Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

server-policy pattern threat-weight

Use this command to configure the global threat weight of security violations. When a security violation is detected, the threat weight of the security violation is used to calculate the threat score of a client that launched the event.

For details about Threat Weight, see the FortiWeb Administration Guide:

http://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config server-policy pattern threat-weight

set allow-method-level {low | critical | informational | moderate | substantial | severe}

set allow-method-op {enable | disable}

set biometrics-based-detection -level {low | critical | informational | moderate | substantial | severe}

set biometrics-based-detection-op {enable | disable}

set block-malicious-client-op {enable | disable}

set block-malicious-client-time <time_int>

set block-suspicious-client-op {enable | disable}

set block-suspicious-client-time <time_int>

set bot-deception-level {low | critical | informational | moderate | substantial | severe}

set bot-deception-op {enable | disable}

set client-management-expire <time_int>

set concurrent-users-peraccount- exceeds-limit-level {low | critical | informational | moderate | substantial | severe}

set concurrent-users-peraccount- exceeds-limit-op {enable | disable}

set cookie-signature-checkfailed- level {low | critical | informational | moderate | substantial | severe}

set cookie-signature-checkfailed- op {enable | disable}

set cors-protection-level {low | critical | informational | moderate | substantial | severe}

set cors-protection-op {enable | disable}

set credential-stuffing-defenselevel {low | critical | informational | moderate | substantial | severe}

set credential-stuffing-defenseop {enable | disable}

set csrf-protection-level {low | critical | informational | moderate | substantial | severe}

set csrf-protection-op {enable | disable}

set custom-policy-op {enable | disable}

set fail-to-validate-json-schemalevel {low | critical | informational | moderate | substantial | severe}

set fail-to-validate-json-schemaop {enable | disable}

set fail-to-validate-xml-schemalevel {low | critical | informational | moderate | substantial | severe}

set fail-to-validate-xml-schemaop {enable | disable}

set forbid-xml-entities-level {low | critical | informational | moderate | substantial | severe}

set forbid-xml-entities-op {enable | disable}

set format-not-allowed-inwebsocket- level {low | critical | informational | moderate | substantial | severe}

set format-not-allowed-inwebsocket- op {enable | disable}

set geo-ip-level {low | critical | informational | moderate | substantial | severe}

set geo-ip-op {enable | disable}

set hidden-field-protection-level {low | critical | informational | moderate | substantial | severe}

set hidden-field-protection-op {enable | disable}

set http-access-limit-level {low | critical | informational | moderate | substantial | severe}

set http-access-limit-op {enable | disable}

set http-flood-prevention-level {low | critical | informational | moderate | substantial | severe}

set http-flood-prevention-op {enable | disable}

set http-protocol-constraints-op {enable | disable}

set illegal-file-size-level {low | critical | informational | moderate | substantial | severe}

set illegal-file-size-op {enable | disable}

set illegal-file-type-level {low | critical | informational | moderate | substantial | severe}

set illegal-file-type-op {enable | disable}

set ip-list-level {low | critical | informational | moderate | substantial | severe}

set ip-list-op {enable | disable}

set ip-replay-violation-level {low | critical | informational | moderate | substantial | severe}

set ip-replay-violation-op {enable | disable}

set ip-reputation-level {low | critical | informational | moderate | substantial | severe}

set ip-reputation-op {enable | disable}

set json-element-lengthexceeded- level {low | critical | informational | moderate | substantial | severe}

set json-element-lengthexceeded- op {enable | disable}

set known-bots-level {low | critical | informational | moderate | substantial | severe}

set known-bots-op {enable | disable}

set low-level <level_int>

set low-level-score-end <level_ int>

set malicious-file-detected-byfortisandbox- level {low | critical | informational | moderate | substantial | severe}

set malicious-file-detected-byfortisandbox- op {enable | disable}

set malicious-ips-level {low | critical | informational | moderate | substantial | severe}

set malicious-ips-op {enable | disable}

set man-in-browser-protectionlevel {low | critical | informational | moderate | substantial | severe}

set man-in-browser-protectionop {enable | disable}

set medium-level-score-end <level_int>

set mobile-api-protection-level {low | critical | informational | moderate | substantial | severe}

set mobile-api-protection-op {enable | disable}

set openapi-validation-level {low | critical | informational | moderate | substantial | severe}

