Fortinet black logo

CLI Reference

waf parameter-validation-rule

waf parameter-validation-rule

Use this command to configure parameter validation rules, each of which is a group of input rule entries.

To apply parameter validation rules, select them within an inline or Offline Protection profile. For details, see waf web-protection-profile inline-protection and waf web-protection-profile offline-protection.

Before you can configure parameter validation rules, you must first configure one or more input rules. For details, see waf input-rule.

You can use SNMP traps to notify you when a parameter validation rule is enforced. For details, see system snmp community.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf parameter-validation-rule

edit "<rule_name>"

config input-rule-list

edit <entry_index>

set input-rule "<input-rule_name>"

next

end

next

end

Variable Description Default

"<rule_name>"

Enter the name of a new or existing rule. The maximum length is 63 characters.

To display the list of existing rules, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

input-rule "<input-rule_name>"

Enter the name of an input rule to use in the parameter validation rule. The maximum length is 63 characters.

To display the list of existing input rules, enter:

set input-rule ?

No default.

Example

This example configures a parameter validation rule that applies two input rules.

config waf parameter-validation-rule

edit "parameter_validator1"

config input-rule-list

edit 1

set input-rule "input_rule1"

next

edit 2

set input-rule "input_rule2"

next

end

next

end

Related topics

waf parameter-validation-rule

waf parameter-validation-rule

Use this command to configure parameter validation rules, each of which is a group of input rule entries.

To apply parameter validation rules, select them within an inline or Offline Protection profile. For details, see waf web-protection-profile inline-protection and waf web-protection-profile offline-protection.

Before you can configure parameter validation rules, you must first configure one or more input rules. For details, see waf input-rule.

You can use SNMP traps to notify you when a parameter validation rule is enforced. For details, see system snmp community.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf parameter-validation-rule

edit "<rule_name>"

config input-rule-list

edit <entry_index>

set input-rule "<input-rule_name>"

next

end

next

end

Variable Description Default

"<rule_name>"

Enter the name of a new or existing rule. The maximum length is 63 characters.

To display the list of existing rules, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

input-rule "<input-rule_name>"

Enter the name of an input rule to use in the parameter validation rule. The maximum length is 63 characters.

To display the list of existing input rules, enter:

set input-rule ?

No default.

Example

This example configures a parameter validation rule that applies two input rules.

config waf parameter-validation-rule

edit "parameter_validator1"

config input-rule-list

edit 1

set input-rule "input_rule1"

next

edit 2

set input-rule "input_rule2"

next

end

next

end

Related topics