config waf profile

Configure Web application firewall configuration.

config waf profile

Description: Configure Web application firewall configuration.

edit <name>

set external [disable|enable]

set extended-log [enable|disable]

config signature

Description: WAF signatures.

config main-class

Description: Main signature class.

edit <id>

set status [enable|disable]

set action [allow|block|...]

set log [enable|disable]

set severity [high|medium|...]

next

end

set disabled-sub-class <id1>, <id2>, ...

set disabled-signature <id1>, <id2>, ...

set credit-card-detection-threshold {integer}

config custom-signature

Description: Custom signature.

edit <name>

set status [enable|disable]

set action [allow|block|...]

set log [enable|disable]

set severity [high|medium|...]

set direction [request|response]

set case-sensitivity [disable|enable]

set pattern {string}

set target {option1}, {option2}, ...

next

end

end

config constraint

Description: WAF HTTP protocol restrictions.

config header-length

Description: HTTP header length in request.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config content-length

Description: HTTP content length in request.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config param-length

Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config line-length

Description: HTTP line length in request.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config url-param-length

Description: Maximum length of parameter in URL.

set status [enable|disable]

set length {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config version

Description: Enable/disable HTTP version check.

set status [enable|disable]

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config method

Description: Enable/disable HTTP method check.

set status [enable|disable]

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config hostname

Description: Enable/disable hostname check.

set status [enable|disable]

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config malformed

Description: Enable/disable malformed HTTP request check.

set status [enable|disable]

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config max-cookie

Description: Maximum number of cookies in HTTP request.

set status [enable|disable]

set max-cookie {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config max-header-line

Description: Maximum number of HTTP header line.

set status [enable|disable]

set max-header-line {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config max-url-param

Description: Maximum number of parameters in URL.

set status [enable|disable]

set max-url-param {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config max-range-segment

Description: Maximum number of range segments in HTTP range line.

set status [enable|disable]

set max-range-segment {integer}

set action [allow|block]

set log [enable|disable]

set severity [high|medium|...]

end

config exception

Description: HTTP constraint exception.

edit <id>

set pattern {string}

set regex [enable|disable]

set address {string}

set header-length [enable|disable]

set content-length [enable|disable]

set param-length [enable|disable]

set line-length [enable|disable]

set url-param-length [enable|disable]

set version [enable|disable]

set method [enable|disable]

set hostname [enable|disable]

set malformed [enable|disable]

set max-cookie [enable|disable]

set max-header-line [enable|disable]

set max-url-param [enable|disable]

set max-range-segment [enable|disable]

next

end

end

config method

Description: Method restriction.

set status [enable|disable]

set log [enable|disable]

set severity [high|medium|...]

set default-allowed-methods {option1}, {option2}, ...

config method-policy

Description: HTTP method policy.

edit <id>

set pattern {string}

set regex [enable|disable]

set address {string}

set allowed-methods {option1}, {option2}, ...

next

end

end

config address-list

Description: Address block and allow lists.

set status [enable|disable]

set blocked-log [enable|disable]

set severity [high|medium|...]

set trusted-address <name1>, <name2>, ...

set blocked-address <name1>, <name2>, ...

end

config url-access

Description: URL access list.

edit <id>

set address {string}

set action [bypass|permit|...]

set log [enable|disable]

set severity [high|medium|...]

config access-pattern

Description: URL access pattern.

edit <id>

set srcaddr {string}

set pattern {string}

set regex [enable|disable]

set negate [enable|disable]

next

end

next

end

set comment {var-string}

next

end

config waf profile

Parameter	Description	Type	Size	Default
external	Disable/Enable external HTTP Inspection.	option	-	disable
	Option Description disable Disable external inspection. enable Enable external inspection.
extended-log	Enable/disable extended logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
comment	Comment.	var-string	Maximum length: 1023

config signature

Parameter	Description	Type	Size	Default
disabled-sub-class <id>	Disabled signature subclasses. Signature subclass ID.	integer	Minimum value: 0 Maximum value: 4294967295
disabled-signature <id>	Disabled signatures. Signature ID.	integer	Minimum value: 0 Maximum value: 4294967295
credit-card-detection-threshold	The minimum number of Credit cards to detect violation.	integer	Minimum value: 0 Maximum value: 128	3

config main-class

Parameter	Description	Type	Size	Default
status	Status.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
action	Action.	option	-	allow
	Option Description allow Allow. block Block. erase Erase credit card numbers.
log	Enable/disable logging.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config custom-signature

Parameter	Description	Type	Size	Default
status	Status.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
action	Action.	option	-	allow
	Option Description allow Allow. block Block. erase Erase credit card numbers.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.
direction	Traffic direction.	option	-	request
	Option Description request Match HTTP request. response Match HTTP response.
case-sensitivity	Case sensitivity in pattern.	option	-	disable
	Option Description disable Case insensitive in pattern. enable Case sensitive in pattern.
pattern	Match pattern.	string	Maximum length: 511
target	Match HTTP target.	option	-
	Option Description arg HTTP arguments. arg-name Names of HTTP arguments. req-body HTTP request body. req-cookie HTTP request cookies. req-cookie-name HTTP request cookie names. req-filename HTTP request file name. req-header HTTP request headers. req-header-name HTTP request header names. req-raw-uri Raw URI of HTTP request. req-uri URI of HTTP request. resp-body HTTP response body. resp-hdr HTTP response headers. resp-status HTTP response status.