set openapi-validation-op {enable | disable}

set origin-not-allowed-level {low | critical | informational | moderate | substantial | severe}

set origin-not-allowed-op {enable | disable}

set padding-oracle-protectionlevel {low | critical | informational | moderate | substantial | severe}

set padding-oracle-protection-op {enable | disable}

set parameter-validation-level {low | critical | informational | moderate | substantial | severe}

set parameter-validation-op {enable | disable}

set session-fixation-protectionlevel {low | critical | informational | moderate | substantial | severe}

set session-fixation-protectionop {enable | disable}

set session-idle-timeout-level {low | critical | informational | moderate | substantial | severe}

set session-idle-timeout-op {enable | disable}

set signature-op {enable | disable}

set size-exceeds-limit-level {low | critical | informational | moderate | substantial | severe}

set size-exceeds-limit-op {enable | disable}

set sql-xss-sbd-op {enable | disable}

set statistics-period {one-day | three-days | one-week}

set tcp-flood-prevention-level {low | critical | informational | moderate | substantial | severe}

set tcp-flood-prevention-op {enable | disable}

set threshold-based-detectionlevel {low | critical | informational | moderate | substantial | severe}

set threshold-based-detection-op {enable | disable}

set trojan-detected-level {low | critical | informational | moderate | substantial | severe}

set trojan-detected-op {enable | disable}

set url-access-level {low | critical | informational | moderate | substantial | severe}

set url-access-op {enable | disable}

set virus-detected-level {low | critical | informational | moderate | substantial | severe}

set virus-detected-op {enable | disable}

set websocket-extensions-notallowed- level {low | critical | informational | moderate | substantial | severe}

set websocket-extensions-notallowed- op {enable | disable}

set websocket-traffic-notallowed- level {low | critical | informational | moderate | substantial | severe}

set websocket-traffic-notallowed- op {enable | disable}

set wsdl-validation-failed-level {low | critical | informational | moderate | substantial | severe}

set wsdl-validation-failed-op {enable | disable}

set wsi-check-failed-level {low | critical | informational | moderate | substantial | severe}

set wsi-check-failed-op {enable | disable}

set xml-element-lengthexceeded- level {low | critical | informational | moderate | substantial | severe}

set xml-element-lengthexceeded- op {enable | disable}

end

Variable Description Default

allow-method-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for HTTP request method violations. moderate

allow-method-op {enable | disable}

Enable to configure the threat weight for HTTP request method violations.

enable

biometrics-based-detection -level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for biometrics based detection rule violations.

substantial

biometrics-based-detection-op {enable | disable}

Enable to configure the threat weight for biometrics based detection rule violations.

disable

block-malicious-client-op {enable | disable}

Enable to block malicious client.

disable

block-malicious-client-time <time_int>

Set how long a malicious client will be blocked for.

The valid range is 1-1440 minutes.

10 minutes

block-suspicious-client-op {enable | disable}

Enable to block suspicious client.

enable

block-suspicious-client-time <time_int>

Set how long a suspicious client will be blocked for.

The valid range is 1-1440 minutes.

10 minutes

bot-deception-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for bot deception policy violations.

substantial

bot-deception-op {enable | disable}

Enable to configure the threat weight for bot deception policy violations.

disable

client-management-expire <time_int>

Set the amount of time that FortiWeb will store the tracked client information.

Once the information has been stored for longer than the set amount of time, FortiWeb will remove that information.

15 days

concurrent-users-per-account-exceeds-limit-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violations that the number of concurrent users per account exceeds the limit.

moderate

concurrent-users-per-account-exceeds-limit-op {enable | disable}

Enable to configure the threat weight for violations that the number of concurrent users per account exceeds the limit.

enable

cookie-signature-check-failed-level {low | critical | informational | moderate | substantial | severe}

When the security mode is None or Signed, enable to configure the threat weight for cookie tampering protection rule violations.

substantial

cookie-signature-check-failed-op {enable | disable}

Enable to configure the threat weight for cookie tampering protection rule violations.

enable

 

 

 

cors-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for CORS protection rule violations.

moderate

cors-protection-op {enable | disable}

Enable to configure the threat weight for CORS protection rule violations.

enable

credential-stuffing-defense-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for Credential Stuffing attacks.

severe

credential-stuffing-defense-op {enable | disable}

Enable to configure the threat weight for Credential Stuffing attacks.

enable

csrf-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for CSRF protection rule violations.

