config security : config security waf heuristic-sql-xss-injection-detection
 
config security waf heuristic-sql-xss-injection-detection
Use this command to configure SQL injection and cross-site scripting (XSS) detection policies.
In many cases, you can use predefined policies, and you do not need to create them. Table 13 describes the predefined policies.
Table 13: Predefined SQL injection and XSS detection policies
 
SQL Injection
XSS
Predefined Rules
Detection
Action
Severity
Detection
Action
Severity
High-Level-Security
All except Body SQL Injection Detection
Deny
High
All except Body XSS Injection Detection
Deny
High
Medium-Level-Security
Only SQL URI SQL Injection Detection
Deny
High
None
Alert
Low
Alert-Only
Only SQL URI SQL Injection Detection
Alert
High
None
Alert
Low
The configurations for these policies are shown in the examples that follow. If desired, you can create user-defined policies.
Before you begin:
You must have read-write permission for security settings.
After you have created an SQL injection/XSS policy, you can specify it in a WAF profile configuration.
Syntax
config security waf heuristic-sql-xss-injection-detection
edit <name>
set sql-injection-detection {enable|disable}
set sql-injection-action {alert|deny}
set sql-injection-severity {high|medium|low}
set uri-sql-injection-detection {enable|disable}
set referer-sql-injection-detection {enable|disable}
set cookie-sql-injection-detection {enable|disable}
set body-sql-injection-detection {enable|disable}
set xss-detection {enable|disable}
set xss-action {alert|deny}
set xss-severity {high|medium|low}
set uri-xss-detection {enable|disable}
set referer-xss-detection {enable|disable}
set cookie-xss-detection {enable|disable}
set body-xss-detection {enable|disable}
next
end
sql-injection-detection
Enable/disable SQL injection detection.
sql-injection-action
alert
deny
sql-injection-severity
high
medium
low
uri-sql-injection-detection
Enable/disable detection in the HTTP request.
referer-sql-injection-detection
Enable/disable detection in the Referer header.
cookie-sql-injection-detection
Enable/disable detection in the Cookie header.
body-sql-injection-detection
Enable/disable detection in the HTTP Body message.
xss-detection
Enable/disable XSS detection.
xss-action
alert
deny
xss-severity
high
medium
low
uri-xss-injection-detection
Enable/disable detection in the HTTP request.
referer-xss-injection-detection
Enable/disable detection in the Referer header.
cookie-xss-injection-detection
Enable/disable detection in the Cookie header.
body-xss-injection-detection
Enable/disable detection in the HTTP Body message.
Example
FortiADC-VM (heuristic-sql-~s) # get security waf heuristic-sql-xss-injection-detection High-Level-Security
sql-injection-detection : enable
sql-injection-action : deny
sql-injection-severity : high
uri-sql-injection-detection : enable
referer-sql-injection-detection: enable
cookie-sql-injection-detection: enable
body-sql-injection-detection : disable
xss-detection : enable
xss-action : deny
xss-severity : high
uri-xss-detection : enable
referer-xss-detection : enable
cookie-xss-detection : enable
body-xss-detection : disable
 
FortiADC-VM (heuristic-sql-~s) # get security waf heuristic-sql-xss-injection-detection Medium-Level-Security
sql-injection-detection : enable
sql-injection-action : deny
sql-injection-severity : high
uri-sql-injection-detection : enable
referer-sql-injection-detection: disable
cookie-sql-injection-detection: disable
body-sql-injection-detection : disable
xss-detection : disable
xss-action : alert
xss-severity : low
 
FortiADC-VM (heuristic-sql-~s) # get security waf heuristic-sql-xss-injection-detection Alert-Only
sql-injection-detection : enable
sql-injection-action : alert
sql-injection-severity : high
uri-sql-injection-detection : enable
referer-sql-injection-detection: disable
cookie-sql-injection-detection: disable
body-sql-injection-detection : disable
xss-detection : disable
xss-action : alert
xss-severity : low