Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 6.3.3 CLI Reference
    6.3.3
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    waf mobile-api-protection

    waf mobile-api-protection

    When a client accesses a web server from a mobile application, the Mobile Application Identification module checks whether the request carries the JWT-token field and whether the token carried is valid, and sets flags for the following cases:

    • The traffic doesn't carry the JWT-token header
    • The traffic carries the JWT-token header and the token is valid
    • The traffic carries the JWT-token header, while the token is invalid

    The mobile API protection feature checks the flags. With the API protection policy and rule configured, actions set in the protection rule will be performed.

    Syntax

    config waf mobile-api-protection-rule

    edit <mobile-api-protection-rule_name>

    set host-status {enable | disable}

    set host <host_str>

    set action {alert | deny_no_log | alert_deny | block-period}

    set block-period <block-period_int>

    set severity {High | Medium | Low | Info}

    set trigger <trigger_policy_name>

    config url-list

    edit <url-list_id>

    set url-type {plain | regular}

    set url-pattern <url-pattern_str>

    next

    end

    next

    end

    config waf mobile-api-protection-policy

    edit <mobile-api-protection-policy_name>

    config rule-list

    edit <rule-list_id>

    set rule <rule_name>

    next

    end

    next

    end

    Variable

    Description

    Default

    <mobile-api-protection-rule_name>

    Enter the name for the mobile API protection rule.

    No default.

    host-status {enable | disable}

    		 Enable to compare the mobile API protection rule to the Host: field in the HTTP header. Disable

    host <host_str>

    		 Select the IP address or fully qualified domain name (FQDN) of the protected host to which this rule applies.
    This option is available only if host-status {enable | disable} is enable.
    		 No default.

    action {alert | deny_no_log | alert_deny | block-period}

    Select which action the FortiWeb appliance will take when it detects a violation.
    alert—Accept the connection and generate an alert email and/or log message.
    alert_deny—Block the request (or reset the connection) and generate an alert and/or log message.
    deny_no_log—Block the request (or reset the connection).

    block-period—Blocks the request for a certain period of time.

    		 Alert

    block-period <block-period_int>

    Enter the number of seconds that you want to block the requests. The valid range is 1–3,600 seconds.

    This option only takes effect when you choose Period Block in action {alert | deny_no_log | alert_deny | block-period}.

    600

    severity {High | Medium | Low | Info}

    When FortiWeb records rule violations in the attack log, each log message contains a Severity Level field. Select the severity level that FortiWeb will record when the rule is violated:

    • Low
    • Medium
    • High
    • Informative

    The default value is High.

    		 High

    trigger <trigger_policy_name>

    Select the trigger, if any, that FortiWeb carries out when it logs and/or sends an alert email about a rule violation. For details, see Viewing log messages.

    No default.

    <url-list_id>

    Type the index number of the individual URL within the URL list, or keep the field’s default value of auto to let the FortiWeb appliance automatically assign the next available index number.

    No default.

    url-type {plain | regular}

    		 Select whether the URL Pattern field will contain a literal URL (plain), or a regular expression designed to match multiple URLs (regular). plain

    url-pattern <url-pattern_str>

    Depending on the url-type, enter either:

    • plain—The literal URL, such as /index.php, that the HTTP request must contain in order to match the rule. The URL must begin with a slash ( / ).
    • regular—A regular expression, such as ^/*.php, matching the URLs to which the rule should apply. The pattern does not require a slash ( / ), but it must match URLs that begin with a slash, such as /index.cfm.

    Do not include the domain name, such as www.example.com, which is configured separately in [bot-detection-exception-list] <No.> host <string>.

    		 No default

    <mobile-api-protection-policy_name>

    Enter the name for the mobile API protection policy.

    No default.
    <rule-list_id>

    Type the index number of the individual rule within the rule list, or keep the field’s default value of auto to let the FortiWeb appliance automatically assign the next available index number.

    No default.

    rule <rule_name>

    Select the mobile API protection rule from the drop-down list.