substantial

csrf-protection-op {enable | disable}

Enable to configure the threat weight for CSRF protection rule violations.

enable

custom-policy-op {enable | disable}

Enable to configure the threat weight for custom policy violations.

enable

fail-to-validate-json-schema-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for JSON protection rule violations.

substantial

fail-to-validate-json-schema-op {enable | disable}

Enable to configure the threat weight for violation of failing to validate JSON schema file.

enable

fail-to-validate-xml-schema-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violation of failing to validate JSON schema file.

moderate

fail-to-validate-xml-schema-op {enable | disable}

Enable to configure the threat weight for violation of failing to validate XML schema file.

enable

forbid-xml-entities-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violation of failing to validate XML schema file.

substantial

forbid-xml-entities-op {enable | disable}

Enable to configure the threat weight for forbidden XML entities violations.

enable

format-not-allowed-in-websocket-level {low | critical | informational | moderate | substantial | severe}

When the WebSocket connection is established, data is transmitted in the form of frame.

Set the threat weight for violation that frame formats are not allowed.

moderate

format-not-allowed-in-websocket-op {enable | disable}

Enable to configure the threat weight for violation that frame formats are not allowed.

enable

geo-ip-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for requests from blocked countries or regions based on the associated source IP address.

critical

geo-ip-op {enable | disable}

Enable to configure the threat weight for Geo IP block policy violations.

enable

hidden-field-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for attempts to tamper with hidden field rules.

substantial

hidden-field-protection-op {enable | disable}

Enable to configure the threat weight for hidden field protection rule violations.

enable

http-access-limit-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violation that the number of HTTP requests per second, per source IP address exceeds the limit.

substantial

http-access-limit-op {enable | disable}

Enable to configure the threat weight for violation that the number of HTTP requests per second, per source IP address exceeds the limit.

enable

http-flood-prevention-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violation that the number ofHTTP requests per second, per session, per URL exceeds the limit.

substantial

http-flood-prevention-op {enable | disable}

Enable to configure the threat weight for violation that the number of HTTP requests per second, per session, per URL exceeds the limit.

enable

http-protocol-constraints-op {enable | disable}

Enable to configure the threat weight for HTTP protocol constraints. Once enabled, the threat weight for each HTTP protocol constraint may be set using waf http-protocol-parameter-restriction.

enable

illegal-file-size-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the file size detection and restriction violation.

moderate

illegal-file-size-op {enable | disable}

Enable to configure the threat weight for the file size detection and restriction violation.

enable

illegal-file-type-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the file type detection and restriction violation.

substantial

illegal-file-type-op {enable | disable}

Enable to configure the threat weight for the file type detection and restriction violation.

enable

ip-list-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for requests from blocklisted IP addresses.

critical

ip-list-op {enable | disable}

Enable to configure the threat weight for requests from blocklisted IP addresses.

enable

ip-replay-violation-level {low | critical | informational | moderate | substantial | severe}

When the security mode is Encrypted, select whether FortiWeb uses the IP address of a request to determine the owner of the cookie.

Set the threat weight for IP replay violations.

substantial

ip-replay-violation-op {enable | disable}

Enable to configure the threat weight for IP replay violations.

enable

ip-reputation-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for requests from IP addresses with a poor reputation.

critical

ip-reputation-op {enable | disable}

Enable to configure the threat weight for requests from IP addresses with a poor reputation.

enable

json-element-length-exceeded-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation that the JSON element length exceeds.

moderate

json-element-length-exceeded-op {enable | disable}

Enable to configure the threat weight for the violation that the JSON element length exceeds.

enable

known-bots-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the known bots attacks.

substantial

known-bots-op {enable | disable}

Enable to configure the threat weight for the known bots attacks.

disable

low-level <level_int>

Set the risk level value for Low level.

10

low-level-score-end <level_int>

Set the low level threat score for different risk levels of a client based on the threat weight sum of all the security violations launched by the client at the time of the last access.

100

malicious-file-detected-by-fortisandbox-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation of malicious file detection by FortiSandbox.

severe

malicious-file-detected-by-fortisandbox-op {enable | disable}

Enable to configure the threat weight for the violation of malicious file detection by FortiSandbox.

enable

malicious-ips-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation that the number of TCP connections per HTTP session exceeds the limit.

substantial

malicious-ips-op {enable | disable}

Enable to configure the threat weight the violation that the number of TCP connections per HTTP session exceeds the limit.

enable

man-in-browser-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for MiTB attacks.

substantial

man-in-browser-protection-op {enable | disable}

Enable to configure the threat weight for MiTB attacks.

enable

medium-level-score-end <level_int>

Set the high threat score for different risk levels of a client based on the threat weight sum of all the security violations launched by the client at the time of the last access.