config header-length

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
length	Length of HTTP header in bytes (0 to 2147483647).	integer	Minimum value: 0 Maximum value: 2147483647	8192
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config content-length

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
length	Length of HTTP content in bytes (0 to 2147483647).	integer	Minimum value: 0 Maximum value: 2147483647	67108864
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config param-length

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
length	Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).	integer	Minimum value: 0 Maximum value: 2147483647	8192
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config line-length

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
length	Length of HTTP line in bytes (0 to 2147483647).	integer	Minimum value: 0 Maximum value: 2147483647	1024
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config url-param-length

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
length	Maximum length of URL parameter in bytes (0 to 2147483647).	integer	Minimum value: 0 Maximum value: 2147483647	8192
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config version

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config method

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config method

Parameter	Description	Type	Size	Default
status	Status.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity medium medium severity low low severity
default-allowed-methods	Methods.	option	-
	Option Description get HTTP GET method. post HTTP POST method. put HTTP PUT method. head HTTP HEAD method. connect HTTP CONNECT method. trace HTTP TRACE method. options HTTP OPTIONS method. delete HTTP DELETE method. others Other HTTP methods.

config hostname

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config malformed

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config max-cookie

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
max-cookie	Maximum number of cookies in HTTP request (0 to 2147483647).	integer	Minimum value: 0 Maximum value: 2147483647	16
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config max-header-line

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
max-header-line	Maximum number HTTP header lines (0 to 2147483647).	integer	Minimum value: 0 Maximum value: 2147483647	32
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config max-url-param

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
max-url-param	Maximum number of parameters in URL (0 to 2147483647).	integer	Minimum value: 0 Maximum value: 2147483647	16
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config max-range-segment

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
max-range-segment	Maximum number of range segments in HTTP range line (0 to 2147483647).	integer	Minimum value: 0 Maximum value: 2147483647	5
action	Action.	option	-	allow
	Option Description allow Allow. block Block.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config exception

Parameter	Description	Type	Size	Default
pattern	URL pattern.	string	Maximum length: 511
regex	Enable/disable regular expression based pattern match.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
address	Host address.	string	Maximum length: 79
header-length	HTTP header length in request.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
content-length	HTTP content length in request.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
param-length	Maximum length of parameter in URL, HTTP POST request or HTTP body.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
line-length	HTTP line length in request.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
url-param-length	Maximum length of parameter in URL.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
version	Enable/disable HTTP version check.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
method	Enable/disable HTTP method check.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
hostname	Enable/disable hostname check.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
malformed	Enable/disable malformed HTTP request check.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
max-cookie	Maximum number of cookies in HTTP request.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
max-header-line	Maximum number of HTTP header line.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
max-url-param	Maximum number of parameters in URL.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
max-range-segment	Maximum number of range segments in HTTP range line.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.

config method

Parameter	Description	Type	Size	Default
status	Enable/disable the constraint.	option	-	disable
action	Action.	option	-	allow
log	Enable/disable logging.	option	-	disable
severity	Severity.	option	-	medium

config method

Parameter	Description	Type	Size	Default
status	Status.	option	-	disable
log	Enable/disable logging.	option	-	disable
severity	Severity.	option	-	medium
default-allowed-methods	Methods.	option	-

config method-policy

Parameter	Description	Type	Size	Default
pattern	URL pattern.	string	Maximum length: 511
regex	Enable/disable regular expression based pattern match.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
address	Host address.	string	Maximum length: 79
allowed-methods	Allowed Methods.	option	-
	Option Description get HTTP GET method. post HTTP POST method. put HTTP PUT method. head HTTP HEAD method. connect HTTP CONNECT method. trace HTTP TRACE method. options HTTP OPTIONS method. delete HTTP DELETE method. others Other HTTP methods.

config address-list

Parameter	Description	Type	Size	Default
status	Status.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
blocked-log	Enable/disable logging on blocked addresses.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.
trusted-address <name>	Trusted address. Address name.	string	Maximum length: 79
blocked-address <name>	Blocked address. Address name.	string	Maximum length: 79

config url-access

Parameter	Description	Type	Size	Default
address	Host address.	string	Maximum length: 79
action	Action.	option	-	permit
	Option Description bypass Allow the HTTP request, also bypass further WAF scanning. permit Allow the HTTP request, and continue further WAF scanning. block Block HTTP request.
log	Enable/disable logging.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
severity	Severity.	option	-	medium
	Option Description high High severity. medium Medium severity. low Low severity.

config access-pattern

Parameter	Description	Type	Size	Default
srcaddr	Source address.	string	Maximum length: 79
pattern	URL pattern.	string	Maximum length: 511
regex	Enable/disable regular expression based pattern match.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
negate	Enable/disable match negation.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.