server-policy pattern threat-weight
Use this command to configure the global threat weight of security violations. When a security violation is detected, the threat weight of the security violation is used to calculate the reputation of the device that launched the event. Access to networks and servers can be managed according to a device's reputation calculated using the total threat weight of the device.
For details about Threat Weight, see the FortiWeb Administration Guide:
http://docs.fortinet.com/fortiweb/admin-guides
To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.
Syntax
config server-policy pattern threat-weight
set allow-method {off | low | med | high | crit}
set cookie-security-policy {off | low | med | high | crit}
set crit <value_int>
set csrf-protection {off | low | med | high | crit}
set custom-policy {off | low | med | high | crit}
set custom-signature {off | low | med | high | crit}
set dos-protection {off | low | med | high | crit}
set file-upload-restriction {off | low | med | high | crit}
set ftp-security {off | low | med | high | crit}
set geo-ip {off | low | med | high | crit}
set hidden-field-protection {off | low | med | high | crit}
set high <value_int>
set http-protocol-constraints {enable | disable}
set ip-list {off | low | med | high | crit}
set ip-reputaton {off | low | med | high | crit}
set low <value_int>
set med <value_int>
set padding-oracle-protection {off | low | med | high | crit}
set page-access {off | low | med | high | crit}
set parameter-validation {off | low | med | high | crit}
set signature {enable | disable}
set start-pages {off | low | med | high | crit}
set url-access {off | low | med | high | crit}
set user-tracking {off | low | med | high | crit}
set bot-deception {off | low | med | high | crit}
set biometrics-based-detection {off | low | med | high | crit}
set threshold-bot-detection {off | low | med | high | crit}
set bot-detection {off | low | med | high | crit}
set mobile-api-protection {off | low | med | high | crit}
set json-protection {off | low | med | high | crit}
set openapi-validation {off | low | med | high | crit}
set cors-protection {off | low | med | high | crit}
set site-publish {off | low | med | high | crit}
set url-encryption {off | low | med | high | crit}
end
| Variable | Description | Default |
|---|---|---|
| Set the threat weight for HTTP request method violations. |
med
|
|
| Set the threat weight for cookie poisoning and other cookie-based attacks. |
high
|
|
| Set the value for a critical threat weight. The range of accepted values is 0-100. The value of higher levels must be larger than lower levels. |
50
|
|
| Set the threat weight for cross-site request forgery attacks. |
high
|
|
| Set the threat weight for custom policy violations. |
high
|
|
| Set the threat weight for attack signature and data leak signatures. |
high
|
|
| Set the threat weight for denial of service (DOS) attacks. |
high
|
|
| Set the threat weight for violations of upload restriction policies. |
high
|
|
| Set the threat weight for requests from blocked countries or regions based on the associated source IP address. |
high
|
|
| Set the threat weight for attempts to tamper with hidden field rules. |
high
|
|
| Set the value for a high threat weight. The range of accepted values is 0-100. The value of higher levels must be larger than lower levels. |
30
|
|
| Set to enable threat weights for HTTP protocol constraints. Once enabled, the threat weight for each HTTP protocol constraint may be set using waf http-protocol-parameter-restriction. |
enable
|
|
| Set the threat weight for requests from blacklisted IP addresses. |
high
|
|
| Set the threat weight for requests from IP addresses with a poor reputation. |
crit
|
|
| Set the value for a low threat weight. The range of accepted values is 0-100. The value of higher levels must be larger than lower levels. |
5
|
|
| Set the value for a medium threat weight. The range of accepted values is 0-100. The value of higher levels must be larger than lower levels. |
10
|
|
| Set the threat weight for padding oracle attacks. |
crit
|
|
| Set the threat weight for page order rule violations. |
med
|
|
| Set the threat weight for input rule violations. |
high
|
|
| Set to enable threat weights for signatures. Once enabled, the threat weight for each signature may be set using waf signature. |
enable
|
|
| Set the threat weight for start page rule violations. |
med
|
|
| Set the threat weight for URL access rule violations. |
med
|
|
| Set the threat weight for user tracking rule violations. |
med
|
|
| Set the threat weight for ftp security rule violations. |
med
|
|
|
Set the threat weight for bot deception policy violations. |
med
|
|
|
Set the threat weight for biometrics based detection rule violations. |
med
|
|
|
Set the threat weight for threshold based detection rule violations. |
med
|
|
|
Set the threat weight for bot detection violations. |
med
|
|
|
Set the threat weight for mobile API protection rule violations. |
med
|
|
|
Set the threat weight for JSON protection rule violations. |
med
|
|
|
Set the threat weight for OpenAPI validation. |
med
|
|
|
Set the threat weight for CORS protection rule violations. |
med
|
|
|
Set the threat weight for site publish violations. |
med
|
|
|
Set the threat weight for URL encryption rule violations. |
med
|
Example
This example adjusts the threat weight of DOS attacks.
config server-policy pattern threat-weight
set dos-protection crit
end
This example disables signatures.
config server-policy pattern threat-weight
set signature disable
end
This example adjusts the risk level value of critical security violations.
config server-policy-pattern threat-weight
set crit 60
end