config waf profile

Configure Web application firewall configuration.

config waf profile
    Description: Configure Web application firewall configuration.
    edit <name>
        config address-list
            Description: Address block and allow lists.
            set blocked-address <name1>, <name2>, ...
            set blocked-log [enable|disable]
            set severity [high|medium|...]
            set status [enable|disable]
            set trusted-address <name1>, <name2>, ...
        end
        set comment {var-string}
        config constraint
            Description: WAF HTTP protocol restrictions.
            config content-length
                Description: HTTP content length in request.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config exception
                Description: HTTP constraint exception.
                edit <id>
                    set address {string}
                    set content-length [enable|disable]
                    set header-length [enable|disable]
                    set hostname [enable|disable]
                    set line-length [enable|disable]
                    set malformed [enable|disable]
                    set max-cookie [enable|disable]
                    set max-header-line [enable|disable]
                    set max-range-segment [enable|disable]
                    set max-url-param [enable|disable]
                    set method [enable|disable]
                    set param-length [enable|disable]
                    set pattern {string}
                    set regex [enable|disable]
                    set url-param-length [enable|disable]
                    set version [enable|disable]
                next
            end
            config header-length
                Description: HTTP header length in request.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config hostname
                Description: Enable/disable hostname check.
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config line-length
                Description: HTTP line length in request.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config malformed
                Description: Enable/disable malformed HTTP request check.
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config max-cookie
                Description: Maximum number of cookies in HTTP request.
                set action [allow|block]
                set log [enable|disable]
                set max-cookie {integer}
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config max-header-line
                Description: Maximum number of HTTP header line.
                set action [allow|block]
                set log [enable|disable]
                set max-header-line {integer}
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config max-range-segment
                Description: Maximum number of range segments in HTTP range line.
                set action [allow|block]
                set log [enable|disable]
                set max-range-segment {integer}
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config max-url-param
                Description: Maximum number of parameters in URL.
                set action [allow|block]
                set log [enable|disable]
                set max-url-param {integer}
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config method
                Description: Enable/disable HTTP method check.
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config param-length
                Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config url-param-length
                Description: Maximum length of parameter in URL.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config version
                Description: Enable/disable HTTP version check.
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
        end
        set extended-log [enable|disable]
        set external [disable|enable]
        config method
            Description: Method restriction.
            set default-allowed-methods {option1}, {option2}, ...
            set log [enable|disable]
            config method-policy
                Description: HTTP method policy.
                edit <id>
                    set address {string}
                    set allowed-methods {option1}, {option2}, ...
                    set pattern {string}
                    set regex [enable|disable]
                next
            end
            set severity [high|medium|...]
            set status [enable|disable]
        end
        config signature
            Description: WAF signatures.
            set credit-card-detection-threshold {integer}
            config custom-signature
                Description: Custom signature.
                edit <name>
                    set action [allow|block|...]
                    set case-sensitivity [disable|enable]
                    set direction [request|response]
                    set log [enable|disable]
                    set pattern {string}
                    set severity [high|medium|...]
                    set status [enable|disable]
                    set target {option1}, {option2}, ...
                next
            end
            set disabled-signature <id1>, <id2>, ...
            set disabled-sub-class <id1>, <id2>, ...
            config main-class
                Description: Main signature class. Read-only.
                edit <id>
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                    set status [enable|disable]
                next
            end
        end
        config url-access
            Description: URL access list.
            edit <id>
                config access-pattern
                    Description: URL access pattern.
                    edit <id>
                        set negate [enable|disable]
                        set pattern {string}
                        set regex [enable|disable]
                        set srcaddr {string}
                    next
                end
                set action [bypass|permit|...]
                set address {string}
                set log [enable|disable]
                set severity [high|medium|...]
            next
        end
    next
end

config waf profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 1023

extended-log

Enable/disable extended logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

external

Disable/Enable external HTTP Inspection.

option

disable

Option	Description
disable	Disable external inspection.
enable	Enable external inspection.

name

WAF Profile name.

string

Maximum length: 35

config address-list

Parameter

Description

Type

Size

Default

blocked-address <name>

Blocked address.