200

mobile-api-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for mobile API protection rule violations.

substantial

mobile-api-protection-op {enable | disable}

Enable to configure the threat weight for mobile API protection rule violations.

enable

openapi-validation-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for OpenAPI validation rule violations.

moderate

openapi-validation-op {enable | disable}

Enable to configure the threat weight for OpenAPI validation rule violations.

enable

origin-not-allowed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation of origin not allowed.

low

origin-not-allowed-op {enable | disable}

Enable to configure the threat weight for the violation of origin not allowed.

enable

padding-oracle-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for padding oracle attacks.

severe

padding-oracle-protection-op {enable | disable}

Enable to configure the threat weight for padding oracle attacks.

enable

parameter-validation-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for parameter validation violation.

moderate

parameter-validation-op {enable | disable}

Enable to configure threat weight for parameter validation violation.

enable

session-fixation-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for session fixation protection rule violation.

moderate

session-fixation-protection-op {enable | disable}

Enable to configure the threat weight for session fixation protection rule violation.

enable

session-idle-timeout-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation of session idle timeout.

moderate

session-idle-timeout-op {enable | disable}

Enable to configure the threat weight for the violation of session idle timeout.

enable

signature-op {enable | disable}

Enable to set the threat weight for each signature rule.

enable

size-exceeds-limit-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation when the maximum acceptable frame header and body size in bytes exceeds the limit.

moderate

size-exceeds-limit-op {enable | disable}

Enable to configure the threat weight for the violation when the maximum acceptable frame header and body size in bytes exceeds the limit.

enable

sql-xss-sbd-op {enable | disable}

Enable to configure the threat weight for the SQL/XSS syntax based detection rule violation.

enable

statistics-period {one-day | three-days | one-week}

Select the amount of time in days that FortiWeb will store the threat score data for an active client.

For example, when the statistics period is 3 days, and the total threat score in this period is 150. Then 150 will be taken as the score to compare with those set fo thrusted/suspicious/malicious clients.

three-days

tcp-flood-prevention-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation when the number of fully-formed TCP connections per source IP address exceeds the limit.

substantial

tcp-flood-prevention-op {enable | disable}

Enable to configure the threat weight for the violation when the number of fully-formed TCP connections per source IP address exceeds the limit.

enable

threshold-based-detection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the threshold based detection rule violation.

substantial

threshold-based-detection-op {enable | disable}

Enable to configure the threat weight for the threshold based detection rule violation.

disable

trojan-detected-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the Trojan detection rule violation.

enable

trojan-detected-op {enable | disable}

Enable to configure the threat weight for the Trojan detection rule violation.

severe

url-access-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the URL access rule violation.

substantial

url-access-op {enable | disable}

Enable to configure the threat weight for the URL access rule violation.

enable

virus-detected-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the virus detection rule violation.

critical

virus-detected-op {enable | disable}

Enable to configure the threat weight for the virus detection rule violation.

enable

websocket-extensions-not-allowed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation of extension header in WebSocket handshake packet.

substantial

websocket-extensions-not-allowed-op {enable | disable}

Enable to configure the threat weight for the violation of extension header in WebSocket handshake packet.

enable

websocket-traffic-not-allowed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the WebSocket traffic blocking violation.

substantial

websocket-traffic-not-allowed-op {enable | disable}

Enable to configure the threat weight for the WebSocket traffic blocking violation.

enable

wsdl-validation-failed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the WSDL file validation rule violation.

substantial

wsdl-validation-failed-op {enable | disable}

Enable to set the threat weight for the WSDL file validation rule violation.

enable

wsi-check-failed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the WS-security rule violation.

moderate

wsi-check-failed-op {enable | disable}

Enable to set the threat weight for the WS-security rule violation.

enable

xml-element-length-exceeded-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation that the XML element length exceeds.

moderate

xml-element-length-exceeded-op {enable | disable}

Enable to configure the threat weight for the violation that the XML element length exceeds.

enable

Related Topics

server-policy pattern threat-weight

Use this command to configure the global threat weight of security violations. When a security violation is detected, the threat weight of the security violation is used to calculate the threat score of a client that launched the event.

