Fortinet white logo
Fortinet white logo

CLI Reference

config waf profile

config waf profile

Configure Web application firewall configuration.

config waf profile
    Description: Configure Web application firewall configuration.
    edit <name>
        config address-list
            Description: Address block and allow lists.
            set status [enable|disable]
            set blocked-log [enable|disable]
            set severity [high|medium|...]
            set trusted-address <name1>, <name2>, ...
            set blocked-address <name1>, <name2>, ...
        end
        set comment {var-string}
        config constraint
            Description: WAF HTTP protocol restrictions.
            config header-length
                Description: HTTP header length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config content-length
                Description: HTTP content length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config param-length
                Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config line-length
                Description: HTTP line length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config url-param-length
                Description: Maximum length of parameter in URL.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config version
                Description: Enable/disable HTTP version check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config method
                Description: Enable/disable HTTP method check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config hostname
                Description: Enable/disable hostname check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config malformed
                Description: Enable/disable malformed HTTP request check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-cookie
                Description: Maximum number of cookies in HTTP request.
                set status [enable|disable]
                set max-cookie {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-header-line
                Description: Maximum number of HTTP header line.
                set status [enable|disable]
                set max-header-line {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-url-param
                Description: Maximum number of parameters in URL.
                set status [enable|disable]
                set max-url-param {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-range-segment
                Description: Maximum number of range segments in HTTP range line.
                set status [enable|disable]
                set max-range-segment {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config exception
                Description: HTTP constraint exception.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set header-length [enable|disable]
                    set content-length [enable|disable]
                    set param-length [enable|disable]
                    set line-length [enable|disable]
                    set url-param-length [enable|disable]
                    set version [enable|disable]
                    set method [enable|disable]
                    set hostname [enable|disable]
                    set malformed [enable|disable]
                    set max-cookie [enable|disable]
                    set max-header-line [enable|disable]
                    set max-url-param [enable|disable]
                    set max-range-segment [enable|disable]
                next
            end
        end
        set extended-log [enable|disable]
        set external [disable|enable]
        config method
            Description: Method restriction.
            set status [enable|disable]
            set log [enable|disable]
            set severity [high|medium|...]
            set default-allowed-methods {option1}, {option2}, ...
            config method-policy
                Description: HTTP method policy.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set allowed-methods {option1}, {option2}, ...
                next
            end
        end
        config signature
            Description: WAF signatures.
            config main-class
                Description: Main signature class.
                edit <id>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                next
            end
            set disabled-sub-class <id1>, <id2>, ...
            set disabled-signature <id1>, <id2>, ...
            set credit-card-detection-threshold {integer}
            config custom-signature
                Description: Custom signature.
                edit <name>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                    set direction [request|response]
                    set case-sensitivity [disable|enable]
                    set pattern {string}
                    set target {option1}, {option2}, ...
                next
            end
        end
        config url-access
            Description: URL access list.
            edit <id>
                set address {string}
                set action [bypass|permit|...]
                set log [enable|disable]
                set severity [high|medium|...]
                config access-pattern
                    Description: URL access pattern.
                    edit <id>
                        set srcaddr {string}
                        set pattern {string}
                        set regex [enable|disable]
                        set negate [enable|disable]
                    next
                end
            next
        end
    next
end

config waf profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 1023

extended-log

Enable/disable extended logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

external

Disable/Enable external HTTP Inspection.

option

-

disable

Option

Description

disable

Disable external inspection.

enable

Enable external inspection.

name

WAF Profile name.

string

Maximum length: 35

config address-list

Parameter

Description

Type

Size

Default

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

blocked-log

Enable/disable logging on blocked addresses.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

trusted-address <name>

Trusted address.

Address name.

string

Maximum length: 79

blocked-address <name>

Blocked address.

