What’s new
The tables below list commands newly added for FortiWeb 6.3.3.
| Command | Change |
|---|---|
|
|
|
|
config waf syntax-based-attack-detection edit "<policy_name>" set sql-arithmetic-operation-action {alert | redirect | deny_no_log | alert_deny | block_period | send_http_response config exception-element-list edit "<list-id>" set match-target {HOST | URI | FULL-URL | PARAMETER | COOKIE} set operator {STRING_MATCH| REGEXP_MATCH} set value-name <name_str> set value-check {enable | disable} set value <value_str> set concatenate-type {AND | OR} set attack-type {arithmetic_operation_based_boolean_injection | condition_based_boolean_injection | embeded_queries_sql_injection | html_attr_based_xss_injection | html_css_based_xss_injection | html_tag_based_xss_injection | js_func_based_xss_injection | js_var_based_xss_injection | line_comments | invalid | sql_function_based_boolean_injection | stacked_queries_sql_injection} next end next end |
Configure these commands to detect SQL/XSS injection attacks. |
|
|
|
|
config waf known-bots edit "known-bots_rule_name" set crawler-action {alert | redirect | deny_no_log | alert_deny | block_period | send_http_response} config malicious-bot-disable-list edit "<malicious-bot-disable-list_name>" next end config known-good-bots-disable-list edit "<known-good-bots-disable-list_name>" next end next end |
Use these commands to configure known bots prevention. |
|
|
|
|
config server-policy pattern threat-weight set allow-method-level {low | critical | informational | moderate | substantial | severe} set allow-method-op {enable | disable ... set json-element-lengthexceeded- level {low | critical | informational | moderate | substantial | severe} set json-element-lengthexceeded- op {enable | disable} set known-bots-level {low | critical | informational | moderate | substantial | severe} end |
Use this command to configure the global threat weight of security violations. |
|
|
|
|
config system feature-visibility set support-ajax-requests {enable | disable} end |
Add AJAX request support switch on/off. |
|
|
|
|
config system replacemsg edit replacemsg name <name_str> set ajax-block-support {enable | disable} config page-list edit page-list name <name_str> set code <code_int> set group {alert | site-publish | captcha | ajax-block} set msg <msg_str> next end next end |
Enable AJAX requests support to respond to a AJAX request, and configure the AJAX block page message. |
|
|
|
|
set internal-cookie-samesite {enable | disable} set internal-cookie-samesite-value {strict | lax | none} |
Enable to assign a SameSite flag to internal cookies. |
|
|
|
|
config server-policy pattern custom-global-white-list-group edit <entry_index> set status {enable | disable} set domain-type {plain | regular} set name-type {plain | regular} set request-file-status {enable | disable} set domain-status {enable | disable} next end |
Add the URL and domain filters for parameter type. |
|
|
|
|
config waf web-protection-profile offline-protection edit "<offline-protection-profile_name>" set syntax-based-attack-detection <detection_name> next end |
Add the syntax-based-attack-detection policy configuration. |
|
|
|
|
config waf web-protection-profile inline-protection edit "<inline-protection-profile_name>" set syntax-based-attack-detection <detection_name> next end |
Add the syntax-based-attack-detection policy configuration. |
|
|
|
|
config waf custom-access policy edit "<custom-policy_name>" config rule edit <entry_index> set rule-name "<custom-rule_name>" set threat-weight {low | critical | informational | moderate | substantial | severe} next end next end |
Set the weight for the threat per the custom policy. |
|
|
|
|
config waf custom-access policy edit "<custom-policy_name>" config rule edit <entry_index> set rule-name "<custom-rule_name>" set threat-weight {low | critical | informational | moderate | substantial | severe} next end next end |
Set the weight for the threat per the custom policy. |
|
|
|
|
set <parameter_name>-threat-weight {low | critical | informational | moderate | substantial | severe} |
Change the threat weight levels. |
|
|
|
|
set scoring-grade {low | critical | informational | moderate | substantial | severe} |
Change the scoring grade. |
|
|
|
|
set packet-log {account-lockout-detection | anti-virus-detection | cookie-security | credential-db-detection | csrf-detection | custom-access | custom-protection-rule | fsa-detection | hidden-fields-failed | http-protocol-constraints | illegal-file-type | illegal-filesize | cors-protection | json-protection | ip-intelligence | padding-oracle | parameter-rule-failed | signature-detection | trojan-detection | user-tracking-detection | xml-protection | machine-learning | openapi-validation | websocket-security | mobile-api-protection | malicious-bots | known-good-bots | syntax-based-detection} |
Add three packet log types. |
|
|
|
|
config waf machine-learning-policy edit <machine-learning-policy_id> set start-min-count <start-min-count _int> set switch-min-count <switch-min-count_int> set switch-percent <switch-percent_int> set denoise-percent <denoise-percent_int> set denoise-threshold <denoise-threshold_int> set renovate-short-time <renovate-short-time_int> set renovate-long-time <renovate-long-time_int> set pattern-expire-days <pattern-expire-days_int> set svm-type {standard | extended} next end next end |
new commands |
|
|
|
|
config system ha set encryption {enable | disable} end |
new command |
|
|
|
|
config waf ip-list edit What’s new config members edit What’s new set What’s new next end next end |
new command |
|
|
|
|
config system fabric-connectors set server-region-type {commercial | government} set server-region <region-id> end |
new command |