Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

wad website

Use this command to enable and configure website defacement attack detection and automatic repair.

The FortiWeb appliance monitors the website’s files for any changes and folder modifications at specified time intervals. If it detects a change that could indicate a defacement attack, the FortiWeb appliance notifies you, and can quickly react by automatically restoring the website contents to the previous backup revision.

Optionally, you can specify a filter that either defines which files and folders FortiWeb does not scan when it looks for changes (blocklist) or the specific files and folders you want it to monitor (allowlist). For details, see wad file-filter.

FortiWeb automatically backs up website files and creates a revision in the following cases:

  • When the FortiWeb appliance initiates monitoring for the first time, the FortiWeb appliance downloads a backup copy of the website’s files and stores it as the first revision.
  • If the FortiWeb appliance could not successfully connect during a monitor interval, it creates a new revision the next time it re-establishes the connection.
When you intentionally modify the website, you must disable the monitor option; otherwise, the FortiWeb appliance sees your changes as a defacement attempt and undoes them.

Backup copies omit files exceeding the file size limit and/or matching the file extensions that you have configured the FortiWeb appliance to omit. For details, see backup-max-fsize <limit_int> and backup-skip-ftype "<extensions_str>".

To use this command, your administrator account’s access control profile must have either w or rw permission to the wadgrp area. For details, see Permissions.

Syntax

config wad website

edit <entry_index>

set alert-email "<email-policy_name>"

set auto {disable | restore | acknowledge}

set backup-max-fsize <limit_int>

set backup-skip-ftype "<extensions_str>"

set connect-type {ftp | smb | ssh}

set description "<comment_str>"

set hostname-ip {"<host_ipv4>" | "<host_fqdn>"}

set interval-other <seconds_int>

set interval-root <seconds_int>

set monitor {enable | disable}

set monitor-depth <folders_int>

set name "<name_str>"

set password "<password_str>"

set port <port_int>

set share-name "<share_str>"

set user "<user_str>"

set web-folder "<path_str>"

set file-filter "wad-file-filter_name>"

next

end

Variable Description Default

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–16. No default.

alert-email "<email-policy_name>"

Enter the name of the email policy that specifies the email address that FortiWeb sends an email to when it detects that the website changed. (See log email-policy.)The maximum length is 63 characters. No default.

auto {disable | restore | acknowledge}

Enter the action that FortiWeb takes when it detects that the website has changed.

  • disableFortiWeb takes no action. You can use the web UI to manually restore all or some of the changed files.
  • restore—Restore the website to the previous revision number.
  • acknowledge—Accept changes to the website.

Note: When you intentionally modify the website, type acknowledge. Otherwise, the FortiWeb appliance detects your changes as a defacement attempt and undoes them.

disable

backup-max-fsize <limit_int>

Enter a file size limit in kilobytes (KB) to indicate which files will be included in the website backup. Files exceeding this size will not be backed up. The valid range is 1–1,048,576 kilobytes.

Note: Backing up large files can impact performance.

10240

backup-skip-ftype "<extensions_str>"

Enter zero or more file extensions, such as iso,avi, to exclude from the website backup. Separate each file extension with a comma. The maximum length is 512 characters.

Note: Backing up large files, such as video and audio, can impact performance.

No default.

connect-type {ftp | smb | ssh}

Select which protocol to use when connecting to the website in order to monitor its contents and download website backups. For Microsoft Windows-style shares, enter smb. ftp

description "<comment_str>"

Enter a description or other comment. If the comment is more than one word or contains special characters, surround the comment with double quotes ( " ). The maximum length is 256 characters. No default.

hostname-ip {"<host_ipv4>" | "<host_fqdn>"}

Enter the IP address or fully qualified domain name (FQDN) of the physical server on which the website is hosted.

This will be used when connecting by SSH or FTP to the website to monitor its contents and download backup revisions, and therefore could be different from the real or virtual web host name that may appear in the Host: field of HTTP headers.

No default.

interval-other <seconds_int>

Enter the amount of time (in seconds) between each monitoring connection from the FortiWeb appliance to the web server. During this connection, the FortiWeb appliance examines the website’s subfolders to see if any files have been changed by comparing the files with the latest backup. The valid range is 1–86,400.

If any file change is detected, the FortiWeb appliance will download a new backup revision. If you've enabled auto {disable | restore | acknowledge}, the FortiWeb appliance will revert the files to their previous version.

600

interval-root <seconds_int>

Enter the number of seconds between each monitoring connection from the FortiWeb appliance to the web server. During this connection, the FortiWeb appliance examines web-folder "<path_str>" (but not its subfolders) to see if any files have been changed by comparing the files with the latest backup. The valid range is 1–86,400.