For details about Threat Weight, see the FortiWeb Administration Guide:

http://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the admingrp area. For details, see Permissions.

Syntax

config server-policy pattern threat-weight

set allow-method-level {low | critical | informational | moderate | substantial | severe}

set allow-method-op {enable | disable}

set biometrics-based-detection -level {low | critical | informational | moderate | substantial | severe}

set biometrics-based-detection-op {enable | disable}

set block-malicious-client-op {enable | disable}

set block-malicious-client-time <time_int>

set block-suspicious-client-op {enable | disable}

set block-suspicious-client-time <time_int>

set bot-deception-level {low | critical | informational | moderate | substantial | severe}

set bot-deception-op {enable | disable}

set client-management-expire <time_int>

set concurrent-users-peraccount- exceeds-limit-level {low | critical | informational | moderate | substantial | severe}

set concurrent-users-peraccount- exceeds-limit-op {enable | disable}

set cookie-signature-checkfailed- level {low | critical | informational | moderate | substantial | severe}

set cookie-signature-checkfailed- op {enable | disable}

set cors-protection-level {low | critical | informational | moderate | substantial | severe}

set cors-protection-op {enable | disable}

set credential-stuffing-defenselevel {low | critical | informational | moderate | substantial | severe}

set credential-stuffing-defenseop {enable | disable}

set csrf-protection-level {low | critical | informational | moderate | substantial | severe}

set csrf-protection-op {enable | disable}

set custom-policy-op {enable | disable}

set fail-to-validate-json-schemalevel {low | critical | informational | moderate | substantial | severe}

set fail-to-validate-json-schemaop {enable | disable}

set fail-to-validate-xml-schemalevel {low | critical | informational | moderate | substantial | severe}

set fail-to-validate-xml-schemaop {enable | disable}

set forbid-xml-entities-level {low | critical | informational | moderate | substantial | severe}

set forbid-xml-entities-op {enable | disable}

set format-not-allowed-inwebsocket- level {low | critical | informational | moderate | substantial | severe}

set format-not-allowed-inwebsocket- op {enable | disable}

set geo-ip-level {low | critical | informational | moderate | substantial | severe}

set geo-ip-op {enable | disable}

set hidden-field-protection-level {low | critical | informational | moderate | substantial | severe}

set hidden-field-protection-op {enable | disable}

set http-access-limit-level {low | critical | informational | moderate | substantial | severe}

set http-access-limit-op {enable | disable}

set http-flood-prevention-level {low | critical | informational | moderate | substantial | severe}

set http-flood-prevention-op {enable | disable}

set http-protocol-constraints-op {enable | disable}

set illegal-file-size-level {low | critical | informational | moderate | substantial | severe}

set illegal-file-size-op {enable | disable}

set illegal-file-type-level {low | critical | informational | moderate | substantial | severe}

set illegal-file-type-op {enable | disable}

set ip-list-level {low | critical | informational | moderate | substantial | severe}

set ip-list-op {enable | disable}

set ip-replay-violation-level {low | critical | informational | moderate | substantial | severe}

set ip-replay-violation-op {enable | disable}

set ip-reputation-level {low | critical | informational | moderate | substantial | severe}

set ip-reputation-op {enable | disable}

set json-element-lengthexceeded- level {low | critical | informational | moderate | substantial | severe}

set json-element-lengthexceeded- op {enable | disable}

set known-bots-level {low | critical | informational | moderate | substantial | severe}

set known-bots-op {enable | disable}

set low-level <level_int>

set low-level-score-end <level_ int>

set malicious-file-detected-byfortisandbox- level {low | critical | informational | moderate | substantial | severe}

set malicious-file-detected-byfortisandbox- op {enable | disable}

set malicious-ips-level {low | critical | informational | moderate | substantial | severe}

set malicious-ips-op {enable | disable}

set man-in-browser-protectionlevel {low | critical | informational | moderate | substantial | severe}

set man-in-browser-protectionop {enable | disable}

set medium-level-score-end <level_int>

set mobile-api-protection-level {low | critical | informational | moderate | substantial | severe}

set mobile-api-protection-op {enable | disable}

set openapi-validation-level {low | critical | informational | moderate | substantial | severe}

set openapi-validation-op {enable | disable}

set origin-not-allowed-level {low | critical | informational | moderate | substantial | severe}

