Fortinet white logo
Fortinet white logo

CLI Reference

config waf profile

config waf profile

Web application firewall configuration.

config waf profile
    Description: Web application firewall configuration.
    edit <name>
        config address-list
            Description: Black address list and white address list.
            set status [enable|disable]
            set blocked-log [enable|disable]
            set severity [high|medium|...]
            set trusted-address <name1>, <name2>, ...
            set blocked-address <name1>, <name2>, ...
        end
        set comment {var-string}
        config constraint
            Description: WAF HTTP protocol restrictions.
            config header-length
                Description: HTTP header length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config content-length
                Description: HTTP content length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config param-length
                Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config line-length
                Description: HTTP line length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config url-param-length
                Description: Maximum length of parameter in URL.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config version
                Description: Enable/disable HTTP version check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config method
                Description: Enable/disable HTTP method check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config hostname
                Description: Enable/disable hostname check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config malformed
                Description: Enable/disable malformed HTTP request check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-cookie
                Description: Maximum number of cookies in HTTP request.
                set status [enable|disable]
                set max-cookie {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-header-line
                Description: Maximum number of HTTP header line.
                set status [enable|disable]
                set max-header-line {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-url-param
                Description: Maximum number of parameters in URL.
                set status [enable|disable]
                set max-url-param {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-range-segment
                Description: Maximum number of range segments in HTTP range line.
                set status [enable|disable]
                set max-range-segment {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config exception
                Description: HTTP constraint exception.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set header-length [enable|disable]
                    set content-length [enable|disable]
                    set param-length [enable|disable]
                    set line-length [enable|disable]
                    set url-param-length [enable|disable]
                    set version [enable|disable]
                    set method [enable|disable]
                    set hostname [enable|disable]
                    set malformed [enable|disable]
                    set max-cookie [enable|disable]
                    set max-header-line [enable|disable]
                    set max-url-param [enable|disable]
                    set max-range-segment [enable|disable]
                next
            end
        end
        set extended-log [enable|disable]
        set external [disable|enable]
        config method
            Description: Method restriction.
            set status [enable|disable]
            set log [enable|disable]
            set severity [high|medium|...]
            set default-allowed-methods {option1}, {option2}, ...
            config method-policy
                Description: HTTP method policy.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set allowed-methods {option1}, {option2}, ...
                next
            end
        end
        config signature
            Description: WAF signatures.
            config main-class
                Description: Main signature class.
                edit <id>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                next
            end
            set disabled-sub-class <id1>, <id2>, ...
            set disabled-signature <id1>, <id2>, ...
            set credit-card-detection-threshold {integer}
            config custom-signature
                Description: Custom signature.
                edit <name>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                    set direction [request|response]
                    set case-sensitivity [disable|enable]
                    set pattern {string}
                    set target {option1}, {option2}, ...
                next
            end
        end
        config url-access
            Description: URL access list
            edit <id>
                set address {string}
                set action [bypass|permit|...]
                set log [enable|disable]
                set severity [high|medium|...]
                config access-pattern
                    Description: URL access pattern.
                    edit <id>
                        set srcaddr {string}
                        set pattern {string}
                        set regex [enable|disable]
                        set negate [enable|disable]
                    next
                end
            next
        end
    next
end

config waf profile

Parameter

Description

Type

Size

comment

Comment.

var-string

Maximum length: 1023

extended-log

Enable/disable extended logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

external

Disable/Enable external HTTP Inspection.

option

-

Option

Description

disable

Disable external inspection.

enable

Enable external inspection.

name

WAF Profile name.

string

Maximum length: 35

config address-list

Parameter

Description

Type

Size

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

blocked-log

Enable/disable logging on blocked addresses.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

trusted-address <name>

Trusted address.

Address name.

string

Maximum length: 79

blocked-address <name>

Blocked address.

Address name.

string

Maximum length: 79

config header-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP header in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config content-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP content in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config param-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config line-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP line in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config url-param-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of URL parameter in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config version

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity

medium

medium severity

low

low severity

default-allowed-methods

Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config hostname

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config malformed

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-cookie

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-cookie

Maximum number of cookies in HTTP request (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-header-line

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-header-line

Maximum number HTTP header lines (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-url-param

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-url-param

Maximum number of parameters in URL (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-range-segment

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config exception

Parameter

Description

Type

Size

id

Exception ID.

integer

Minimum value: 0 Maximum value: 4294967295

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

address

Host address.

string

Maximum length: 79

header-length

HTTP header length in request.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

content-length

HTTP content length in request.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

param-length

Maximum length of parameter in URL, HTTP POST request or HTTP body.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

line-length

HTTP line length in request.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

url-param-length

Maximum length of parameter in URL.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

version

Enable/disable HTTP version check.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

method

Enable/disable HTTP method check.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

hostname

Enable/disable hostname check.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

malformed

Enable/disable malformed HTTP request check.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-cookie

Maximum number of cookies in HTTP request.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-header-line

Maximum number of HTTP header line.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-url-param

Maximum number of parameters in URL.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

config method

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity

medium

medium severity

low

low severity

default-allowed-methods

Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config method-policy

Parameter

Description

Type

Size

id

HTTP method policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

address

Host address.

string

Maximum length: 79

allowed-methods

Allowed Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config signature

Parameter

Description

Type

Size

disabled-sub-class <id>

Disabled signature subclasses.

