Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiWeb 8.0.3 CLI Reference
    8.0.3
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0

    waf mcp-security rule

    waf mcp-security rule

    Use this command to define the technical constraints for MCP traffic, such as URL matching and message size limits.

    Syntax

    config waf mcp-security rule

    edit <mcp-security_rule_name>

    set host-status {enable|disable}

    set host <host_str>

    set url-type {plain|regular}

    set url <string>

    set exception <mcp-security_exception_name>

    set size-limit <integer>

    set action {alert|alert_deny|block-period|client-id-block-period|deny_no_log}

    set block-period <integer>

    set severity {High|Info|Low|Medium}

    set trigger <trigger-policy_name>

    next

    end

    Variable

    Description

    Default
    <mcp-security_rule_name> Enter a unique name for the rule that can be referenced by other parts of the configuration.

    No default.
    host-status {enable|disable} Enable this to restrict the rule to specific hostnames. If disabled, the rule applies to all hosts.

    disable
    host <host_str> Enter the specific hostname of the AI application or MCP server.

    No default.
    url-type {plain|regular}

    Select whether the Request URL is a Simple String or a Regular Expression.

    • plain — simple string

    • regular — regular expression

    plain
    url <string>

    Enter the URL path where MCP traffic is sent. You can use wildcards (e.g., /folder1/*) to match multiple URLs.

    No default.
    exception <mcp-security_exception_name> Select an existing MCP Security Policy Exception to exclude trusted traffic from being scanned by this specific rule.

    No default.
    size-limit <integer> Specify the maximum allowed size (in bytes) for a streamed MCP message block. The range is 0 to 8388607, where 0 means no limitation. This limit applies to the response direction.

    4194303

    action {alert|alert_deny|block-period|client-id-block-period|deny_no_log}

    Select which action FortiWeb will take when it detects a violation of the MCP security policy:

    • alert—Accept the connection and generate an alert email and/or log message.
    • deny_no_log—Block the request (or reset the connection).
    • alert_deny—Block the request (or reset the connection) and generate an alert and/or log message.
    • block-period—Block subsequent requests from the client for a number of seconds.
    • client-id-block-period—Block subsequent requests from the client based on the FortiWeb generated client ID for a number of seconds.

    alert

    block-period <integer>

    Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule.

    This setting is available only if action is set to block-period or client-id-block-period. The valid range is from 1 to 3,600 seconds (1 hour).

    600

    severity {High|Info|Low|Medium}

    When rule violations are recorded in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level to use when FortiWeb logs a violation of the rule:

    • Info
    • Low
    • Medium
    • High

    Low
    trigger <trigger-policy_name> Select which trigger, if any, to use when FortiWeb logs and/or sends an alert email about a violation of the rule. For details, see "Viewing log messages" on page 1.

    No default.

    Related topics

    waf mcp-security policy

    waf mcp-security exception

    Previous
    Next

    waf mcp-security rule

    waf mcp-security rule

    Use this command to define the technical constraints for MCP traffic, such as URL matching and message size limits.

    Syntax

    config waf mcp-security rule

    edit <mcp-security_rule_name>

    set host-status {enable|disable}

    set host <host_str>

    set url-type {plain|regular}

    set url <string>

    set exception <mcp-security_exception_name>

    set size-limit <integer>

    set action {alert|alert_deny|block-period|client-id-block-period|deny_no_log}

    set block-period <integer>

    set severity {High|Info|Low|Medium}

    set trigger <trigger-policy_name>

    next

    end

    Variable

    Description

    Default
    <mcp-security_rule_name> Enter a unique name for the rule that can be referenced by other parts of the configuration.

    No default.
    host-status {enable|disable} Enable this to restrict the rule to specific hostnames. If disabled, the rule applies to all hosts.

    disable
    host <host_str> Enter the specific hostname of the AI application or MCP server.

    No default.
    url-type {plain|regular}

    Select whether the Request URL is a Simple String or a Regular Expression.

    • plain — simple string

    • regular — regular expression

    plain
    url <string>

    Enter the URL path where MCP traffic is sent. You can use wildcards (e.g., /folder1/*) to match multiple URLs.

    No default.
    exception <mcp-security_exception_name> Select an existing MCP Security Policy Exception to exclude trusted traffic from being scanned by this specific rule.

    No default.
    size-limit <integer> Specify the maximum allowed size (in bytes) for a streamed MCP message block. The range is 0 to 8388607, where 0 means no limitation. This limit applies to the response direction.

    4194303

    action {alert|alert_deny|block-period|client-id-block-period|deny_no_log}

    Select which action FortiWeb will take when it detects a violation of the MCP security policy:

    • alert—Accept the connection and generate an alert email and/or log message.
    • deny_no_log—Block the request (or reset the connection).
    • alert_deny—Block the request (or reset the connection) and generate an alert and/or log message.
    • block-period—Block subsequent requests from the client for a number of seconds.
    • client-id-block-period—Block subsequent requests from the client based on the FortiWeb generated client ID for a number of seconds.

    alert

    block-period <integer>

    Enter the number of seconds that you want to block subsequent requests from the client after the FortiWeb appliance detects that the client has violated the rule.

    This setting is available only if action is set to block-period or client-id-block-period. The valid range is from 1 to 3,600 seconds (1 hour).

    600

    severity {High|Info|Low|Medium}

    When rule violations are recorded in the attack log, each log message contains a Severity Level (severity_level) field. Select which severity level to use when FortiWeb logs a violation of the rule:

    • Info
    • Low
    • Medium
    • High

    Low
    trigger <trigger-policy_name> Select which trigger, if any, to use when FortiWeb logs and/or sends an alert email about a violation of the rule. For details, see "Viewing log messages" on page 1.

    No default.

    Related topics

    waf mcp-security policy

    waf mcp-security exception

    Previous
    Next