set origin-not-allowed-op {enable | disable}

set padding-oracle-protectionlevel {low | critical | informational | moderate | substantial | severe}

set padding-oracle-protection-op {enable | disable}

set parameter-validation-level {low | critical | informational | moderate | substantial | severe}

set parameter-validation-op {enable | disable}

set session-fixation-protectionlevel {low | critical | informational | moderate | substantial | severe}

set session-fixation-protectionop {enable | disable}

set session-idle-timeout-level {low | critical | informational | moderate | substantial | severe}

set session-idle-timeout-op {enable | disable}

set signature-op {enable | disable}

set size-exceeds-limit-level {low | critical | informational | moderate | substantial | severe}

set size-exceeds-limit-op {enable | disable}

set sql-xss-sbd-op {enable | disable}

set statistics-period {one-day | three-days | one-week}

set tcp-flood-prevention-level {low | critical | informational | moderate | substantial | severe}

set tcp-flood-prevention-op {enable | disable}

set threshold-based-detectionlevel {low | critical | informational | moderate | substantial | severe}

set threshold-based-detection-op {enable | disable}

set trojan-detected-level {low | critical | informational | moderate | substantial | severe}

set trojan-detected-op {enable | disable}

set url-access-level {low | critical | informational | moderate | substantial | severe}

set url-access-op {enable | disable}

set virus-detected-level {low | critical | informational | moderate | substantial | severe}

set virus-detected-op {enable | disable}

set websocket-extensions-notallowed- level {low | critical | informational | moderate | substantial | severe}

set websocket-extensions-notallowed- op {enable | disable}

set websocket-traffic-notallowed- level {low | critical | informational | moderate | substantial | severe}

set websocket-traffic-notallowed- op {enable | disable}

set wsdl-validation-failed-level {low | critical | informational | moderate | substantial | severe}

set wsdl-validation-failed-op {enable | disable}

set wsi-check-failed-level {low | critical | informational | moderate | substantial | severe}

set wsi-check-failed-op {enable | disable}

set xml-element-lengthexceeded- level {low | critical | informational | moderate | substantial | severe}

set xml-element-lengthexceeded- op {enable | disable}

end

Variable Description Default

allow-method-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for HTTP request method violations. moderate

allow-method-op {enable | disable}

Enable to configure the threat weight for HTTP request method violations.

enable

biometrics-based-detection -level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for biometrics based detection rule violations.

substantial

biometrics-based-detection-op {enable | disable}

Enable to configure the threat weight for biometrics based detection rule violations.

disable

block-malicious-client-op {enable | disable}

Enable to block malicious client.

disable

block-malicious-client-time <time_int>

Set how long a malicious client will be blocked for.

The valid range is 1-1440 minutes.

10 minutes

block-suspicious-client-op {enable | disable}

Enable to block suspicious client.

enable

block-suspicious-client-time <time_int>

Set how long a suspicious client will be blocked for.

The valid range is 1-1440 minutes.

10 minutes

bot-deception-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for bot deception policy violations.

substantial

bot-deception-op {enable | disable}

Enable to configure the threat weight for bot deception policy violations.

disable

client-management-expire <time_int>

Set the amount of time that FortiWeb will store the tracked client information.

Once the information has been stored for longer than the set amount of time, FortiWeb will remove that information.

15 days

concurrent-users-per-account-exceeds-limit-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violations that the number of concurrent users per account exceeds the limit.

moderate

concurrent-users-per-account-exceeds-limit-op {enable | disable}

Enable to configure the threat weight for violations that the number of concurrent users per account exceeds the limit.

enable

cookie-signature-check-failed-level {low | critical | informational | moderate | substantial | severe}

When the security mode is None or Signed, enable to configure the threat weight for cookie tampering protection rule violations.

substantial

cookie-signature-check-failed-op {enable | disable}

Enable to configure the threat weight for cookie tampering protection rule violations.

enable

 

 

 

cors-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for CORS protection rule violations.

moderate

cors-protection-op {enable | disable}

Enable to configure the threat weight for CORS protection rule violations.

enable

credential-stuffing-defense-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for Credential Stuffing attacks.

severe

credential-stuffing-defense-op {enable | disable}

Enable to configure the threat weight for Credential Stuffing attacks.

enable

csrf-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for CSRF protection rule violations.