Signature subclass ID.

integer

Minimum value: 0 Maximum value: 4294967295

disabled-signature <id>

Disabled signatures

Signature ID.

integer

Minimum value: 0 Maximum value: 4294967295

credit-card-detection-threshold

The minimum number of Credit cards to detect violation.

integer

Minimum value: 0 Maximum value: 128

config main-class

Parameter

Description

Type

Size

id

Main signature class ID.

integer

Minimum value: 0 Maximum value: 4294967295

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config custom-signature

Parameter

Description

Type

Size

name

Signature name.

string

Maximum length: 35

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

direction

Traffic direction.

option

-

Option

Description

request

Match HTTP request.

response

Match HTTP response.

case-sensitivity

Case sensitivity in pattern.

option

-

Option

Description

disable

Case insensitive in pattern.

enable

Case sensitive in pattern.

pattern

Match pattern.

string

Maximum length: 511

target

Match HTTP target.

option

-

Option

Description

arg

HTTP arguments.

arg-name

Names of HTTP arguments.

req-body

HTTP request body.

req-cookie

HTTP request cookies.

req-cookie-name

HTTP request cookie names.

req-filename

HTTP request file name.

req-header

HTTP request headers.

req-header-name

HTTP request header names.

req-raw-uri

Raw URI of HTTP request.

req-uri

URI of HTTP request.

resp-body

HTTP response body.

resp-hdr

HTTP response headers.

resp-status

HTTP response status.

config url-access

Parameter

Description

Type

Size

id

URL access ID.

integer

Minimum value: 0 Maximum value: 4294967295

address

Host address.

string

Maximum length: 79

action

Action.

option

-

Option

Description

bypass

Allow the HTTP request, also bypass further WAF scanning.

permit

Allow the HTTP request, and continue further WAF scanning.

block

Block HTTP request.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config access-pattern

Parameter

Description

Type

Size

id

URL access pattern ID.

integer

Minimum value: 0 Maximum value: 4294967295

srcaddr

Source address.

string

Maximum length: 79

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

negate

Enable/disable match negation.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

config waf profile

config waf profile

Web application firewall configuration.

config waf profile
    Description: Web application firewall configuration.
    edit <name>
        config address-list
            Description: Black address list and white address list.
            set status [enable|disable]
            set blocked-log [enable|disable]
            set severity [high|medium|...]
            set trusted-address <name1>, <name2>, ...
            set blocked-address <name1>, <name2>, ...
        end
        set comment {var-string}
        config constraint
            Description: WAF HTTP protocol restrictions.
            config header-length
                Description: HTTP header length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config content-length
                Description: HTTP content length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config param-length
                Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config line-length
                Description: HTTP line length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config url-param-length
                Description: Maximum length of parameter in URL.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config version
                Description: Enable/disable HTTP version check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config method
                Description: Enable/disable HTTP method check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config hostname
                Description: Enable/disable hostname check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config malformed
                Description: Enable/disable malformed HTTP request check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-cookie
                Description: Maximum number of cookies in HTTP request.
                set status [enable|disable]
                set max-cookie {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-header-line
                Description: Maximum number of HTTP header line.
                set status [enable|disable]
                set max-header-line {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-url-param
                Description: Maximum number of parameters in URL.
                set status [enable|disable]
                set max-url-param {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-range-segment
                Description: Maximum number of range segments in HTTP range line.
                set status [enable|disable]
                set max-range-segment {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config exception
                Description: HTTP constraint exception.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set header-length [enable|disable]
                    set content-length [enable|disable]
                    set param-length [enable|disable]
                    set line-length [enable|disable]
                    set url-param-length [enable|disable]
                    set version [enable|disable]
                    set method [enable|disable]
                    set hostname [enable|disable]
                    set malformed [enable|disable]
                    set max-cookie [enable|disable]
                    set max-header-line [enable|disable]
                    set max-url-param [enable|disable]
                    set max-range-segment [enable|disable]
                next
            end
        end
        set extended-log [enable|disable]
        set external [disable|enable]
        config method
            Description: Method restriction.
            set status [enable|disable]
            set log [enable|disable]
            set severity [high|medium|...]
            set default-allowed-methods {option1}, {option2}, ...
            config method-policy
                Description: HTTP method policy.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set allowed-methods {option1}, {option2}, ...
                next
            end
        end
        config signature
            Description: WAF signatures.
            config main-class
                Description: Main signature class.
                edit <id>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                next
            end
            set disabled-sub-class <id1>, <id2>, ...
            set disabled-signature <id1>, <id2>, ...
            set credit-card-detection-threshold {integer}
            config custom-signature
                Description: Custom signature.
                edit <name>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                    set direction [request|response]
                    set case-sensitivity [disable|enable]
                    set pattern {string}
                    set target {option1}, {option2}, ...
                next
            end
        end
        config url-access
            Description: URL access list
            edit <id>
                set address {string}
                set action [bypass|permit|...]
                set log [enable|disable]
                set severity [high|medium|...]
                config access-pattern
                    Description: URL access pattern.
                    edit <id>
                        set srcaddr {string}
                        set pattern {string}
                        set regex [enable|disable]
                        set negate [enable|disable]
                    next
                end
            next
        end
    next
end

config waf profile

Parameter

Description

Type

Size

comment

Comment.

