Fortinet black logo

CLI Reference

waf mitb-rule

waf mitb-rule

Use this command to configure MiTB rules.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf mitb-rule

edit mitb-rule_name

set action {alert| alert_deny}

set severity {High | Medium | Low | Info}

set trigger "<trigger-policy_name>"

set host-status {enable | disable}

set host "<host_str>"

set request-url "<request-url_str>"

set request-type {plain | regular}

set post-url "<post-url_str>"

edit protected-parameter-list_name

set type {regular-input | password-input}

set obfuscate {enable | disable}

set encrypt {enable | disable}

set anti-keyLogger {enable | disable}

next

end

config allowed-external-domains-list

edit allowed-external-domains-list_id

set domain "<domain_str>"

next

end



Variable Description Default

mitb-rule_name

Enter a name that can be referenced by other parts of the configuration. No default.

action {alert| alert_deny}

Select the action the FortiWeb appliance takes when it detects a violation of the rule:
Alert—Accept the connection and generate an alert email and/or log message.
Alert & Deny—Block the request (or reset the connection) and generate an alert and/or log message.
Alert

severity {High | Medium | Low | Info}

Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. Low

trigger "<trigger-policy_name>"

Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of the rule. No default.

host-status {enable | disable}

Enable to compare the MiTB rule to the Host: field in the HTTP header. No default.

host "<host_str>"

Select the IP address or FQDN of a protected host. No default.

request-url "<request-url_str>"

The URL hosting the webpage which contains the parameters (field names or passwords) you want to protect. No default.

request-type {plain | regular}

Select either of the URL types. plain

post-url "<post-url_str>"

Enter the URL triggered after you submit your access request. No default.

protected-parameter-list_name

Enter the protected parameter list name. No default.

type {regular-input | password-input}

Select the input type to carry out the protection. regular-input

obfuscate {enable | disable}

Enable to obfuscate the configured parameter name. No default.

encrypt {enable | disable}

Enable to encrypt the parameter value. No default.

anti-keyLogger {enable | disable}

Enable anti-keyLogger to prevent hackers from intercepting your password input. No default.

allowed-external-domains-list_id

Enter the allowed external domain list ID. No default.

domain "<domain_str>"

Set the domain, for example, www.alloweddomain.com. No default.

Related topics

waf mitb-rule

Use this command to configure MiTB rules.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf mitb-rule

edit mitb-rule_name

set action {alert| alert_deny}

set severity {High | Medium | Low | Info}

set trigger "<trigger-policy_name>"

set host-status {enable | disable}

set host "<host_str>"

set request-url "<request-url_str>"

set request-type {plain | regular}

set post-url "<post-url_str>"

edit protected-parameter-list_name

set type {regular-input | password-input}

set obfuscate {enable | disable}

set encrypt {enable | disable}

set anti-keyLogger {enable | disable}

next

end

config allowed-external-domains-list

edit allowed-external-domains-list_id

set domain "<domain_str>"

next

end



Variable Description Default

mitb-rule_name

Enter a name that can be referenced by other parts of the configuration. No default.

action {alert| alert_deny}

Select the action the FortiWeb appliance takes when it detects a violation of the rule:
Alert—Accept the connection and generate an alert email and/or log message.
Alert & Deny—Block the request (or reset the connection) and generate an alert and/or log message.
Alert

severity {High | Medium | Low | Info}

Select which severity level the FortiWeb appliance will use when it logs a violation of the rule. Low

trigger "<trigger-policy_name>"

Select which trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a violation of the rule. No default.

host-status {enable | disable}

Enable to compare the MiTB rule to the Host: field in the HTTP header. No default.

host "<host_str>"

Select the IP address or FQDN of a protected host. No default.

request-url "<request-url_str>"

The URL hosting the webpage which contains the parameters (field names or passwords) you want to protect. No default.

request-type {plain | regular}

Select either of the URL types. plain

post-url "<post-url_str>"

Enter the URL triggered after you submit your access request. No default.

protected-parameter-list_name

Enter the protected parameter list name. No default.

type {regular-input | password-input}

Select the input type to carry out the protection. regular-input

obfuscate {enable | disable}

Enable to obfuscate the configured parameter name. No default.

encrypt {enable | disable}

Enable to encrypt the parameter value. No default.

anti-keyLogger {enable | disable}

Enable anti-keyLogger to prevent hackers from intercepting your password input. No default.

allowed-external-domains-list_id

Enter the allowed external domain list ID. No default.

domain "<domain_str>"

Set the domain, for example, www.alloweddomain.com. No default.

Related topics