Address name.

string

Maximum length: 79

blocked-log

Enable/disable logging on blocked addresses.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Status.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

trusted-address <name>

Trusted address.

Address name.

string

Maximum length: 79

config content-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Length of HTTP content in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

67108864

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config exception

Parameter

Description

Type

Size

Default

address

Host address.

string

Maximum length: 79

content-length

HTTP content length in request.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

header-length

HTTP header length in request.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

hostname

Enable/disable hostname check.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

Exception ID.

integer

Minimum value: 0 Maximum value: 4294967295

line-length

HTTP line length in request.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

malformed

Enable/disable malformed HTTP request check.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-cookie

Maximum number of cookies in HTTP request.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-header-line

Maximum number of HTTP header line.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-url-param

Maximum number of parameters in URL.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

method

Enable/disable HTTP method check.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

param-length

Maximum length of parameter in URL, HTTP POST request or HTTP body.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

url-param-length

Maximum length of parameter in URL.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

version

Enable/disable HTTP version check.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config header-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Length of HTTP header in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config hostname

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config line-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Length of HTTP line in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

1024

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config malformed

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config max-cookie

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-cookie

Maximum number of cookies in HTTP request (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config max-header-line

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-header-line

Maximum number HTTP header lines (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config max-range-segment

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config max-url-param

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-url-param

Maximum number of parameters in URL (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config method

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config method

Parameter

Description

Type

Size

Default

default-allowed-methods

Methods.

option

Option	Description
get	HTTP GET method.
post	HTTP POST method.
put	HTTP PUT method.
head	HTTP HEAD method.
connect	HTTP CONNECT method.
trace	HTTP TRACE method.
options	HTTP OPTIONS method.
delete	HTTP DELETE method.
others	Other HTTP methods.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity
medium	medium severity
low	low severity

status

Status.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config param-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config url-param-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Maximum length of URL parameter in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config version

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config method

Parameter	Description	Type	Size	Default
action	Action.	option	-	allow
log	Enable/disable logging.	option	-	disable
severity	Severity.	option	-	medium
status	Enable/disable the constraint.	option	-	disable

config method

Parameter	Description	Type	Size	Default
default-allowed-methods	Methods.	option	-
log	Enable/disable logging.	option	-	disable
severity	Severity.	option	-	medium
status	Status.	option	-	disable

config method-policy

Parameter

Description

Type

Size

Default

address

Host address.

string

Maximum length: 79

allowed-methods

Allowed Methods.

option

Option	Description
get	HTTP GET method.
post	HTTP POST method.
put	HTTP PUT method.
head	HTTP HEAD method.
connect	HTTP CONNECT method.
trace	HTTP TRACE method.
options	HTTP OPTIONS method.
delete	HTTP DELETE method.
others	Other HTTP methods.

HTTP method policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config signature

Parameter

Description

Type

Size

Default

credit-card-detection-threshold

The minimum number of Credit cards to detect violation.

integer

Minimum value: 0 Maximum value: 128

disabled-signature <id>

Disabled signatures.

Signature ID.

integer

Minimum value: 0 Maximum value: 4294967295

disabled-sub-class <id>

Disabled signature subclasses.

Signature subclass ID.

integer

Minimum value: 0 Maximum value: 4294967295

config custom-signature

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.
erase	Erase credit card numbers.

case-sensitivity

Case sensitivity in pattern.

option

disable

Option	Description
disable	Case insensitive in pattern.
enable	Case sensitive in pattern.

direction

Traffic direction.

option

request

Option	Description
request	Match HTTP request.
response	Match HTTP response.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

name

Signature name.

string

Maximum length: 35

pattern

Match pattern.

string

Maximum length: 511

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Status.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

target

Match HTTP target.

option

Option	Description
arg	HTTP arguments.
arg-name	Names of HTTP arguments.
req-body	HTTP request body.
req-cookie	HTTP request cookies.
req-cookie-name	HTTP request cookie names.
req-filename	HTTP request file name.
req-header	HTTP request headers.
req-header-name	HTTP request header names.
req-raw-uri	Raw URI of HTTP request.
req-uri	URI of HTTP request.
resp-body	HTTP response body.
resp-hdr	HTTP response headers.
resp-status	HTTP response status.

config main-class

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.
erase	Erase credit card numbers.