var-string

Maximum length: 1023

extended-log

Enable/disable extended logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

external

Disable/Enable external HTTP Inspection.

option

-

Option

Description

disable

Disable external inspection.

enable

Enable external inspection.

name

WAF Profile name.

string

Maximum length: 35

config address-list

Parameter

Description

Type

Size

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

blocked-log

Enable/disable logging on blocked addresses.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

trusted-address <name>

Trusted address.

Address name.

string

Maximum length: 79

blocked-address <name>

Blocked address.

Address name.

string

Maximum length: 79

config header-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP header in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config content-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP content in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config param-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config line-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP line in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config url-param-length

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of URL parameter in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config version

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity

medium

medium severity

low

low severity

default-allowed-methods

Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config hostname

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config malformed

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-cookie

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-cookie

Maximum number of cookies in HTTP request (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-header-line

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-header-line

Maximum number HTTP header lines (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-url-param

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-url-param

Maximum number of parameters in URL (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-range-segment

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config exception

Parameter

Description

Type

Size

id

Exception ID.

integer

Minimum value: 0 Maximum value: 4294967295

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

address

Host address.

string

Maximum length: 79

header-length

HTTP header length in request.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

content-length

HTTP content length in request.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

param-length

Maximum length of parameter in URL, HTTP POST request or HTTP body.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

line-length

HTTP line length in request.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

url-param-length

Maximum length of parameter in URL.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

version

Enable/disable HTTP version check.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

method

Enable/disable HTTP method check.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

hostname

Enable/disable hostname check.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

malformed

Enable/disable malformed HTTP request check.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-cookie

Maximum number of cookies in HTTP request.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-header-line

Maximum number of HTTP header line.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-url-param

Maximum number of parameters in URL.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

config method

Parameter

Description

Type

Size

status

Enable/disable the constraint.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity

medium

medium severity

low

low severity

default-allowed-methods

Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config method-policy

Parameter

Description

Type

Size

id

HTTP method policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

address

Host address.

string

Maximum length: 79

allowed-methods

Allowed Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config signature

Parameter

Description

Type

Size

disabled-sub-class <id>

Disabled signature subclasses.

Signature subclass ID.

integer

Minimum value: 0 Maximum value: 4294967295

disabled-signature <id>

Disabled signatures

Signature ID.

integer

Minimum value: 0 Maximum value: 4294967295

credit-card-detection-threshold

The minimum number of Credit cards to detect violation.

integer

Minimum value: 0 Maximum value: 128

config main-class

Parameter

Description

Type

Size

id

Main signature class ID.

integer

Minimum value: 0 Maximum value: 4294967295

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config custom-signature

Parameter

Description

Type

Size

name

Signature name.

string

Maximum length: 35

status

Status.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

direction

Traffic direction.

option

-

Option

Description

request

Match HTTP request.

response

Match HTTP response.

case-sensitivity

Case sensitivity in pattern.

option

-

Option

Description

disable

Case insensitive in pattern.

enable

Case sensitive in pattern.

pattern

Match pattern.

string

Maximum length: 511

target

Match HTTP target.

option

-

Option

Description

arg

HTTP arguments.

arg-name

Names of HTTP arguments.

req-body

HTTP request body.

req-cookie

HTTP request cookies.

req-cookie-name

HTTP request cookie names.

req-filename

HTTP request file name.

req-header

HTTP request headers.

req-header-name

HTTP request header names.

req-raw-uri

Raw URI of HTTP request.

req-uri

URI of HTTP request.

resp-body

HTTP response body.

resp-hdr

HTTP response headers.

resp-status

HTTP response status.

config url-access

Parameter

Description

Type

Size

id

URL access ID.

integer

Minimum value: 0 Maximum value: 4294967295

address

Host address.

string

Maximum length: 79

action

Action.

option

-

Option

Description

bypass

Allow the HTTP request, also bypass further WAF scanning.

permit

Allow the HTTP request, and continue further WAF scanning.

block

Block HTTP request.

log

Enable/disable logging.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config access-pattern

Parameter

Description

Type

Size

id

URL access pattern ID.

integer

Minimum value: 0 Maximum value: 4294967295

srcaddr

Source address.

string

Maximum length: 79

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.

negate

Enable/disable match negation.

option

-

Option

Description

enable

Enable setting.

disable

Disable setting.