Fortinet black logo

CLI Reference

Home FortiWeb 7.4.2 CLI Reference

waf parameter-validation-rule

7.4.2
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.3
6.4.2
6.4.1
6.4.0
6.3.23
6.3.19
6.3.18
6.3.17
6.3.16
6.3.15
6.3.14
6.3.13
6.3.11
6.3.10
6.3.9
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.2
6.1.1
5.7.0
5.6.1
5.6.0
Copy Link
Copy Doc ID 48138a9b-ba3c-11ee-8673-fa163e15d75b:990146
Download PDF

waf parameter-validation-rule

Use this command to configure parameter validation rules, each of which is a group of input rule entries.

To apply parameter validation rules, select them within an inline or Offline Protection profile. For details, see waf web-protection-profile inline-protection and waf web-protection-profile offline-protection.

Before you can configure parameter validation rules, you must first configure one or more input rules. For details, see waf input-rule.

You can use SNMP traps to notify you when a parameter validation rule is enforced. For details, see system snmp community.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf parameter-validation-rule

edit "<rule_name>"

set cache-mode {enable | disable}

config input-rule-list

edit <entry_index>

set input-rule "<input-rule_name>"

next

end

next

end

Variable Description Default

cache-mode {enable | disable}

Parameter Validation processes and forwards incoming requests as soon as they are received, which helps maintain fast processing time. However, this approach can occasionally result in requests being interrupted midway if illegal parameters are detected in the later part of the request.

To prevent FortiWeb from forwarding the partial requests mentioned above, you can enable cache-mode. When cache mode is enabled, the Parameter Validation module will store the entire request in a cache before performing validation and forwarding.

disable

"<rule_name>"

Enter the name of a new or existing rule. The maximum length is 63 characters.

To display the list of existing rules, enter:

edit ?

No default.

<entry_index>

 Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

input-rule "<input-rule_name>"

Enter the name of an input rule to use in the parameter validation rule. The maximum length is 63 characters.

To display the list of existing input rules, enter:

set input-rule ?

No default.

Example

This example configures a parameter validation rule that applies two input rules.

config waf parameter-validation-rule

edit "parameter_validator1"

config input-rule-list

edit 1

set input-rule "input_rule1"

next

edit 2

set input-rule "input_rule2"

next

end

next

end

Related topics

Previous
Next

waf parameter-validation-rule

Use this command to configure parameter validation rules, each of which is a group of input rule entries.

To apply parameter validation rules, select them within an inline or Offline Protection profile. For details, see waf web-protection-profile inline-protection and waf web-protection-profile offline-protection.

Before you can configure parameter validation rules, you must first configure one or more input rules. For details, see waf input-rule.

You can use SNMP traps to notify you when a parameter validation rule is enforced. For details, see system snmp community.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf parameter-validation-rule

edit "<rule_name>"

set cache-mode {enable | disable}

config input-rule-list

edit <entry_index>

set input-rule "<input-rule_name>"

next

end

next

end

Variable Description Default

cache-mode {enable | disable}

Parameter Validation processes and forwards incoming requests as soon as they are received, which helps maintain fast processing time. However, this approach can occasionally result in requests being interrupted midway if illegal parameters are detected in the later part of the request.

To prevent FortiWeb from forwarding the partial requests mentioned above, you can enable cache-mode. When cache mode is enabled, the Parameter Validation module will store the entire request in a cache before performing validation and forwarding.

disable

"<rule_name>"

Enter the name of a new or existing rule. The maximum length is 63 characters.

To display the list of existing rules, enter:

edit ?

No default.

<entry_index>

 Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999. No default.

input-rule "<input-rule_name>"

Enter the name of an input rule to use in the parameter validation rule. The maximum length is 63 characters.

To display the list of existing input rules, enter:

set input-rule ?

No default.

Example

This example configures a parameter validation rule that applies two input rules.

config waf parameter-validation-rule

edit "parameter_validator1"

config input-rule-list

edit 1

set input-rule "input_rule1"

next

edit 2

set input-rule "input_rule2"

next

end

next

end

Related topics

Previous
Next