waf biometrics-based-detection
By checking the client events such as mouse movement, keyboard, screen touch, and scroll, etc in specified period, FortiWeb judges whether the request comes from a human or from a bot. You can use this command to configure the biometrics based detection rule to define the client event, collection period, and the request URL, etc.
Syntax
config waf biometrics-based-detection
edit <biometrics-based-detection-name_str>
set mouse-movement {enable | disable}
set screen-touch {enable | disable}
set keyboard {enable | disable}
set event-collection-time <time_int>
set bot-effective-time <time_int>
set action {alert | alert_deny | | deny_no_log}
set severity {high | medium | low | Info}
config url-list
edit <url-list_id>
set host <host_str>
set host-status {enable | disable}
set type {simple-string | regex-expression}
set url <url_str>
next
end
next
end
Variable | Description | Default |
---|---|---|
<biometrics-based-detection-name_str> | Type a unique name that can be referenced in other parts of the configuration. | No default. |
mouse-movement {enable | disable} | Click to enable monitoring the mouse movement event. | enable
|
Click to enable monitoring the keyboard event. | enable
|
|
Click to enable monitoring the click event. | enable
|
|
Click to enable monitoring the screen touch event. | disable
|
|
Click to enable monitoring the scroll event. | disable
|
|
Specify how long the events will be collected from the client. |
|
|
For the identified bot, choose the time period before FortiWeb tests and verifies the bot again. |
|
|
action {alert | alert_deny | | deny_no_log} |
Select which action FortiWeb will take when it detects a violation of the policy:
The default value is Alert. |
Alert
|
severity {high | medium | low | Info} |
When policy violations are recorded in the attack log, each log message contains a Severity Level (
|
Low
|
trigger <trigger_policy> | Select the trigger, if any, that FortiWeb will use when it logs and/or sends an alert email about a violation of the policy. For details, see Viewing log messages. | No default. |
<url-list_id> | Enter the sequence number of the URL. | No default. |
Select the name of a protected host that the |
No default. |
|
Enable to apply this rule only to HTTP requests for specific web hosts. Also configure host <host_str>. |
|
|
Select whether the url <url_str> field must contain either:
|
|
|
Depending on your selection in type {simple-string | regex-expression}, enter either:
|
No default. |
Related topics