Address name.

string

Maximum length: 79

config header-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP header in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config content-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP content in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

67108864

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config param-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config line-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP line in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

1024

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config url-param-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of URL parameter in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config version

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

Default

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity

medium

medium severity

low

low severity

default-allowed-methods

Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config hostname

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config malformed

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-cookie

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-cookie

Maximum number of cookies in HTTP request (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

16

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-header-line

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-header-line

Maximum number HTTP header lines (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

32

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-url-param

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-url-param

Maximum number of parameters in URL (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

16

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-range-segment

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

5

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config exception

Parameter

Description

Type

Size

Default

id

Exception ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

address

Host address.

string

Maximum length: 79

header-length

HTTP header length in request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

content-length

HTTP content length in request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

param-length

Maximum length of parameter in URL, HTTP POST request or HTTP body.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

line-length

HTTP line length in request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

url-param-length

Maximum length of parameter in URL.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

version

Enable/disable HTTP version check.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

method

Enable/disable HTTP method check.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

hostname

Enable/disable hostname check.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

malformed

Enable/disable malformed HTTP request check.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-cookie

Maximum number of cookies in HTTP request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-header-line

Maximum number of HTTP header line.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-url-param

Maximum number of parameters in URL.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

config method

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

action

Action.

option

-

allow

log

Enable/disable logging.

option

-

disable

severity

Severity.

option

-

medium

config method

Parameter

Description

Type

Size

Default

status

Status.

option

-

disable

log

Enable/disable logging.

option

-

disable

severity

Severity.

option

-

medium

default-allowed-methods

Methods.

option

-

config method-policy

Parameter

Description

Type

Size

Default

id

HTTP method policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

address

Host address.

string

Maximum length: 79

allowed-methods

Allowed Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config signature

Parameter

Description

Type

Size

Default

disabled-sub-class <id>

Disabled signature subclasses.

Signature subclass ID.

integer

Minimum value: 0 Maximum value: 4294967295

disabled-signature <id>

Disabled signatures.

Signature ID.

integer

Minimum value: 0 Maximum value: 4294967295

credit-card-detection-threshold

The minimum number of Credit cards to detect violation.

integer

Minimum value: 0 Maximum value: 128

3

config main-class

Parameter

Description

Type

Size

Default

id

Main signature class ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config custom-signature

Parameter

Description

Type

Size

Default

name

Signature name.

string

Maximum length: 35

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

direction

Traffic direction.

option

-

request

Option

Description

request

Match HTTP request.

response

Match HTTP response.

case-sensitivity

Case sensitivity in pattern.

option

-

disable

Option

Description

disable

Case insensitive in pattern.

enable

Case sensitive in pattern.

pattern

Match pattern.

string

Maximum length: 511

target

Match HTTP target.

option

-

Option

Description

arg

HTTP arguments.

arg-name

Names of HTTP arguments.

req-body

HTTP request body.

req-cookie

HTTP request cookies.

req-cookie-name

HTTP request cookie names.

req-filename

HTTP request file name.

req-header

HTTP request headers.

req-header-name

HTTP request header names.

req-raw-uri

Raw URI of HTTP request.

req-uri

URI of HTTP request.

resp-body

HTTP response body.

resp-hdr

HTTP response headers.

resp-status

HTTP response status.

config url-access

Parameter

Description

Type

Size

Default

id

URL access ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

address

Host address.

string

Maximum length: 79

action

Action.

option

-

permit

Option

Description

bypass

Allow the HTTP request, also bypass further WAF scanning.

permit

Allow the HTTP request, and continue further WAF scanning.

block

Block HTTP request.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config access-pattern

Parameter

Description

Type

Size

Default

id

URL access pattern ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

srcaddr

Source address.

string

Maximum length: 79

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

negate

Enable/disable match negation.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

config waf profile

config waf profile

Configure Web application firewall configuration.