substantial

csrf-protection-op {enable | disable}

Enable to configure the threat weight for CSRF protection rule violations.

enable

custom-policy-op {enable | disable}

Enable to configure the threat weight for custom policy violations.

enable

fail-to-validate-json-schema-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for JSON protection rule violations.

substantial

fail-to-validate-json-schema-op {enable | disable}

Enable to configure the threat weight for violation of failing to validate JSON schema file.

enable

fail-to-validate-xml-schema-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violation of failing to validate JSON schema file.

moderate

fail-to-validate-xml-schema-op {enable | disable}

Enable to configure the threat weight for violation of failing to validate XML schema file.

enable

forbid-xml-entities-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violation of failing to validate XML schema file.

substantial

forbid-xml-entities-op {enable | disable}

Enable to configure the threat weight for forbidden XML entities violations.

enable

format-not-allowed-in-websocket-level {low | critical | informational | moderate | substantial | severe}

When the WebSocket connection is established, data is transmitted in the form of frame.

Set the threat weight for violation that frame formats are not allowed.

moderate

format-not-allowed-in-websocket-op {enable | disable}

Enable to configure the threat weight for violation that frame formats are not allowed.

enable

geo-ip-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for requests from blocked countries or regions based on the associated source IP address.

critical

geo-ip-op {enable | disable}

Enable to configure the threat weight for Geo IP block policy violations.

enable

hidden-field-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for attempts to tamper with hidden field rules.

substantial

hidden-field-protection-op {enable | disable}

Enable to configure the threat weight for hidden field protection rule violations.

enable

http-access-limit-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violation that the number of HTTP requests per second, per source IP address exceeds the limit.

substantial

http-access-limit-op {enable | disable}

Enable to configure the threat weight for violation that the number of HTTP requests per second, per source IP address exceeds the limit.

enable

http-flood-prevention-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for violation that the number ofHTTP requests per second, per session, per URL exceeds the limit.

substantial

http-flood-prevention-op {enable | disable}

Enable to configure the threat weight for violation that the number of HTTP requests per second, per session, per URL exceeds the limit.

enable

http-protocol-constraints-op {enable | disable}

Enable to configure the threat weight for HTTP protocol constraints. Once enabled, the threat weight for each HTTP protocol constraint may be set using waf http-protocol-parameter-restriction.

enable

illegal-file-size-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the file size detection and restriction violation.

moderate

illegal-file-size-op {enable | disable}

Enable to configure the threat weight for the file size detection and restriction violation.

enable

illegal-file-type-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the file type detection and restriction violation.

substantial

illegal-file-type-op {enable | disable}

Enable to configure the threat weight for the file type detection and restriction violation.

enable

ip-list-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for requests from blocklisted IP addresses.

critical

ip-list-op {enable | disable}

Enable to configure the threat weight for requests from blocklisted IP addresses.

enable

ip-replay-violation-level {low | critical | informational | moderate | substantial | severe}

When the security mode is Encrypted, select whether FortiWeb uses the IP address of a request to determine the owner of the cookie.

Set the threat weight for IP replay violations.

substantial

ip-replay-violation-op {enable | disable}

Enable to configure the threat weight for IP replay violations.

enable

ip-reputation-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for requests from IP addresses with a poor reputation.

critical

ip-reputation-op {enable | disable}

Enable to configure the threat weight for requests from IP addresses with a poor reputation.

enable

json-element-length-exceeded-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation that the JSON element length exceeds.

moderate

json-element-length-exceeded-op {enable | disable}

Enable to configure the threat weight for the violation that the JSON element length exceeds.

enable

known-bots-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the known bots attacks.

substantial

known-bots-op {enable | disable}

Enable to configure the threat weight for the known bots attacks.

disable

low-level <level_int>

Set the risk level value for Low level.

10

low-level-score-end <level_int>

Set the low level threat score for different risk levels of a client based on the threat weight sum of all the security violations launched by the client at the time of the last access.

100

malicious-file-detected-by-fortisandbox-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation of malicious file detection by FortiSandbox.

severe

malicious-file-detected-by-fortisandbox-op {enable | disable}

Enable to configure the threat weight for the violation of malicious file detection by FortiSandbox.

enable

malicious-ips-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation that the number of TCP connections per HTTP session exceeds the limit.

substantial

malicious-ips-op {enable | disable}

Enable to configure the threat weight the violation that the number of TCP connections per HTTP session exceeds the limit.

enable

man-in-browser-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for MiTB attacks.

substantial

man-in-browser-protection-op {enable | disable}

Enable to configure the threat weight for MiTB attacks.

enable

medium-level-score-end <level_int>

Set the high threat score for different risk levels of a client based on the threat weight sum of all the security violations launched by the client at the time of the last access.