If any file change is detected, the FortiWeb appliance will download a new backup revision. If you've enabled auto {disable | restore | acknowledge}, the FortiWeb appliance will revert the files to their previous version.

60

monitor {enable | disable}

Enable to monitor the website’s files for changes, and to download backup revisions that can be used to revert the website to its previous revision if the FortiWeb appliance detects a change attempt. enable

monitor-depth <folders_int>

Enter how many folder levels deep to monitor for changes to the website’s files. Files in subfolders deeper than this level will not be backed up. The valid range is 1–10. 5

name "<name_str>"

Enter a name for the website. The maximum length is 63 characters.

This name will not be used when monitoring the website, nor will it be referenced in any other part of the configuration, and therefore can be any identifier that is useful to you. It does not need to be the website’s FQDN or virtual host name.

No default.

password "<password_str>"

Enter the password for the user name you entered in user "<user_str>". The maximum length is 63 characters. No default.

port <port_int>

Enter the port number on which the website’s physical server listens. The standard port number for FTP is 21; the standard port number for SSH is 22.

This is applicable only if connect-type {ftp | smb | ssh} is ftp or ssh.

21

share-name "<share_str>"

Enter the name of the shared folder on the web server. The maximum length is 63 characters.

This variable appears only if connect-type {ftp | smb | ssh} is smb.

No default.

user "<user_str>"

Enter the user name that the FortiWeb appliance will use to log in to the website’s physical server. The maximum length is 63 characters. No default.

web-folder "<path_str>"

Enter the path to the website’s folder, such as public_html, on the physical server. The path is relative to the initial location when logging in with the user name that you specify in user "<user_str>". The maximum length is 1,023 characters.

Available only if the value of connect-type {ftp | smb | ssh} is ftp or ssh.

No default.

file-filter "wad-file-filter_name>"

Enter the filter that specifies either the files and folders that FortiWeb excludes from anti-defacement monitoring or the specific files and folders to monitor. No default.

Example

config wad website

edit 1

set alert-email "email_policy_1"

set connect-type ssh

set hostname-ip "192.0.2.10"

set monitor enable

set name "www.example.com"

set password "P@ssword1"

set port 22

set user "fortiweb"

set web-folder "public_html"

set file-filter "video-folder"

next

end

Related topics

wad website

Use this command to enable and configure website defacement attack detection and automatic repair.

The FortiWeb appliance monitors the website’s files for any changes and folder modifications at specified time intervals. If it detects a change that could indicate a defacement attack, the FortiWeb appliance notifies you, and can quickly react by automatically restoring the website contents to the previous backup revision.

Optionally, you can specify a filter that either defines which files and folders FortiWeb does not scan when it looks for changes (blocklist) or the specific files and folders you want it to monitor (allowlist). For details, see wad file-filter.

FortiWeb automatically backs up website files and creates a revision in the following cases:

  • When the FortiWeb appliance initiates monitoring for the first time, the FortiWeb appliance downloads a backup copy of the website’s files and stores it as the first revision.
  • If the FortiWeb appliance could not successfully connect during a monitor interval, it creates a new revision the next time it re-establishes the connection.
When you intentionally modify the website, you must disable the monitor option; otherwise, the FortiWeb appliance sees your changes as a defacement attempt and undoes them.

Backup copies omit files exceeding the file size limit and/or matching the file extensions that you have configured the FortiWeb appliance to omit. For details, see backup-max-fsize <limit_int> and backup-skip-ftype "<extensions_str>".

To use this command, your administrator account’s access control profile must have either w or rw permission to the wadgrp area. For details, see Permissions.

Syntax

config wad website

edit <entry_index>

set alert-email "<email-policy_name>"

set auto {disable | restore | acknowledge}

set backup-max-fsize <limit_int>

set backup-skip-ftype "<extensions_str>"

set connect-type {ftp | smb | ssh}

set description "<comment_str>"

set hostname-ip {"<host_ipv4>" | "<host_fqdn>"}

set interval-other <seconds_int>

set interval-root <seconds_int>

set monitor {enable | disable}

set monitor-depth <folders_int>

set name "<name_str>"

set password "<password_str>"

set port <port_int>

set share-name "<share_str>"

set user "<user_str>"

set web-folder "<path_str>"

set file-filter "wad-file-filter_name>"

next

end

Variable Description Default

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–16. No default.

alert-email "<email-policy_name>"

Enter the name of the email policy that specifies the email address that FortiWeb sends an email to when it detects that the website changed. (See log email-policy.)The maximum length is 63 characters. No default.

auto {disable | restore | acknowledge}

Enter the action that FortiWeb takes when it detects that the website has changed.