config waf profile
    Description: Configure Web application firewall configuration.
    edit <name>
        config address-list
            Description: Address block and allow lists.
            set status [enable|disable]
            set blocked-log [enable|disable]
            set severity [high|medium|...]
            set trusted-address <name1>, <name2>, ...
            set blocked-address <name1>, <name2>, ...
        end
        set comment {var-string}
        config constraint
            Description: WAF HTTP protocol restrictions.
            config header-length
                Description: HTTP header length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config content-length
                Description: HTTP content length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config param-length
                Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config line-length
                Description: HTTP line length in request.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config url-param-length
                Description: Maximum length of parameter in URL.
                set status [enable|disable]
                set length {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config version
                Description: Enable/disable HTTP version check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config method
                Description: Enable/disable HTTP method check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config hostname
                Description: Enable/disable hostname check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config malformed
                Description: Enable/disable malformed HTTP request check.
                set status [enable|disable]
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-cookie
                Description: Maximum number of cookies in HTTP request.
                set status [enable|disable]
                set max-cookie {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-header-line
                Description: Maximum number of HTTP header line.
                set status [enable|disable]
                set max-header-line {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-url-param
                Description: Maximum number of parameters in URL.
                set status [enable|disable]
                set max-url-param {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config max-range-segment
                Description: Maximum number of range segments in HTTP range line.
                set status [enable|disable]
                set max-range-segment {integer}
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
            end
            config exception
                Description: HTTP constraint exception.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set header-length [enable|disable]
                    set content-length [enable|disable]
                    set param-length [enable|disable]
                    set line-length [enable|disable]
                    set url-param-length [enable|disable]
                    set version [enable|disable]
                    set method [enable|disable]
                    set hostname [enable|disable]
                    set malformed [enable|disable]
                    set max-cookie [enable|disable]
                    set max-header-line [enable|disable]
                    set max-url-param [enable|disable]
                    set max-range-segment [enable|disable]
                next
            end
        end
        set extended-log [enable|disable]
        set external [disable|enable]
        config method
            Description: Method restriction.
            set status [enable|disable]
            set log [enable|disable]
            set severity [high|medium|...]
            set default-allowed-methods {option1}, {option2}, ...
            config method-policy
                Description: HTTP method policy.
                edit <id>
                    set pattern {string}
                    set regex [enable|disable]
                    set address {string}
                    set allowed-methods {option1}, {option2}, ...
                next
            end
        end
        config signature
            Description: WAF signatures.
            config main-class
                Description: Main signature class.
                edit <id>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                next
            end
            set disabled-sub-class <id1>, <id2>, ...
            set disabled-signature <id1>, <id2>, ...
            set credit-card-detection-threshold {integer}
            config custom-signature
                Description: Custom signature.
                edit <name>
                    set status [enable|disable]
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                    set direction [request|response]
                    set case-sensitivity [disable|enable]
                    set pattern {string}
                    set target {option1}, {option2}, ...
                next
            end
        end
        config url-access
            Description: URL access list.
            edit <id>
                set address {string}
                set action [bypass|permit|...]
                set log [enable|disable]
                set severity [high|medium|...]
                config access-pattern
                    Description: URL access pattern.
                    edit <id>
                        set srcaddr {string}
                        set pattern {string}
                        set regex [enable|disable]
                        set negate [enable|disable]
                    next
                end
            next
        end
    next
end

config waf profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 1023

extended-log

Enable/disable extended logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

external

Disable/Enable external HTTP Inspection.

option

-

disable

Option

Description

disable

Disable external inspection.

enable

Enable external inspection.

name

WAF Profile name.

string

Maximum length: 35

config address-list

Parameter

Description

Type

Size

Default

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

blocked-log

Enable/disable logging on blocked addresses.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

trusted-address <name>

Trusted address.

Address name.

string

Maximum length: 79

blocked-address <name>

Blocked address.

