Fortinet black logo

CLI Reference

waf url-access url-access-policy

waf url-access url-access-policy

Use this command to configure a set of URL access rules that define HTTP requests that are allowed or denied.

Before using this command, you must first define your URL access rules. For details, see waf url-access url-access-rule.

To apply URL access policies, select them within an inline or Offline Protection profile. For details, see waf web-protection-profile inline-protection or waf web-protection-profile offline-protection.

You can use SNMP traps to notify you when a URL access rule is enforced. For details, see system snmp community.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf url-access url-access-policy

edit "<url-access-policy_name>"

config rule

edit <entry_index>

set url-access-rule-name "<url-access-rule_name>"

next

end

next

end

Variable Description Default

"<url-access-policy_name>"

Enter the name of the new or existing URL access policy. The maximum length is 63 characters.

To display the list of existing policies, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

url-access-rule-name "<url-access-rule_name>"

Enter the name of the existing URL access rule to add to the policy. The maximum length is 63 characters. No default.

Example

This example adds two rules to the policy, with the first one set to priority level 0, and the second one set to priority level 1. The rule with priority 0 would be applied first.

config waf url-access url-access-policy

edit "URL-access-set2"

config rule

edit 1

set url-access-rule-name "URL Access Rule 1"

next

edit 2

set url-access-rule-name "Blocked URL"

next

next

end

Related topics

waf url-access url-access-policy

Use this command to configure a set of URL access rules that define HTTP requests that are allowed or denied.

Before using this command, you must first define your URL access rules. For details, see waf url-access url-access-rule.

To apply URL access policies, select them within an inline or Offline Protection profile. For details, see waf web-protection-profile inline-protection or waf web-protection-profile offline-protection.

You can use SNMP traps to notify you when a URL access rule is enforced. For details, see system snmp community.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf url-access url-access-policy

edit "<url-access-policy_name>"

config rule

edit <entry_index>

set url-access-rule-name "<url-access-rule_name>"

next

end

next

end

Variable Description Default

"<url-access-policy_name>"

Enter the name of the new or existing URL access policy. The maximum length is 63 characters.

To display the list of existing policies, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

url-access-rule-name "<url-access-rule_name>"

Enter the name of the existing URL access rule to add to the policy. The maximum length is 63 characters. No default.

Example

This example adds two rules to the policy, with the first one set to priority level 0, and the second one set to priority level 1. The rule with priority 0 would be applied first.

config waf url-access url-access-policy

edit "URL-access-set2"

config rule

edit 1

set url-access-rule-name "URL Access Rule 1"

next

edit 2

set url-access-rule-name "Blocked URL"

next

next

end

Related topics