Main signature class ID.

integer

Minimum value: 0 Maximum value: 4294967295

log

Enable/disable logging.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Status.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config url-access

Parameter

Description

Type

Size

Default

action

Action.

option

permit

Option	Description
bypass	Allow the HTTP request, also bypass further WAF scanning.
permit	Allow the HTTP request, and continue further WAF scanning.
block	Block HTTP request.

address

Host address.

string

Maximum length: 79

URL access ID.

integer

Minimum value: 0 Maximum value: 4294967295

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

config access-pattern

Parameter

Description

Type

Size

Default

URL access pattern ID.

integer

Minimum value: 0 Maximum value: 4294967295

negate

Enable/disable match negation.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

srcaddr

Source address.

string

Maximum length: 79

config waf profile

Configure Web application firewall configuration.

config waf profile
    Description: Configure Web application firewall configuration.
    edit <name>
        config address-list
            Description: Address block and allow lists.
            set blocked-address <name1>, <name2>, ...
            set blocked-log [enable|disable]
            set severity [high|medium|...]
            set status [enable|disable]
            set trusted-address <name1>, <name2>, ...
        end
        set comment {var-string}
        config constraint
            Description: WAF HTTP protocol restrictions.
            config content-length
                Description: HTTP content length in request.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config exception
                Description: HTTP constraint exception.
                edit <id>
                    set address {string}
                    set content-length [enable|disable]
                    set header-length [enable|disable]
                    set hostname [enable|disable]
                    set line-length [enable|disable]
                    set malformed [enable|disable]
                    set max-cookie [enable|disable]
                    set max-header-line [enable|disable]
                    set max-range-segment [enable|disable]
                    set max-url-param [enable|disable]
                    set method [enable|disable]
                    set param-length [enable|disable]
                    set pattern {string}
                    set regex [enable|disable]
                    set url-param-length [enable|disable]
                    set version [enable|disable]
                next
            end
            config header-length
                Description: HTTP header length in request.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config hostname
                Description: Enable/disable hostname check.
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config line-length
                Description: HTTP line length in request.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config malformed
                Description: Enable/disable malformed HTTP request check.
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config max-cookie
                Description: Maximum number of cookies in HTTP request.
                set action [allow|block]
                set log [enable|disable]
                set max-cookie {integer}
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config max-header-line
                Description: Maximum number of HTTP header line.
                set action [allow|block]
                set log [enable|disable]
                set max-header-line {integer}
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config max-range-segment
                Description: Maximum number of range segments in HTTP range line.
                set action [allow|block]
                set log [enable|disable]
                set max-range-segment {integer}
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config max-url-param
                Description: Maximum number of parameters in URL.
                set action [allow|block]
                set log [enable|disable]
                set max-url-param {integer}
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config method
                Description: Enable/disable HTTP method check.
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config param-length
                Description: Maximum length of parameter in URL, HTTP POST request or HTTP body.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config url-param-length
                Description: Maximum length of parameter in URL.
                set action [allow|block]
                set length {integer}
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
            config version
                Description: Enable/disable HTTP version check.
                set action [allow|block]
                set log [enable|disable]
                set severity [high|medium|...]
                set status [enable|disable]
            end
        end
        set extended-log [enable|disable]
        set external [disable|enable]
        config method
            Description: Method restriction.
            set default-allowed-methods {option1}, {option2}, ...
            set log [enable|disable]
            config method-policy
                Description: HTTP method policy.
                edit <id>
                    set address {string}
                    set allowed-methods {option1}, {option2}, ...
                    set pattern {string}
                    set regex [enable|disable]
                next
            end
            set severity [high|medium|...]
            set status [enable|disable]
        end
        config signature
            Description: WAF signatures.
            set credit-card-detection-threshold {integer}
            config custom-signature
                Description: Custom signature.
                edit <name>
                    set action [allow|block|...]
                    set case-sensitivity [disable|enable]
                    set direction [request|response]
                    set log [enable|disable]
                    set pattern {string}
                    set severity [high|medium|...]
                    set status [enable|disable]
                    set target {option1}, {option2}, ...
                next
            end
            set disabled-signature <id1>, <id2>, ...
            set disabled-sub-class <id1>, <id2>, ...
            config main-class
                Description: Main signature class. Read-only.
                edit <id>
                    set action [allow|block|...]
                    set log [enable|disable]
                    set severity [high|medium|...]
                    set status [enable|disable]
                next
            end
        end
        config url-access
            Description: URL access list.
            edit <id>
                config access-pattern
                    Description: URL access pattern.
                    edit <id>
                        set negate [enable|disable]
                        set pattern {string}
                        set regex [enable|disable]
                        set srcaddr {string}
                    next
                end
                set action [bypass|permit|...]
                set address {string}
                set log [enable|disable]
                set severity [high|medium|...]
            next
        end
    next
end

