waf known-bots
Known Bots protects your websites, mobile applications, and APIs from malicious bots such as DoS, Spam, and Crawler, etc, and known good bots such as known search engines without affecting the flow of critical traffic. This feature identifies and manages a wide range of attacks from automated tools no matter where these applications or APIs are deployed.
Use these commands to configure known bots prevention.
Syntax
config waf known-bots
edit "known-bots_rule_name"
set crawler-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}
set crawler-block-period <period_int>
set crawler-severity {High | Medium | Low | Info}
set crawler-status {enable | disable}
set crawler-threat-weight {low | critical | informational | moderate | substantial | severe}
set crawler-trigger <trigger_policy_name>
set dos-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}
set dos-block-period <period_int>
set dos-severity {High | Medium | Low | Info}
set dos-status {enable | disable}
set dos-threat-weight {low | critical | informational | moderate | substantial | severe}
set dos-trigger <trigger_policy_name>
set known-engines-action {alert | bypass | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}
set known-engines-block-period <period_int>
set known-engines-severity {High | Medium | Low | Info}
set known-engines-status {enable | disable}
set known-engines-threat-weight {low | critical | informational | moderate | substantial | severe}
set known-engines-trigger <trigger_policy_name>
set scanner-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}
set scanner-block-period <period_int>
set scanner-severity {High | Medium | Low | Info}
set scanner-status {enable | disable}
set scanner-threat-weight {low | critical | informational | moderate | substantial | severe}
set scanner-trigger <trigger_policy_name>
set spam-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}
set spam-block-period <period_int>
set spam-severity {High | Medium | Low | Info}
set spam-status {enable | disable}
set spam-threat-weight {low | critical | informational | moderate | substantial | severe}
set spam-trigger <trigger_policy_name>
set trojan-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response}
set trojan-block-period <period_int>
set trojan-severity {High | Medium | Low | Info}
set trojan-status {enable | disable}
set trojan-threat-weight {low | critical | informational | moderate | substantial | severe}
set trojan-trigger <trigger_policy_name>
config malicious-bot-disable-list
edit "<malicious-bot-disable-list_name>"
next
end
config known-good-bots-disable-list
edit "<known-good-bots-disable-list_name>"
next
end
next
end
Variable | Description | Default |
"known-bots_rule_name" |
Enter a name for the known bots rule name. |
No default |
crawler-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response} |
Select the action FortiWeb takes when this type attack is identified.
Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail. |
alert_deny
|
crawler-block-period <period_int> | Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack. | 600
|
crawler-severity {High | Medium | Low | Info} |
When policy violations are recorded in the attack log, each log message contains a Severity Level (
|
High
|
crawler-status {enable | disable} |
Enable or disable the bot type detection for this rule. |
|
crawler-threat-weight {low | critical | informational | moderate | substantial | severe} |
Set the threat weight for crawler bot attack. |
|
crawler-trigger <trigger_policy_name> |
Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter:
|
No default |
dos-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response} |
Select the action FortiWeb takes when this type attack is identified.
Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail. |
alert_deny
|
Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack. | 600
|
|
dos-severity {High | Medium | Low | Info} |
When policy violations are recorded in the attack log, each log message contains a Severity Level (
|
High
|
dos-status {enable | disable} |
Enable or disable the bot type detection for this rule. |
|
dos-threat-weight {low | critical | informational | moderate | substantial | severe} |
Set the threat weight for DoS bot attack. |
|
dos-trigger <trigger_policy_name> |
Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter:
|
No default |
known-engines-action {alert | bypass | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response} |
Select the action FortiWeb takes when this type attack is identified.
Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail. |
bypass
|
Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack. | 600
|
|
known-engines-severity {High | Medium | Low | Info} |
When policy violations are recorded in the attack log, each log message contains a Severity Level (
|
Info
|
known-engines-status {enable | disable} |
Enable or disable the bot type detection for this rule. |
|
known-engines-threat-weight {low | critical | informational | moderate | substantial | severe} |
Set the threat weight for known search engines attack. |
|
known-engines-trigger <trigger_policy_name> |
Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter:
|
No default |
scanner-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response} |
Select the action FortiWeb takes when this type attack is identified.
Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail. |
alert_deny
|
Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack. | 600
|
|
scanner-severity {High | Medium | Low | Info} |
When policy violations are recorded in the attack log, each log message contains a Severity Level (
|
High
|
scanner-status {enable | disable} |
Enable or disable the bot type detection for this rule. |
|
scanner-threat-weight {low | critical | informational | moderate | substantial | severe} |
Set the threat weight for scanner bot attack. |
|
scanner-trigger <trigger_policy_name> |
Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter:
|
No default |
spam-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response} |
Select the action FortiWeb takes when this type attack is identified.
Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail. |
alert_deny
|
Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack. | 600
|
|
spam-severity {High | Medium | Low | Info} |
When policy violations are recorded in the attack log, each log message contains a Severity Level (
|
High
|
spam-status {enable | disable} |
Enable or disable the bot type detection for this rule. |
|
spam-threat-weight {low | critical | informational | moderate | substantial | severe} |
Set the threat weight for scanner bot attack. |
|
spam-trigger <trigger_policy_name> |
Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter:
|
No default |
trojan-action {alert | redirect | deny_no_log | alert_deny | block_period | send_HTTP_response} |
Select the action FortiWeb takes when this type attack is identified.
Note: Logging and/or alert email will occur only if enabled and configured. See log and log alertMail. |
alert_deny
|
Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects this type attack. | 600
|
|
trojan-severity {High | Medium | Low | Info} |
When policy violations are recorded in the attack log, each log message contains a Severity Level (
|
High
|
trojan-status {enable | disable} |
Enable or disable the bot type detection for this rule. |
|
trojan-threat-weight {low | critical | informational | moderate | substantial | severe} |
Set the threat weight for Trojan bot attack. |
|
trojan-trigger <trigger_policy_name> |
Enter the name of the trigger to apply when this policy is violated. For details, see log trigger-policy. To display the list of existing triggers, enter:
|
No default |
"<malicious-bot-disable-list_name>" |
Select the malicious bot list not to be scanned. |
No default |
"<known-good-bots-disable-list_name>" |
Select the known good bots list not to be scanned. |
No default |