Fortinet white logo
Fortinet white logo

Administration Guide

Creating GraphQL protection policy

Creating GraphQL protection policy

You can configure a GraphQL protection policy so that FortiWeb will:

  • Safeguard GraphQL APIs from signature attacks,
  • Ensure that the GraphQL API requests do not consume excessive resources, so as to achieve secure and efficient operation.

Each policy can contain up to 256 GraphQL protection rules.

This section provides instructions to:

  • Create a GraphQL protection policy
  • Select a GraphQL protection policy in a web protection profile
To create a GraphQL protection policy
  1. Go to GraphQL Protection > GraphQL Protection Policy.
  2. Click Create New.
  3. For Name, enter a name for the policy. You will use the Name to select the policy in a web protection profile. The maximum length is 63 characters.
  4. The Signature Detection option is disabled by default. Enable to scan for matches with signature attacks in GraphQL API requests.
  5. Click OK.
  6. To add GraphQL protection rules to the policy, see To add a GraphQL protection rule to a GraphQL protection policy.
To select a GraphQL protection policy in a web protection profile

For details about creating a web protection profile, see Configuring a protection profile for inline topologies.

  1. Go to Policy > Web Protection Profile.
  2. To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Web Protection Configuration category. For details, see Permissions.

  3. Select the Inline Protection Profile tab.
  4. Select an existing web protection profile to which you want to include the GraphQL protection policy.
  5. Click Edit.
  6. For API Protection > GraphQL Protection, select the GraphQL protection policy from the drop down list.

    Note: To view details about a selected GraphQL protection policy, click the view icon next to the drop down list.

  7. Click OK.

Creating GraphQL protection policy

Creating GraphQL protection policy

You can configure a GraphQL protection policy so that FortiWeb will:

  • Safeguard GraphQL APIs from signature attacks,
  • Ensure that the GraphQL API requests do not consume excessive resources, so as to achieve secure and efficient operation.

Each policy can contain up to 256 GraphQL protection rules.

This section provides instructions to:

  • Create a GraphQL protection policy
  • Select a GraphQL protection policy in a web protection profile
To create a GraphQL protection policy
  1. Go to GraphQL Protection > GraphQL Protection Policy.
  2. Click Create New.
  3. For Name, enter a name for the policy. You will use the Name to select the policy in a web protection profile. The maximum length is 63 characters.
  4. The Signature Detection option is disabled by default. Enable to scan for matches with signature attacks in GraphQL API requests.
  5. Click OK.
  6. To add GraphQL protection rules to the policy, see To add a GraphQL protection rule to a GraphQL protection policy.
To select a GraphQL protection policy in a web protection profile

For details about creating a web protection profile, see Configuring a protection profile for inline topologies.

  1. Go to Policy > Web Protection Profile.
  2. To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Web Protection Configuration category. For details, see Permissions.

  3. Select the Inline Protection Profile tab.
  4. Select an existing web protection profile to which you want to include the GraphQL protection policy.
  5. Click Edit.
  6. For API Protection > GraphQL Protection, select the GraphQL protection policy from the drop down list.

    Note: To view details about a selected GraphQL protection policy, click the view icon next to the drop down list.

  7. Click OK.