config waf profile

Parameter

Description

Type

Size

Default

comment

Comment.

var-string

Maximum length: 1023

extended-log

Enable/disable extended logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

external

Disable/Enable external HTTP Inspection.

option

disable

Option	Description
disable	Disable external inspection.
enable	Enable external inspection.

name

WAF Profile name.

string

Maximum length: 35

config address-list

Parameter

Description

Type

Size

Default

blocked-address <name>

Blocked address.

Address name.

string

Maximum length: 79

blocked-log

Enable/disable logging on blocked addresses.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Status.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

trusted-address <name>

Trusted address.

Address name.

string

Maximum length: 79

config content-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Length of HTTP content in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

67108864

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config exception

Parameter

Description

Type

Size

Default

address

Host address.

string

Maximum length: 79

content-length

HTTP content length in request.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

header-length

HTTP header length in request.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

hostname

Enable/disable hostname check.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

Exception ID.

integer

Minimum value: 0 Maximum value: 4294967295

line-length

HTTP line length in request.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

malformed

Enable/disable malformed HTTP request check.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-cookie

Maximum number of cookies in HTTP request.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-header-line

Maximum number of HTTP header line.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-url-param

Maximum number of parameters in URL.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

method

Enable/disable HTTP method check.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

param-length

Maximum length of parameter in URL, HTTP POST request or HTTP body.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

url-param-length

Maximum length of parameter in URL.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

version

Enable/disable HTTP version check.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config header-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Length of HTTP header in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config hostname

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config line-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Length of HTTP line in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

1024

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config malformed

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config max-cookie

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-cookie

Maximum number of cookies in HTTP request (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config max-header-line

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-header-line

Maximum number HTTP header lines (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config max-range-segment

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-range-segment

Maximum number of range segments in HTTP range line (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config max-url-param

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

max-url-param

Maximum number of parameters in URL (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config method

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config method

Parameter

Description

Type

Size

Default

default-allowed-methods

Methods.

option

Option	Description
get	HTTP GET method.
post	HTTP POST method.
put	HTTP PUT method.
head	HTTP HEAD method.
connect	HTTP CONNECT method.
trace	HTTP TRACE method.
options	HTTP OPTIONS method.
delete	HTTP DELETE method.
others	Other HTTP methods.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity
medium	medium severity
low	low severity

status

Status.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config param-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Maximum length of parameter in URL, HTTP POST request or HTTP body in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config url-param-length

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

length

Maximum length of URL parameter in bytes (0 to 2147483647).