Address name.

string

Maximum length: 79

config header-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP header in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config content-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP content in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

67108864

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config param-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config line-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Length of HTTP line in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

1024

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config url-param-length

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

length

Maximum length of URL parameter in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config version

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config method

Parameter

Description

Type

Size

Default

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity

medium

medium severity

low

low severity

default-allowed-methods

Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config hostname

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config malformed

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-cookie

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-cookie

Maximum number of cookies in HTTP request (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

16

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-header-line

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-header-line

Maximum number HTTP header lines (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

32

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-url-param

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-url-param

Maximum number of parameters in URL (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

16

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config max-range-segment

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

5

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config exception

Parameter

Description

Type

Size

Default

id

Exception ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

address

Host address.

string

Maximum length: 79

header-length

HTTP header length in request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

content-length

HTTP content length in request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

param-length

Maximum length of parameter in URL, HTTP POST request or HTTP body.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

line-length

HTTP line length in request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

url-param-length

Maximum length of parameter in URL.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

version

Enable/disable HTTP version check.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

method

Enable/disable HTTP method check.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

hostname

Enable/disable hostname check.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

malformed

Enable/disable malformed HTTP request check.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-cookie

Maximum number of cookies in HTTP request.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-header-line

Maximum number of HTTP header line.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-url-param

Maximum number of parameters in URL.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

config method

Parameter

Description

Type

Size

Default

status

Enable/disable the constraint.

option

-

disable

action

Action.

option

-

allow

log

Enable/disable logging.

option

-

disable

severity

Severity.

option

-

medium

config method

Parameter

Description

Type

Size

Default

status

Status.

option

-

disable

log

Enable/disable logging.

option

-

disable

severity

Severity.

option

-

medium

default-allowed-methods

Methods.

option

-

config method-policy

Parameter

Description

Type

Size

Default

id

HTTP method policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

address

Host address.

string

Maximum length: 79

allowed-methods

Allowed Methods.

option

-

Option

Description

get

HTTP GET method.

post

HTTP POST method.

put

HTTP PUT method.

head

HTTP HEAD method.

connect

HTTP CONNECT method.

trace

HTTP TRACE method.

options

HTTP OPTIONS method.

delete

HTTP DELETE method.

others

Other HTTP methods.

config signature

Parameter

Description

Type

Size

Default

disabled-sub-class <id>

Disabled signature subclasses.

Signature subclass ID.

integer

Minimum value: 0 Maximum value: 4294967295

disabled-signature <id>

Disabled signatures.

Signature ID.

integer

Minimum value: 0 Maximum value: 4294967295

credit-card-detection-threshold

The minimum number of Credit cards to detect violation.

integer

Minimum value: 0 Maximum value: 128

3

config main-class

Parameter

Description

Type

Size

Default

id

Main signature class ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config custom-signature

Parameter

Description

Type

Size

Default

name

Signature name.

string

Maximum length: 35

status

Status.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

action

Action.

option

-

allow

Option

Description

allow

Allow.

block

Block.

erase

Erase credit card numbers.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

direction

Traffic direction.

option

-

request

Option

Description

request

Match HTTP request.

response

Match HTTP response.

case-sensitivity

Case sensitivity in pattern.

option

-

disable

Option

Description

disable

Case insensitive in pattern.

enable

Case sensitive in pattern.

pattern

Match pattern.

string

Maximum length: 511

target

Match HTTP target.

option

-

Option

Description

arg

HTTP arguments.

arg-name

Names of HTTP arguments.

req-body

HTTP request body.

req-cookie

HTTP request cookies.

req-cookie-name

HTTP request cookie names.

req-filename

HTTP request file name.

req-header

HTTP request headers.

req-header-name

HTTP request header names.

req-raw-uri

Raw URI of HTTP request.

req-uri

URI of HTTP request.

resp-body

HTTP response body.

resp-hdr

HTTP response headers.

resp-status

HTTP response status.

config url-access

Parameter

Description

Type

Size

Default

id

URL access ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

address

Host address.

string

Maximum length: 79

action

Action.

option

-

permit

Option

Description

bypass

Allow the HTTP request, also bypass further WAF scanning.

permit

Allow the HTTP request, and continue further WAF scanning.

block

Block HTTP request.

log

Enable/disable logging.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

severity

Severity.

option

-

medium

Option

Description

high

High severity.

medium

Medium severity.

low

Low severity.

config access-pattern

Parameter

Description

Type

Size

Default

id

URL access pattern ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

srcaddr

Source address.

string

Maximum length: 79

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

negate

Enable/disable match negation.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.