config waf profile
Configure Web application firewall configuration.
config waf profile Description: Configure Web application firewall configuration. edit <name> config address-list Description: Address block and allow lists. set status [enable|disable] set blocked-log [enable|disable] set severity [high|medium|...] set trusted-address <name1>, <name2>, ... set blocked-address <name1>, <name2>, ... end set comment {var-string} config constraint Description: WAF HTTP protocol restrictions. config header-length Description: HTTP header length in request. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config content-length Description: HTTP content length in request. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config param-length Description: Maximum length of parameter in URL, HTTP POST request or HTTP body. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config line-length Description: HTTP line length in request. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config url-param-length Description: Maximum length of parameter in URL. set status [enable|disable] set length {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config version Description: Enable/disable HTTP version check. set status [enable|disable] set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config method Description: Enable/disable HTTP method check. set status [enable|disable] set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config hostname Description: Enable/disable hostname check. set status [enable|disable] set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config malformed Description: Enable/disable malformed HTTP request check. set status [enable|disable] set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config max-cookie Description: Maximum number of cookies in HTTP request. set status [enable|disable] set max-cookie {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config max-header-line Description: Maximum number of HTTP header line. set status [enable|disable] set max-header-line {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config max-url-param Description: Maximum number of parameters in URL. set status [enable|disable] set max-url-param {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config max-range-segment Description: Maximum number of range segments in HTTP range line. set status [enable|disable] set max-range-segment {integer} set action [allow|block] set log [enable|disable] set severity [high|medium|...] end config exception Description: HTTP constraint exception. edit <id> set id {integer} set pattern {string} set regex [enable|disable] set address {string} set header-length [enable|disable] set content-length [enable|disable] set param-length [enable|disable] set line-length [enable|disable] set url-param-length [enable|disable] set version [enable|disable] set method [enable|disable] set hostname [enable|disable] set malformed [enable|disable] set max-cookie [enable|disable] set max-header-line [enable|disable] set max-url-param [enable|disable] set max-range-segment [enable|disable] next end end set extended-log [enable|disable] set external [disable|enable] config method Description: Method restriction. set status [enable|disable] set log [enable|disable] set severity [high|medium|...] set default-allowed-methods {option1}, {option2}, ... config method-policy Description: HTTP method policy. edit <id> set id {integer} set pattern {string} set regex [enable|disable] set address {string} set allowed-methods {option1}, {option2}, ... next end end set name {string} config signature Description: WAF signatures. config main-class Description: Main signature class. edit <id> set id {integer} set status [enable|disable] set action [allow|block|...] set log [enable|disable] set severity [high|medium|...] next end set disabled-sub-class <id1>, <id2>, ... set disabled-signature <id1>, <id2>, ... set credit-card-detection-threshold {integer} config custom-signature Description: Custom signature. edit <name> set name {string} set status [enable|disable] set action [allow|block|...] set log [enable|disable] set severity [high|medium|...] set direction [request|response] set case-sensitivity [disable|enable] set pattern {string} set target {option1}, {option2}, ... next end end config url-access Description: URL access list. edit <id> set id {integer} set address {string} set action [bypass|permit|...] set log [enable|disable] set severity [high|medium|...] config access-pattern Description: URL access pattern. edit <id> set id {integer} set srcaddr {string} set pattern {string} set regex [enable|disable] set negate [enable|disable] next end next end next end
config waf profile
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
comment |
Comment. |
var-string |
Not Specified |
|
||||||
extended-log |
Enable/disable extended logging. |
option |
- |
disable |
||||||
|
|
|||||||||
external |
Disable/Enable external HTTP Inspection. |
option |
- |
disable |
||||||
|
|
|||||||||
name |
WAF Profile name. |
string |
Not Specified |
|
config address-list
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Status. |
option |
- |
disable |
||||||||
|
|
|||||||||||
blocked-log |
Enable/disable logging on blocked addresses. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
|||||||||||
trusted-address |
Trusted address. Address name. |
string |
Maximum length: 79 |
|
||||||||
blocked-address |
Blocked address. Address name. |
string |
Maximum length: 79 |
|
config header-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Length of HTTP header in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
8192 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config content-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Length of HTTP content in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
67108864 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config param-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
8192 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config line-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Length of HTTP line in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
1024 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config url-param-length
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
length |
Maximum length of URL parameter in bytes (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
8192 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config version
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config method
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config method
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Status. |
option |
- |
disable |
||||||||||||||||||||
|
|
