waf geo-ip-except
Use this command to specify IP addresses or ranges of IP addresses that are exceptions to the list of client IP addresses that FortiWeb blocks based on their geographic location.
For details about creating the blocklist by country or region, see waf geo-block-list.
To use this command, your administrator account’s access control profile must have either w
or rw
permission to the wafgrp
area. For details, see Permissions.
Syntax
config waf geo-ip-except
edit <entry_index>
set ip {"<address_ipv4>" | "<ip_range_ipv4>"}
next
end
next
end
Variable | Description | Default |
Enter the name of a new or existing list of exceptions. To display the list of existing rules, enter:
|
No default. | |
Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. | No default. | |
Enter the IP address or IP address range that is exempt from blocking based on its geographic location. | No default. |
Example
This example adds the IP address range 192.0.2.0 to 192.0.2.5 to the geo-location blocklist exception list allow-north-america
.
config waf geo-ip-except
edit "allow-north-america"
set ip "92.0.2.0-192.0.2.5"
end
next
end