200

mobile-api-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for mobile API protection rule violations.

substantial

mobile-api-protection-op {enable | disable}

Enable to configure the threat weight for mobile API protection rule violations.

enable

openapi-validation-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for OpenAPI validation rule violations.

moderate

openapi-validation-op {enable | disable}

Enable to configure the threat weight for OpenAPI validation rule violations.

enable

origin-not-allowed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation of origin not allowed.

low

origin-not-allowed-op {enable | disable}

Enable to configure the threat weight for the violation of origin not allowed.

enable

padding-oracle-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for padding oracle attacks.

severe

padding-oracle-protection-op {enable | disable}

Enable to configure the threat weight for padding oracle attacks.

enable

parameter-validation-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for parameter validation violation.

moderate

parameter-validation-op {enable | disable}

Enable to configure threat weight for parameter validation violation.

enable

session-fixation-protection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for session fixation protection rule violation.

moderate

session-fixation-protection-op {enable | disable}

Enable to configure the threat weight for session fixation protection rule violation.

enable

session-idle-timeout-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation of session idle timeout.

moderate

session-idle-timeout-op {enable | disable}

Enable to configure the threat weight for the violation of session idle timeout.

enable

signature-op {enable | disable}

Enable to set the threat weight for each signature rule.

enable

size-exceeds-limit-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation when the maximum acceptable frame header and body size in bytes exceeds the limit.

moderate

size-exceeds-limit-op {enable | disable}

Enable to configure the threat weight for the violation when the maximum acceptable frame header and body size in bytes exceeds the limit.

enable

sql-xss-sbd-op {enable | disable}

Enable to configure the threat weight for the SQL/XSS syntax based detection rule violation.

enable

statistics-period {one-day | three-days | one-week}

Select the amount of time in days that FortiWeb will store the threat score data for an active client.

For example, when the statistics period is 3 days, and the total threat score in this period is 150. Then 150 will be taken as the score to compare with those set fo thrusted/suspicious/malicious clients.

three-days

tcp-flood-prevention-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation when the number of fully-formed TCP connections per source IP address exceeds the limit.

substantial

tcp-flood-prevention-op {enable | disable}

Enable to configure the threat weight for the violation when the number of fully-formed TCP connections per source IP address exceeds the limit.

enable

threshold-based-detection-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the threshold based detection rule violation.

substantial

threshold-based-detection-op {enable | disable}

Enable to configure the threat weight for the threshold based detection rule violation.

disable

trojan-detected-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the Trojan detection rule violation.

enable

trojan-detected-op {enable | disable}

Enable to configure the threat weight for the Trojan detection rule violation.

severe

url-access-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the URL access rule violation.

substantial

url-access-op {enable | disable}

Enable to configure the threat weight for the URL access rule violation.

enable

virus-detected-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the virus detection rule violation.

critical

virus-detected-op {enable | disable}

Enable to configure the threat weight for the virus detection rule violation.

enable

websocket-extensions-not-allowed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation of extension header in WebSocket handshake packet.

substantial

websocket-extensions-not-allowed-op {enable | disable}

Enable to configure the threat weight for the violation of extension header in WebSocket handshake packet.

enable

websocket-traffic-not-allowed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the WebSocket traffic blocking violation.

substantial

websocket-traffic-not-allowed-op {enable | disable}

Enable to configure the threat weight for the WebSocket traffic blocking violation.

enable

wsdl-validation-failed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the WSDL file validation rule violation.

substantial

wsdl-validation-failed-op {enable | disable}

Enable to set the threat weight for the WSDL file validation rule violation.

enable

wsi-check-failed-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the WS-security rule violation.

moderate

wsi-check-failed-op {enable | disable}

Enable to set the threat weight for the WS-security rule violation.

enable

xml-element-length-exceeded-level {low | critical | informational | moderate | substantial | severe}

Set the threat weight for the violation that the XML element length exceeds.

moderate

xml-element-length-exceeded-op {enable | disable}

Enable to configure the threat weight for the violation that the XML element length exceeds.

enable

Related Topics