  • disableFortiWeb takes no action. You can use the web UI to manually restore all or some of the changed files.
  • restore—Restore the website to the previous revision number.
  • acknowledge—Accept changes to the website.

Note: When you intentionally modify the website, type acknowledge. Otherwise, the FortiWeb appliance detects your changes as a defacement attempt and undoes them.

disable

backup-max-fsize <limit_int>

Enter a file size limit in kilobytes (KB) to indicate which files will be included in the website backup. Files exceeding this size will not be backed up. The valid range is 1–1,048,576 kilobytes.

Note: Backing up large files can impact performance.

10240

backup-skip-ftype "<extensions_str>"

Enter zero or more file extensions, such as iso,avi, to exclude from the website backup. Separate each file extension with a comma. The maximum length is 512 characters.

Note: Backing up large files, such as video and audio, can impact performance.

No default.

connect-type {ftp | smb | ssh}

Select which protocol to use when connecting to the website in order to monitor its contents and download website backups. For Microsoft Windows-style shares, enter smb. ftp

description "<comment_str>"

Enter a description or other comment. If the comment is more than one word or contains special characters, surround the comment with double quotes ( " ). The maximum length is 256 characters. No default.

hostname-ip {"<host_ipv4>" | "<host_fqdn>"}

Enter the IP address or fully qualified domain name (FQDN) of the physical server on which the website is hosted.

This will be used when connecting by SSH or FTP to the website to monitor its contents and download backup revisions, and therefore could be different from the real or virtual web host name that may appear in the Host: field of HTTP headers.

No default.

interval-other <seconds_int>

Enter the amount of time (in seconds) between each monitoring connection from the FortiWeb appliance to the web server. During this connection, the FortiWeb appliance examines the website’s subfolders to see if any files have been changed by comparing the files with the latest backup. The valid range is 1–86,400.

If any file change is detected, the FortiWeb appliance will download a new backup revision. If you've enabled auto {disable | restore | acknowledge}, the FortiWeb appliance will revert the files to their previous version.

600

interval-root <seconds_int>

Enter the number of seconds between each monitoring connection from the FortiWeb appliance to the web server. During this connection, the FortiWeb appliance examines web-folder "<path_str>" (but not its subfolders) to see if any files have been changed by comparing the files with the latest backup. The valid range is 1–86,400.

If any file change is detected, the FortiWeb appliance will download a new backup revision. If you've enabled auto {disable | restore | acknowledge}, the FortiWeb appliance will revert the files to their previous version.

60

monitor {enable | disable}

Enable to monitor the website’s files for changes, and to download backup revisions that can be used to revert the website to its previous revision if the FortiWeb appliance detects a change attempt. enable

monitor-depth <folders_int>

Enter how many folder levels deep to monitor for changes to the website’s files. Files in subfolders deeper than this level will not be backed up. The valid range is 1–10. 5

name "<name_str>"

Enter a name for the website. The maximum length is 63 characters.

This name will not be used when monitoring the website, nor will it be referenced in any other part of the configuration, and therefore can be any identifier that is useful to you. It does not need to be the website’s FQDN or virtual host name.

No default.

password "<password_str>"

Enter the password for the user name you entered in user "<user_str>". The maximum length is 63 characters. No default.

port <port_int>

Enter the port number on which the website’s physical server listens. The standard port number for FTP is 21; the standard port number for SSH is 22.

This is applicable only if connect-type {ftp | smb | ssh} is ftp or ssh.

21

share-name "<share_str>"

Enter the name of the shared folder on the web server. The maximum length is 63 characters.

This variable appears only if connect-type {ftp | smb | ssh} is smb.

No default.

user "<user_str>"

Enter the user name that the FortiWeb appliance will use to log in to the website’s physical server. The maximum length is 63 characters. No default.

web-folder "<path_str>"

Enter the path to the website’s folder, such as public_html, on the physical server. The path is relative to the initial location when logging in with the user name that you specify in user "<user_str>". The maximum length is 1,023 characters.

Available only if the value of connect-type {ftp | smb | ssh} is ftp or ssh.

No default.

file-filter "wad-file-filter_name>"

Enter the filter that specifies either the files and folders that FortiWeb excludes from anti-defacement monitoring or the specific files and folders to monitor. No default.

Example

config wad website

edit 1

set alert-email "email_policy_1"

set connect-type ssh

set hostname-ip "192.0.2.10"

set monitor enable

set name "www.example.com"

set password "P@ssword1"

set port 22

set user "fortiweb"

set web-folder "public_html"

set file-filter "video-folder"

next

end

Related topics