waf_known_bots

waf known-bots

Known Bots protects your websites, mobile applications, and APIs from malicious bots such as DoS, Spam, and Crawler, etc, and known good bots such as known search engines without affecting the flow of critical traffic. This feature identifies and manages a wide range of attacks from automated tools no matter where these applications or APIs are deployed.

Use these commands to configure known bots prevention.

Syntax

config waf known-bots

edit "known-bots_rule_name"

set crawler-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set crawler-block-period <period_int>

set crawler-severity {High | Medium | Low | Info}

set crawler-status {enable | disable}

set crawler-threat-weight {low | critical | informational | moderate | substantial | severe}

set crawler-trigger <trigger_policy_name>

set dos-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set dos-block-period <period_int>

set dos-severity {High | Medium | Low | Info}

set dos-status {enable | disable}

set dos-threat-weight {low | critical | informational | moderate | substantial | severe}

set dos-trigger <trigger_policy_name>

set known-engines-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set known-engines-block-period <period_int>

set known-engines-severity {High | Medium | Low | Info}

set known-engines-status {enable | disable}

set known-engines-threat-weight {low | critical | informational | moderate | substantial | severe}

set known-engines-trigger <trigger_policy_name>

set scanner-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set scanner-block-period <period_int>

set scanner-severity {High | Medium | Low | Info}

set scanner-status {enable | disable}

set scanner-threat-weight {low | critical | informational | moderate | substantial | severe}

set scanner-trigger <trigger_policy_name>

set spam-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set spam-block-period <period_int>

set spam-severity {High | Medium | Low | Info}

set spam-status {enable | disable}

set spam-threat-weight {low | critical | informational | moderate | substantial | severe}

set spam-trigger <trigger_policy_name>

set trojan-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set trojan-block-period <period_int>

set trojan-severity {High | Medium | Low | Info}

set trojan-status {enable | disable}

set trojan-threat-weight {low | critical | informational | moderate | substantial | severe}

set trojan-trigger <trigger_policy_name>

config malicious-bot-disable-list

edit "<malicious-bot-disable-list_name>"

end

config known-good-bots-disable-list

edit "<known-good-bots-disable-list_name>"

end

Variable	Description	Default
"known-bots_rule_name"	Enter a name for the known bots rule name.	No default
crawler-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure crawler-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
crawler-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
crawler-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
crawler-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
crawler-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for crawler bot attack.	`critical`
crawler-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
dos-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure dos-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
dos-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
dos-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
dos-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
dos-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for DoS bot attack.	`critical`
dos-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
known-engines-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure known-engines-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
known-engines-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
known-engines-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`Info`
known-engines-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
known-engines-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for known search engines attack.	`informational`
known-engines-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
scanner-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure scanner-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
scanner-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
scanner-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
scanner-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
scanner-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for scanner bot attack.	`critical`
scanner-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
spam-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure spam-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
spam-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
spam-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
spam-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
spam-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for scanner bot attack.	`critical`
spam-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
trojan-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure trojan-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
trojan-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
trojan-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
trojan-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
trojan-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for Trojan bot attack.	`critical`
trojan-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
"<malicious-bot-disable-list_name>"	Select the malicious bot list not to be scanned.	No default
"<known-good-bots-disable-list_name>"	Select the known good bots list not to be scanned.	No default

waf known-bots

Use these commands to configure known bots prevention.

Syntax

config waf known-bots

edit "known-bots_rule_name"

set crawler-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set crawler-block-period <period_int>

set crawler-severity {High | Medium | Low | Info}

set crawler-status {enable | disable}

set crawler-threat-weight {low | critical | informational | moderate | substantial | severe}

set crawler-trigger <trigger_policy_name>

set dos-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set dos-block-period <period_int>

set dos-severity {High | Medium | Low | Info}

set dos-status {enable | disable}

set dos-threat-weight {low | critical | informational | moderate | substantial | severe}

set dos-trigger <trigger_policy_name>

set known-engines-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set known-engines-block-period <period_int>

set known-engines-severity {High | Medium | Low | Info}

set known-engines-status {enable | disable}

set known-engines-threat-weight {low | critical | informational | moderate | substantial | severe}

set known-engines-trigger <trigger_policy_name>

set scanner-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set scanner-block-period <period_int>

set scanner-severity {High | Medium | Low | Info}

set scanner-status {enable | disable}

set scanner-threat-weight {low | critical | informational | moderate | substantial | severe}

set scanner-trigger <trigger_policy_name>

set spam-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set spam-block-period <period_int>

set spam-severity {High | Medium | Low | Info}

set spam-status {enable | disable}

set spam-threat-weight {low | critical | informational | moderate | substantial | severe}

set spam-trigger <trigger_policy_name>

set trojan-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}

set trojan-block-period <period_int>

set trojan-severity {High | Medium | Low | Info}

set trojan-status {enable | disable}

set trojan-threat-weight {low | critical | informational | moderate | substantial | severe}

set trojan-trigger <trigger_policy_name>

config malicious-bot-disable-list

edit "<malicious-bot-disable-list_name>"

end

config known-good-bots-disable-list

edit "<known-good-bots-disable-list_name>"

end

Variable	Description	Default
"known-bots_rule_name"	Enter a name for the known bots rule name.	No default
crawler-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure crawler-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
crawler-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
crawler-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
crawler-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
crawler-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for crawler bot attack.	`critical`
crawler-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
dos-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure dos-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
dos-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
dos-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
dos-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
dos-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for DoS bot attack.	`critical`
dos-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
known-engines-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure known-engines-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
known-engines-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
known-engines-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`Info`
known-engines-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
known-engines-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for known search engines attack.	`informational`
known-engines-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
scanner-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure scanner-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
scanner-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
scanner-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
scanner-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
scanner-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for scanner bot attack.	`critical`
scanner-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
spam-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure spam-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
spam-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
spam-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
spam-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
spam-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for scanner bot attack.	`critical`
spam-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
trojan-action {alert \| redirect \| deny_no_log \| alert_deny \| block_period \| send_HTTP_response}	Select the action FortiWeb takes when this type attack is identified. `alert`—Accept the request and generate an alert email and/or log message. `alert_deny`—Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `deny_no_log`—Block the request (or reset the connection). `redirect`—Redirect the request to the URL that you specify in the protection profile and generate an alert email and/or log message. `block_period`—Block subsequent requests from the client for a number of seconds. Also configure trojan-block-period <period_int>. You can customize the web page that FortiWeb returns to the client with the HTTP status code. For details, see system replacemsg-image. `send_HTTP_response`—Block and reply to the client with an HTTP error message and generate an alert email and/or log message. Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail.	`alert_deny`
trojan-block-period <period_int>	Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack.	`600`
trojan-severity {High \| Medium \| Low \| Info}	When policy violations are recorded in the attack log, each log message contains a Severity Level (`severity_level`) field. Select which severity level FortiWeb will use when it logs an attack: High Medium Low Info	`High`
trojan-status {enable \| disable}	Enable or disable the bot type detection for this rule.	`enable`
trojan-threat-weight {low \| critical \| informational \| moderate \| substantial \| severe}	Set the threat weight for Trojan bot attack.	`critical`
trojan-trigger <trigger_policy_name>	Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter: `set trigger ?`	No default
"<malicious-bot-disable-list_name>"	Select the malicious bot list not to be scanned.	No default
"<known-good-bots-disable-list_name>"	Select the known good bots list not to be scanned.	No default

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

waf known-bots

Syntax

Related Topics

waf_known_bots

waf known-bots

Syntax

Related Topics