waf site-publish-helper policy
Use this command to group together web applications that you want to publish.
Before you configure site publishing policies, you must first define the individual sites that will be a part of the group. For details, see waf site-publish-helper rule.
To apply this policy, include it in an inline web protection profile. For details, see waf web-protection-profile inline-protection.
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the wafgrp
area. For details, see Permissions.
Syntax
config waf site-publish-helper policy
edit "<site-publish-policy_name>"
set account-lockout {enable | disable}
set max-login-failures <failures_int>
set account-block-period <account-block-period_int>
set limit-users {enable | disable}
set session-idle-timeout <integer>
set credential-stuffing-protection {enable | disable}
set action {alert | alert_deny | block-period | deny_no_log}
set block-period <block_period_int>
set severity {high | medium | low | Info}
set trigger "<trigger_policy>"
config rule
edit <entry_index>
set rule-name "<site-publish-rule_name>"
next
end
next
end
Variable | Description | Default |
Enter the name of a new or existing policy. The maximum length is 63 characters. To display the list of existing policies, enter:
|
No default. | |
Enable to prevent account cracking by locking an account out after several failures logging into FortiWeb. |
disable
|
|
Set the threshold of login failure. FortiWeb will trigger lockout to the account if number of login failure exceeds the threshold during the specified time period (within <within_int> ). |
5
|
|
Set the time period (in minutes) that FortiWeb locks out an account for. No more login is accepted for the locked account during the period. |
60
|
|
Set the time period (in minutes) for FortiWeb counting the login failures and judging lockout to accounts. Count of login failure of an account will be reset when the time period is up. |
3
|
|
Enable to limit the number of concurrent logins per account. |
|
|
Specify the maximum number of concurrent logins using the same account. |
|
|
When a session is idle for the specified period of time, the Concurrent Users count will be renewed. The user who is timed-out needs to re-log in. |
|
|
Enable to use FortiGuard's Credential Stuffing Defense database to prevent against credential stuffing attacks. |
disable
|
|
Set the action. The options are:
You can customize the web page that returns to the client with the HTTP status code. |
No default. | |
If the action {alert | alert_deny | block-period | deny_no_log} is |
600 | |
Set the severity of credential stuffing attacks. | No default. | |
Select the trigger policy, if any, to apply in the Site Publish policy. For details, see log trigger-policy. | No default. | |
Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. | No default. | |
Enter the name of an existing rule. | No default. |
Example
For an example, see waf site-publish-helper rule.