integer

Minimum value: 0 Maximum value: 2147483647

8192

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config version

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Enable/disable the constraint.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config method

Parameter	Description	Type	Size	Default
action	Action.	option	-	allow
log	Enable/disable logging.	option	-	disable
severity	Severity.	option	-	medium
status	Enable/disable the constraint.	option	-	disable

config method

Parameter	Description	Type	Size	Default
default-allowed-methods	Methods.	option	-
log	Enable/disable logging.	option	-	disable
severity	Severity.	option	-	medium
status	Status.	option	-	disable

config method-policy

Parameter

Description

Type

Size

Default

address

Host address.

string

Maximum length: 79

allowed-methods

Allowed Methods.

option

Option	Description
get	HTTP GET method.
post	HTTP POST method.
put	HTTP PUT method.
head	HTTP HEAD method.
connect	HTTP CONNECT method.
trace	HTTP TRACE method.
options	HTTP OPTIONS method.
delete	HTTP DELETE method.
others	Other HTTP methods.

HTTP method policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config signature

Parameter

Description

Type

Size

Default

credit-card-detection-threshold

The minimum number of Credit cards to detect violation.

integer

Minimum value: 0 Maximum value: 128

disabled-signature <id>

Disabled signatures.

Signature ID.

integer

Minimum value: 0 Maximum value: 4294967295

disabled-sub-class <id>

Disabled signature subclasses.

Signature subclass ID.

integer

Minimum value: 0 Maximum value: 4294967295

config custom-signature

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.
erase	Erase credit card numbers.

case-sensitivity

Case sensitivity in pattern.

option

disable

Option	Description
disable	Case insensitive in pattern.
enable	Case sensitive in pattern.

direction

Traffic direction.

option

request

Option	Description
request	Match HTTP request.
response	Match HTTP response.

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

name

Signature name.

string

Maximum length: 35

pattern

Match pattern.

string

Maximum length: 511

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Status.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

target

Match HTTP target.

option

Option	Description
arg	HTTP arguments.
arg-name	Names of HTTP arguments.
req-body	HTTP request body.
req-cookie	HTTP request cookies.
req-cookie-name	HTTP request cookie names.
req-filename	HTTP request file name.
req-header	HTTP request headers.
req-header-name	HTTP request header names.
req-raw-uri	Raw URI of HTTP request.
req-uri	URI of HTTP request.
resp-body	HTTP response body.
resp-hdr	HTTP response headers.
resp-status	HTTP response status.

config main-class

Parameter

Description

Type

Size

Default

action

Action.

option

allow

Option	Description
allow	Allow.
block	Block.
erase	Erase credit card numbers.

Main signature class ID.

integer

Minimum value: 0 Maximum value: 4294967295

log

Enable/disable logging.

option

enable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

status

Status.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

config url-access

Parameter

Description

Type

Size

Default

action

Action.

option

permit

Option	Description
bypass	Allow the HTTP request, also bypass further WAF scanning.
permit	Allow the HTTP request, and continue further WAF scanning.
block	Block HTTP request.

address

Host address.

string

Maximum length: 79

URL access ID.

integer

Minimum value: 0 Maximum value: 4294967295

log

Enable/disable logging.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

severity

Severity.

option

medium

Option	Description
high	High severity.
medium	Medium severity.
low	Low severity.

config access-pattern

Parameter

Description

Type

Size

Default

URL access pattern ID.

integer

Minimum value: 0 Maximum value: 4294967295

negate

Enable/disable match negation.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

pattern

URL pattern.

string

Maximum length: 511

regex

Enable/disable regular expression based pattern match.

option

disable

Option	Description
enable	Enable setting.
disable	Disable setting.

srcaddr

Source address.

string

Maximum length: 79

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config waf profile

config waf profile

config waf profile

config address-list

config content-length

config exception

config header-length

config hostname

config line-length

config malformed

config max-cookie

config max-header-line

config max-range-segment