config waf profile

Web application firewall configuration.

config waf profile

Description: Web application firewall configuration.

edit <name>

set external [disable|enable]

set extended-log [enable|disable]

config signature

Description: WAF signatures.

config main-class

Description: Main signature class.

edit <id>

set status [enable|disable]

set action [allow|block|...]

set log [enable|disable]

set severity [high|medium|...]

next

end

set disabled-sub-class <id1>, <id2>, ...

set disabled-signature <id1>, <id2>, ...

set credit-card-detection-threshold {integer}

config custom-signature

Description: Custom signature.

edit <name>

set status [enable|disable]

set action [allow|block|...]

set log [enable|disable]

set severity [high|medium|...]

set direction [request|response]

set case-sensitivity [disable|enable]

set pattern {string}

set target {option1}, {option2}, ...

next

end

end

config constraint

Description: WAF HTTP protocol restrictions.

config header-length

Description: HTTP header length in request.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config content-length

Description: HTTP content length in request.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config param-length

Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config line-length

Description: HTTP line length in request.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config url-param-length

Description: Maximum length of parameter in URL.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config version

Description: Enable/disable HTTP version check.

set status [enable|disable]

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config method

Description: Enable/disable HTTP method check.

set status [enable|disable]

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config hostname

Description: Enable/disable hostname check.

set status [enable|disable]

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config malformed

Description: Enable/disable malformed HTTP request check.

set status [enable|disable]

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config max-cookie

Description: Maximum number of cookies in HTTP request.

set status [enable|disable]

set max-cookie {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config max-header-line

Description: Maximum number of HTTP header line.

set status [enable|disable]

set max-header-line {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config max-url-param

Description: Maximum number of parameters in URL.

set status [enable|disable]

set max-url-param {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config max-range-segment

Description: Maximum number of range segments in HTTP range line.

set status [enable|disable]

set max-range-segment {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config exception

Description: HTTP constraint exception.

edit <id>

set pattern {string}

set regex [enable|disable]

set address {string}

set header-length [enable|disable]

set content-length [enable|disable]

set param-length [enable|disable]

set line-length [enable|disable]

set url-param-length [enable|disable]

set version [enable|disable]

set method [enable|disable]

set hostname [enable|disable]

set malformed [enable|disable]

set max-cookie [enable|disable]

set max-header-line [enable|disable]

set max-url-param [enable|disable]

set max-range-segment [enable|disable]

next

end

end

config method

Description: Method restriction.

set status [enable|disable]

set log [enable|disable]

set severity [high|medium|...]

set default-allowed-methods {option1}, {option2}, ...

config method-policy

Description: HTTP method policy.

edit <id>

set pattern {string}

set regex [enable|disable]

set address {string}

set allowed-methods {option1}, {option2}, ...

next

end

end

config address-list

Description: Black address list and white address list.

set status [enable|disable]

set blocked-log [enable|disable]

set severity [high|medium|...]

set trusted-address <name1>, <name2>, ...

set blocked-address <name1>, <name2>, ...

end

config url-access

Description: URL access list

edit <id>

set address {string}

set action [bypass|permit|...]

set log [enable|disable]

set severity [high|medium|...]

config access-pattern

Description: URL access pattern.

edit <id>

set srcaddr {string}

set pattern {string}

set regex [enable|disable]

set negate [enable|disable]

next

end

next

end

set comment {var-string}

next

end

config waf profile

Parameter name

Description

Type

Size

external

Disable/Enable external HTTP Inspection.

option

-

 

Option

Description

disable

Disable external inspection.

enable

Enable external inspection.

extended-log

Enable/disable extended logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

comment

Comment.

var-string

Maximum length: 1023

config signature

Parameter name

Description

Type

Size

disabled-sub-class <id>

Disabled signature subclasses.

Signature subclass ID.

integer

Minimum value: 0 Maximum value: 4294967295

disabled-signature <id>

Disabled signatures

Signature ID.

integer

Minimum value: 0 Maximum value: 4294967295

credit-card-detection-threshold

The minimum number of Credit cards to detect violation.

integer

Minimum value: 0 Maximum value: 128

config main-class

Parameter name

Description

Type

Size

status

Status.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config custom-signature

Parameter name

Description

Type

Size

status

Status.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

direction

Traffic direction.

option

-

 

Option

Description

request

Match HTTP request.

response

Match HTTP response.

case-sensitivity

Case sensitivity in pattern.

option

-

 

Option

Description

disable

Case insensitive in pattern.

enable

Case sensitive in pattern.

pattern

Match pattern.

string

Maximum length: 511

target

Match HTTP target.

option

-

 

Option

Description

arg

HTTP arguments.

arg-name

Names of HTTP arguments.

req-body

HTTP request body.

req-cookie

HTTP request cookies.

req-cookie-name

HTTP request cookie names.

req-filename

HTTP request file name.

req-header

HTTP request headers.

req-header-name

HTTP request header names.

req-raw-uri

Raw URI of HTTP request.

req-uri

URI of HTTP request.

resp-body

HTTP response body.

resp-hdr

HTTP response headers.

resp-status

HTTP response status.

config header-length

Parameter name

Description

Type

Size

status

Enable/disable the constraint.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP header in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config content-length

Parameter name

Description

Type

Size

status

Enable/disable the constraint.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP content in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config param-length

Parameter name

Description

Type

Size

status

Enable/disable the constraint.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config line-length

Parameter name

Description

Type

Size

status

Enable/disable the constraint.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP line in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config url-param-length

Parameter name

Description

Type

Size

status

Enable/disable the constraint.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of URL parameter in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config version

Parameter name

Description

Type

Size

status

Enable/disable the constraint.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter name

Description

Type

Size

status

Enable/disable the constraint.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter name

Description

Type

Size

status

Status.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity

medium

medium severity

low

low severity

default-allowed-methods

Methods.

option

-

 

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config hostname

Parameter name

Description

Type

Size

status

Enable/disable the constraint.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

 

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

 

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

 

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config malformed

Parameter name

Description

Type

Size

status

Enable/disable the constraint.

option

-

 

Option

Description

enable