TRACE method.
options: HTTP OPTIONS method.
delete: HTTP DELETE method.
others: Other HTTP methods.
option -

config address-list

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
blocked-log Enable/disable logging on blocked addresses.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -
trusted-address <name> Trusted address.
Address name.
string Maximum length: 79
blocked-address <name> Blocked address.
Address name.
string Maximum length: 79

config url-access

Parameter Name Description Type Size
address Host address. string Maximum length: 79
action Action.
bypass: Allow the HTTP request, also bypass further WAF scanning.
permit: Allow the HTTP request, and continue further WAF scanning.
block: Block HTTP request.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config access-pattern

Parameter Name Description Type Size
srcaddr Source address. string Maximum length: 79
pattern URL pattern. string Maximum length: 511
regex Enable/disable regular expression based pattern match.
enable: Enable setting.
disable: Disable setting.
option -
negate Enable/disable match negation.
enable: Enable setting.
disable: Disable setting.
option -

Web application firewall configuration.

  config waf profile
      Description: Web application firewall configuration.
      edit <name>
          set external [disable|enable]
          set extended-log [enable|disable]
          config signature
              Description: WAF signatures.
              config main-class
                  Description: Main signature class.
                  edit <id>
                      set status [enable|disable]
                      set action [allow|block|...]
                      set log [enable|disable]
                      set severity [high|medium|...]
                  next
              end
              set disabled-sub-class <id1>, <id2>, ...
              set disabled-signature <id1>, <id2>, ...
              set credit-card-detection-threshold {integer}
              config custom-signature
                  Description: Custom signature.
                  edit <name>
                      set status [enable|disable]
                      set action [allow|block|...]
                      set log [enable|disable]
                      set severity [high|medium|...]
                      set direction [request|response]
                      set case-sensitivity [disable|enable]
                      set pattern {string}
                      set target {option1}, {option2}, ...
                  next
              end
          end
          config constraint
              Description: WAF HTTP protocol restrictions.
              config header-length
                  Description: HTTP header length in request.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config content-length
                  Description: HTTP content length in request.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config param-length
                  Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config line-length
                  Description: HTTP line length in request.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config url-param-length
                  Description: Maximum length of parameter in URL.
                  set status [enable|disable]
                  set length {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config version
                  Description: Enable/disable HTTP version check.
                  set status [enable|disable]
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config method
                  Description: Enable/disable HTTP method check.
                  set status [enable|disable]
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config hostname
                  Description: Enable/disable hostname check.
                  set status [enable|disable]
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config malformed
                  Description: Enable/disable malformed HTTP request check.
                  set status [enable|disable]
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config max-cookie
                  Description: Maximum number of cookies in HTTP request.
                  set status [enable|disable]
                  set max-cookie {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config max-header-line
                  Description: Maximum number of HTTP header line.
                  set status [enable|disable]
                  set max-header-line {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config max-url-param
                  Description: Maximum number of parameters in URL.
                  set status [enable|disable]
                  set max-url-param {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config max-range-segment
                  Description: Maximum number of range segments in HTTP range line.
                  set status [enable|disable]
                  set max-range-segment {integer}
                  set action [allow|block]
                  set log [enable|disable]
                  set severity [high|medium|...]
              end
              config exception
                  Description: HTTP constraint exception.
                  edit <id>
                      set pattern {string}
                      set regex [enable|disable]
                      set address {string}
                      set header-length [enable|disable]
                      set content-length [enable|disable]
                      set param-length [enable|disable]
                      set line-length [enable|disable]
                      set url-param-length [enable|disable]
                      set version [enable|disable]
                      set method [enable|disable]
                      set hostname [enable|disable]
                      set malformed [enable|disable]
                      set max-cookie [enable|disable]
                      set max-header-line [enable|disable]
                      set max-url-param [enable|disable]
                      set max-range-segment [enable|disable]
                  next
              end
          end
          config method
              Description: Method restriction.
              set status [enable|disable]
              set log [enable|disable]
              set severity [high|medium|...]
              set default-allowed-methods {option1}, {option2}, ...
              config method-policy
                  Description: HTTP method policy.
                  edit <id>
                      set pattern {string}
                      set regex [enable|disable]
                      set address {string}
                      set allowed-methods {option1}, {option2}, ...
                  next
              end
          end
          config address-list
              Description: Black address list and white address list.
              set status [enable|disable]
              set blocked-log [enable|disable]
              set severity [high|medium|...]
              set trusted-address <name1>, <name2>, ...
              set blocked-address <name1>, <name2>, ...
          end
          config url-access
              Description: URL access list
              edit <id>
                  set address {string}
                  set action [bypass|permit|...]
                  set log [enable|disable]
                  set severity [high|medium|...]
                  config access-pattern
                      Description: URL access pattern.
                      edit <id>
                          set srcaddr {string}
                          set pattern {string}
                          set regex [enable|disable]
                          set negate [enable|disable]
                      next
                  end
              next
          end
          set comment {var-string}
      next
  end

config waf profile

Parameter Name Description Type Size
external Disable/Enable external HTTP Inspection.
disable: Disable external inspection.
enable: Enable external inspection.
option -
extended-log Enable/disable extended logging.
enable: Enable setting.
disable: Disable setting.
option -
comment Comment. var-string Maximum length: 1023

config signature

Parameter Name Description Type Size
disabled-sub-class <id> Disabled signature subclasses.
Signature subclass ID.
integer Minimum value: 0 Maximum value: 4294967295
disabled-signature <id> Disabled signatures
Signature ID.
integer Minimum value: 0 Maximum value: 4294967295
credit-card-detection-threshold The minimum number of Credit cards to detect violation. integer Minimum value: 0 Maximum value: 128

config main-class

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
erase: Erase credit card numbers.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config custom-signature