    No default.
    Previous
    Next

    waf mobile-api-protection

    waf mobile-api-protection

    When a client accesses a web server from a mobile application, the Mobile Application Identification module checks whether the request carries the JWT-token field and whether the token carried is valid, and sets flags for the following cases:

    • The traffic doesn't carry the JWT-token header
    • The traffic carries the JWT-token header and the token is valid
    • The traffic carries the JWT-token header, while the token is invalid

    The mobile API protection feature checks the flags. With the API protection policy and rule configured, actions set in the protection rule will be performed.

    Syntax

    config waf mobile-api-protection-rule

    edit <mobile-api-protection-rule_name>

    set host-status {enable | disable}

    set host <host_str>

    set action {alert | deny_no_log | alert_deny | block-period}

    set block-period <block-period_int>

    set severity {High | Medium | Low | Info}

    set trigger <trigger_policy_name>

    config url-list

    edit <url-list_id>

    set url-type {plain | regular}

    set url-pattern <url-pattern_str>

    next

    end

    next

    end

    config waf mobile-api-protection-policy

    edit <mobile-api-protection-policy_name>

    config rule-list

    edit <rule-list_id>

    set rule <rule_name>

    next

    end

    next

    end

    Variable

    Description

    Default

    <mobile-api-protection-rule_name>

    Enter the name for the mobile API protection rule.

    No default.

    host-status {enable | disable}

    		 Enable to compare the mobile API protection rule to the Host: field in the HTTP header. Disable

    host <host_str>

    		 Select the IP address or fully qualified domain name (FQDN) of the protected host to which this rule applies.
    This option is available only if host-status {enable | disable} is enable.
    		 No default.

    action {alert | deny_no_log | alert_deny | block-period}

    Select which action the FortiWeb appliance will take when it detects a violation.
    alert—Accept the connection and generate an alert email and/or log message.
    alert_deny—Block the request (or reset the connection) and generate an alert and/or log message.
    deny_no_log—Block the request (or reset the connection).

    block-period—Blocks the request for a certain period of time.

    		 Alert

    block-period <block-period_int>

    Enter the number of seconds that you want to block the requests. The valid range is 1–3,600 seconds.

    This option only takes effect when you choose Period Block in action {alert | deny_no_log | alert_deny | block-period}.

    600

    severity {High | Medium | Low | Info}

    When FortiWeb records rule violations in the attack log, each log message contains a Severity Level field. Select the severity level that FortiWeb will record when the rule is violated:

    • Low
    • Medium
    • High
    • Informative

    The default value is High.

    		 High

    trigger <trigger_policy_name>

    Select the trigger, if any, that FortiWeb carries out when it logs and/or sends an alert email about a rule violation. For details, see Viewing log messages.

    No default.

    <url-list_id>

    Type the index number of the individual URL within the URL list, or keep the field’s default value of auto to let the FortiWeb appliance automatically assign the next available index number.

    No default.

    url-type {plain | regular}

    		 Select whether the URL Pattern field will contain a literal URL (plain), or a regular expression designed to match multiple URLs (regular). plain

    url-pattern <url-pattern_str>

    Depending on the url-type, enter either:

    • plain—The literal URL, such as /index.php, that the HTTP request must contain in order to match the rule. The URL must begin with a slash ( / ).
    • regular—A regular expression, such as ^/*.php, matching the URLs to which the rule should apply. The pattern does not require a slash ( / ), but it must match URLs that begin with a slash, such as /index.cfm.

    Do not include the domain name, such as www.example.com, which is configured separately in [bot-detection-exception-list] <No.> host <string>.

    		 No default

    <mobile-api-protection-policy_name>

    Enter the name for the mobile API protection policy.

    No default.
    <rule-list_id>

    Type the index number of the individual rule within the rule list, or keep the field’s default value of auto to let the FortiWeb appliance automatically assign the next available index number.

    No default.

    rule <rule_name>

    Select the mobile API protection rule from the drop-down list.

    No default.
    Previous
    Next