Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 7.0.0 CLI Reference
    7.0.0
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    waf geo-block-list

    waf geo-block-list

    Use this command to define large sets of client IP addresses to block based upon their associated geographical location.

    Because network mappings may change as networks grow and shrink, if you use this feature, be sure to periodically update the geography-to-IP mapping database. To download the file, go to the Fortinet Customer Service & Support website:

    https://support.fortinet.com

    Optionally, you can also specify a list of IP addresses or IP address ranges that are exempt from this blacklist. For details, see waf geo-ip-except.

    Alternatively, you can block clients individually (see server-policy custom-application application-policy) or based upon their reputation (see waf ip-intelligence).

    To apply the rule, select it in a protection profile. For details, see waf web-protection-profile inline-protection or waf web-protection-profile offline-protection.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

    Syntax

    config waf geo-block-list

    edit "<geography-to-ip_name>"

    set severity {High | Medium | Low | Info}

    set action { alert_deny | block-period | deny_no_log}

    set block-period <block_period_int>

    set trigger "<trigger-policy_name>"

    set ignore-x-forwarded-for {enable | disable}

    config country-list

    edit <entry_index>

    set country-name "<region_name>"

    next

    end

    next

    end

    Variable Description Default

    "<geography-to-ip_name>"

    Enter the name of a new or existing rule. The maximum length is 63 characters.

    To display the list of existing rules, enter:

    edit ?

    		No default.

    severity {High | Medium | Low | Info}

    		 Select the severity level to use in logs and reports generated when a violation of the rule occurs. Low

    action { alert_deny | block-period | deny_no_log}

    Select which action FortiWeb will take when it detects a violation of the rule:

    • alert_deny—Block the request (or reset the connection) and generate an alert and/or log message.

    • deny_no_log—Block the request (or reset the connection).

    • block-period—Block subsequent requests from the client for a number of seconds. Also configure block-period.

    Note: This setting will be ignored if monitor-mode {enable | disable} is enabled in a server policy.

    alert_deny

    block-period <block_period_int>

    Enter the number of seconds that you want to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1–3,600 seconds.

    This setting is available only if Action is set to block-period.

    600

    trigger "<trigger-policy_name>"

    Enter the name of the trigger to apply when this rule is violated. For details, see log trigger-policy. The maximum length is 63 characters.

    To display the list of existing trigger policies, enter:

    set trigger ?

    		No default.

    ignore-x-forwarded-for {enable | disable}

    By default, FortiWeb scans the IP addresses in the X-Forwarded-For header at the HTTP layer. This causes high resource consumption. To enhance the performance, you can enable Ignore X-Forwarded-For so that the IP addresses can be scanned at the TCP layer instead. This avoids HTTP packets being processed unnecessarily.

    disable

    <entry_index>

    		 Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

    country-name "<region_name>"

    Enter the name of a region (Antarctica or Bouvet Island) or country (U.S.) as it is written in English. Surround names with multiple words or apostrophes in double quotes.

    The list of locations varies by the currently installed IP-to-geography mapping package. For a current list of locations, use the web UI.

    		 No default.

    Example

    This example creates a set of North American IP addresses that a server policy can use to block clients with IP addresses belonging to Belize and Canada. FortiWeb does not block the IP addresses specified by the allow-north-america exception list.

    config waf geo-block-list

    edit "north-america"

    set trigger "notification-servers1"

    set exception rule "allow-north-america"

    set severity Low

    config country-list

    edit 1

    set country-name "Belize"

    next

    edit 2

    set country-name "Canada"

    next

    end

    next

    end

    Related topics

    Previous
    Next

    waf geo-block-list

    waf geo-block-list

    Use this command to define large sets of client IP addresses to block based upon their associated geographical location.

    Because network mappings may change as networks grow and shrink, if you use this feature, be sure to periodically update the geography-to-IP mapping database. To download the file, go to the Fortinet Customer Service & Support website:

    https://support.fortinet.com

    Optionally, you can also specify a list of IP addresses or IP address ranges that are exempt from this blacklist. For details, see waf geo-ip-except.

    Alternatively, you can block clients individually (see server-policy custom-application application-policy) or based upon their reputation (see waf ip-intelligence).

    To apply the rule, select it in a protection profile. For details, see waf web-protection-profile inline-protection or waf web-protection-profile offline-protection.

    To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

    Syntax

    config waf geo-block-list

    edit "<geography-to-ip_name>"

    set severity {High | Medium | Low | Info}

    set action { alert_deny | block-period | deny_no_log}

    set block-period <block_period_int>

    set trigger "<trigger-policy_name>"

    set ignore-x-forwarded-for {enable | disable}

    config country-list

    edit <entry_index>

    set country-name "<region_name>"

    next

    end

    next

    end

    Variable Description Default

    "<geography-to-ip_name>"

    Enter the name of a new or existing rule. The maximum length is 63 characters.

    To display the list of existing rules, enter:

    edit ?

    		No default.

    severity {High | Medium | Low | Info}

    		 Select the severity level to use in logs and reports generated when a violation of the rule occurs. Low

    action { alert_deny | block-period | deny_no_log}

    Select which action FortiWeb will take when it detects a violation of the rule:

    • alert_deny—Block the request (or reset the connection) and generate an alert and/or log message.

    • deny_no_log—Block the request (or reset the connection).

    • block-period—Block subsequent requests from the client for a number of seconds. Also configure block-period.

    Note: This setting will be ignored if monitor-mode {enable | disable} is enabled in a server policy.

    alert_deny

    block-period <block_period_int>

    Enter the number of seconds that you want to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1–3,600 seconds.

    This setting is available only if Action is set to block-period.

    600

    trigger "<trigger-policy_name>"

    Enter the name of the trigger to apply when this rule is violated. For details, see log trigger-policy. The maximum length is 63 characters.

    To display the list of existing trigger policies, enter:

    set trigger ?

    		No default.

    ignore-x-forwarded-for {enable | disable}

    By default, FortiWeb scans the IP addresses in the X-Forwarded-For header at the HTTP layer. This causes high resource consumption. To enhance the performance, you can enable Ignore X-Forwarded-For so that the IP addresses can be scanned at the TCP layer instead. This avoids HTTP packets being processed unnecessarily.

    disable

    <entry_index>

    		 Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

    country-name "<region_name>"

    Enter the name of a region (Antarctica or Bouvet Island) or country (U.S.) as it is written in English. Surround names with multiple words or apostrophes in double quotes.

    The list of locations varies by the currently installed IP-to-geography mapping package. For a current list of locations, use the web UI.

    		 No default.

    Example

    This example creates a set of North American IP addresses that a server policy can use to block clients with IP addresses belonging to Belize and Canada. FortiWeb does not block the IP addresses specified by the allow-north-america exception list.

    config waf geo-block-list

    edit "north-america"

    set trigger "notification-servers1"

    set exception rule "allow-north-america"

    set severity Low

    config country-list

    edit 1

    set country-name "Belize"

    next

    edit 2

    set country-name "Canada"

    next

    end

    next

    end

    Related topics

    Previous
    Next