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
erase: Erase credit card numbers.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -
direction Traffic direction.
request: Match HTTP request.
response: Match HTTP response.
option -
case-sensitivity Case sensitivity in pattern.
disable: Case insensitive in pattern.
enable: Case sensitive in pattern.
option -
pattern Match pattern. string Maximum length: 511
target Match HTTP target.
arg: HTTP arguments.
arg-name: Names of HTTP arguments.
req-body: HTTP request body.
req-cookie: HTTP request cookies.
req-cookie-name: HTTP request cookie names.
req-filename: HTTP request file name.
req-header: HTTP request headers.
req-header-name: HTTP request header names.
req-raw-uri: Raw URI of HTTP request.
req-uri: URI of HTTP request.
resp-body: HTTP response body.
resp-hdr: HTTP response headers.
resp-status: HTTP response status.
option -

config header-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Length of HTTP header in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config content-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Length of HTTP content in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config param-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config line-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Length of HTTP line in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config url-param-length

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
length Maximum length of URL parameter in bytes (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config version

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config method

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config method

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity
medium: medium severity
low: low severity
option -
default-allowed-methods Methods.
get: HTTP GET method.
post: HTTP POST method.
put: HTTP PUT method.
head: HTTP HEAD method.
connect: HTTP CONNECT method.
trace: HTTP TRACE method.
options: HTTP OPTIONS method.
delete: HTTP DELETE method.
others: Other HTTP methods.
option -

config hostname

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config malformed

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config max-cookie

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
max-cookie Maximum number of cookies in HTTP request (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config max-header-line

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
max-header-line Maximum number HTTP header lines (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config max-url-param

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
max-url-param Maximum number of parameters in URL (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config max-range-segment

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
max-range-segment Maximum number of range segments in HTTP range line (0 to 2147483647). integer Minimum value: 0 Maximum value: 2147483647
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config exception

Parameter Name Description Type Size
pattern URL pattern. string Maximum length: 511
regex Enable/disable regular expression based pattern match.
enable: Enable setting.
disable: Disable setting.
option -
address Host address. string Maximum length: 79
header-length HTTP header length in request.
enable: Enable setting.
disable: Disable setting.
option -
content-length HTTP content length in request.
enable: Enable setting.
disable: Disable setting.
option -
param-length Maximum length of parameter in URL, HTTP POST request or HTTP body.
enable: Enable setting.
disable: Disable setting.
option -
line-length HTTP line length in request.
enable: Enable setting.
disable: Disable setting.
option -
url-param-length Maximum length of parameter in URL.
enable: Enable setting.
disable: Disable setting.
option -
version Enable/disable HTTP version check.
enable: Enable setting.
disable: Disable setting.
option -
method Enable/disable HTTP method check.
enable: Enable setting.
disable: Disable setting.
option -
hostname Enable/disable hostname check.
enable: Enable setting.
disable: Disable setting.
option -
malformed Enable/disable malformed HTTP request check.
enable: Enable setting.
disable: Disable setting.
option -
max-cookie Maximum number of cookies in HTTP request.
enable: Enable setting.
disable: Disable setting.
option -
max-header-line Maximum number of HTTP header line.
enable: Enable setting.
disable: Disable setting.
option -
max-url-param Maximum number of parameters in URL.
enable: Enable setting.
disable: Disable setting.
option -
max-range-segment Maximum number of range segments in HTTP range line.
enable: Enable setting.
disable: Disable setting.
option -

config method

Parameter Name Description Type Size
status Enable/disable the constraint.
enable: Enable setting.
disable: Disable setting.
option -
action Action.
allow: Allow.
block: Block.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config method

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity
medium: medium severity
low: low severity
option -
default-allowed-methods Methods.
get: HTTP GET method.
post: HTTP POST method.
put: HTTP PUT method.
head: HTTP HEAD method.
connect: HTTP CONNECT method.
trace: HTTP TRACE method.
options: HTTP OPTIONS method.
delete: HTTP DELETE method.
others: Other HTTP methods.
option -

config method-policy

Parameter Name Description Type Size
pattern URL pattern. string Maximum length: 511
regex Enable/disable regular expression based pattern match.
enable: Enable setting.
disable: Disable setting.
option -
address Host address. string Maximum length: 79
allowed-methods Allowed Methods.
get: HTTP GET method.
post: HTTP POST method.
put: HTTP PUT method.
head: HTTP HEAD method.
connect: HTTP CONNECT method.
trace: HTTP TRACE method.
options: HTTP OPTIONS method.
delete: HTTP DELETE method.
others: Other HTTP methods.
option -

config address-list

Parameter Name Description Type Size
status Status.
enable: Enable setting.
disable: Disable setting.
option -
blocked-log Enable/disable logging on blocked addresses.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -
trusted-address <name> Trusted address.
Address name.
string Maximum length: 79
blocked-address <name> Blocked address.
Address name.
string Maximum length: 79

config url-access

Parameter Name Description Type Size
address Host address. string Maximum length: 79
action Action.
bypass: Allow the HTTP request, also bypass further WAF scanning.
permit: Allow the HTTP request, and continue further WAF scanning.
block: Block HTTP request.
option -
log Enable/disable logging.
enable: Enable setting.
disable: Disable setting.
option -
severity Severity.
high: High severity.
medium: Medium severity.
low: Low severity.
option -

config access-pattern

Parameter Name Description Type Size
srcaddr Source address. string Maximum length: 79
pattern URL pattern. string Maximum length: 511
regex Enable/disable regular expression based pattern match.
enable: Enable setting.
disable: Disable setting.
option -
negate Enable/disable match negation.
enable: Enable setting.
disable: Disable setting.
option -