|||||||||||||||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||||||||||||||
|
|
|||||||||||||||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||||||||||||||
|
|
|||||||||||||||||||||||
default-allowed-methods |
Methods. |
option |
- |
|
||||||||||||||||||||
|
|
config hostname
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config malformed
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config max-cookie
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
max-cookie |
Maximum number of cookies in HTTP request (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
16 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config max-header-line
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
max-header-line |
Maximum number HTTP header lines (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
32 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config max-url-param
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
max-url-param |
Maximum number of parameters in URL (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
16 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config max-range-segment
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
||||||||
|
|
|||||||||||
max-range-segment |
Maximum number of range segments in HTTP range line (0 to 2147483647). |
integer |
Minimum value: 0 Maximum value: 2147483647 |
5 |
||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config exception
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
id |
Exception ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
pattern |
URL pattern. |
string |
Not Specified |
|
||||||
regex |
Enable/disable regular expression based pattern match. |
option |
- |
disable |
||||||
|
|
|||||||||
address |
Host address. |
string |
Not Specified |
|
||||||
header-length |
HTTP header length in request. |
option |
- |
disable |
||||||
|
|
|||||||||
content-length |
HTTP content length in request. |
option |
- |
disable |
||||||
|
|
|||||||||
param-length |
Maximum length of parameter in URL, HTTP POST request or HTTP body. |
option |
- |
disable |
||||||
|
|
|||||||||
line-length |
HTTP line length in request. |
option |
- |
disable |
||||||
|
|
|||||||||
url-param-length |
Maximum length of parameter in URL. |
option |
- |
disable |
||||||
|
|
|||||||||
version |
Enable/disable HTTP version check. |
option |
- |
disable |
||||||
|
|
|||||||||
method |
Enable/disable HTTP method check. |
option |
- |
disable |
||||||
|
|
|||||||||
hostname |
Enable/disable hostname check. |
option |
- |
disable |
||||||
|
|
|||||||||
malformed |
Enable/disable malformed HTTP request check. |
option |
- |
disable |
||||||
|
|
|||||||||
max-cookie |
Maximum number of cookies in HTTP request. |
option |
- |
disable |
||||||
|
|
|||||||||
max-header-line |
Maximum number of HTTP header line. |
option |
- |
disable |
||||||
|
|
|||||||||
max-url-param |
Maximum number of parameters in URL. |
option |
- |
disable |
||||||
|
|
|||||||||
max-range-segment |
Maximum number of range segments in HTTP range line. |
option |
- |
disable |
||||||
|
|
config method
Parameter |
Description |
Type |
Size |
Default |
---|---|---|---|---|
status |
Enable/disable the constraint. |
option |
- |
disable |
action |
Action. |
option |
- |
allow |
log |
Enable/disable logging. |
option |
- |
disable |
severity |
Severity. |
option |
- |
medium |
config method
Parameter |
Description |
Type |
Size |
Default |
---|---|---|---|---|
status |
Status. |
option |
- |
disable |
log |
Enable/disable logging. |
option |
- |
disable |
severity |
Severity. |
option |
- |
medium |
default-allowed-methods |
Methods. |
option |
- |
|
config method-policy
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
id |
HTTP method policy ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||||||||||
pattern |
URL pattern. |
string |
Not Specified |
|
||||||||||||||||||||
regex |
Enable/disable regular expression based pattern match. |
option |
- |
disable |
||||||||||||||||||||
|
|
|||||||||||||||||||||||
address |
Host address. |
string |
Not Specified |
|
||||||||||||||||||||
allowed-methods |
Allowed Methods. |
option |
- |
|
||||||||||||||||||||
|
|
config signature
Parameter |
Description |
Type |
Size |
Default |
---|---|---|---|---|
disabled-sub-class |
Disabled signature subclasses. Signature subclass ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|
disabled-signature |
Disabled signatures. Signature ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|
credit-card-detection-threshold |
The minimum number of Credit cards to detect violation. |
integer |
Minimum value: 0 Maximum value: 128 |
3 |
config main-class
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
id |
Main signature class ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||
status |
Status. |
option |
- |
disable |
||||||||
|
|
|||||||||||
action |
Action. |
option |
- |
allow |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
enable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config custom-signature
Parameter |
Description |
Type |
Size |
Default |
||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
name |
Signature name. |
string |
Not Specified |
|
||||||||||||||||||||||||||||
status |
Status. |
option |
- |
disable |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
action |
Action. |
option |
- |
allow |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
direction |
Traffic direction. |
option |
- |
request |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
case-sensitivity |
Case sensitivity in pattern. |
option |
- |
disable |
||||||||||||||||||||||||||||
|
|
|||||||||||||||||||||||||||||||
pattern |
Match pattern. |
string |
Not Specified |
|
||||||||||||||||||||||||||||
target |
Match HTTP target. |
option |
- |
|
||||||||||||||||||||||||||||
|
|
config url-access
Parameter |
Description |
Type |
Size |
Default |
||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
id |
URL access ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||
address |
Host address. |
string |
Not Specified |
|
||||||||
action |
Action. |
option |
- |
permit |
||||||||
|
|
|||||||||||
log |
Enable/disable logging. |
option |
- |
disable |
||||||||
|
|
|||||||||||
severity |
Severity. |
option |
- |
medium |
||||||||
|
|
config access-pattern
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
id |
URL access pattern ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
srcaddr |
Source address. |
string |
Not Specified |
|
||||||
pattern |
URL pattern. |
string |
Not Specified |
|
||||||
regex |
Enable/disable regular expression based pattern match. |
option |
- |
disable |
||||||
|
|
|||||||||
negate |
Enable/disable match negation. |
option |
- |
disable |
||||||
|
|