config security : config security waf url-protection
 
config security waf url-protection
Use this command to configure URL protection policies. URL protection policies can filter HTTP requests that match specific character strings and file extensions.
Before you begin:
You must have read-write permission for security settings.
After you have created a URL protection policy, you can specify it in a WAF profile configuration.
Syntax
config security waf url-protection
edit <name>
config url-access-rule
edit <No.>
set action {alert|deny}
set severity {high|medium|low}
set url-pattern <url-pattern>
next
end
config file-extension-rule
edit <No.>
set action {alert|deny}
set severity {high|medium|low}
set file-extension-pattern <file-extenation-pattern>
next
end
next
end
action
alert
deny
severity
high
medium
low
url-pattern
Matching string. Regular expressions are supported.
file-extension-pattern
Matching string. Regular expressions are supported.
Example
FortiADC-VM # config security waf url-protection
FortiADC-VM (url-protection) # edit url-protection-policy
Add new entry 'url-protection-policy' for node 3050
 
FortiADC-VM (url-protection~p) # config url-access-rule
FortiADC-VM (url-access-rule) # edit 1
Add new entry '1' for node 3052
 
FortiADC-VM (1) # get
url-pattern :
action : alert
severity : low
 
FortiADC-VM (1) # set url-pattern tmp
FortiADC-VM (1) # set action deny
FortiADC-VM (1) # set severity high
FortiADC-VM (1) # end
 
FortiADC-VM (url-protection~p) # config file-extension-rule
FortiADC-VM (file-extension~r) # edit 1
Add new entry '1' for node 3057
 
FortiADC-VM (1) # get
file-extension-pattern :
action : alert
severity : low
 
FortiADC-VM (1) # set file-extension-pattern tmp
FortiADC-VM (1) # set action deny
FortiADC-VM (1) # set severity high
FortiADC-VM (1) # end
 
FortiADC-VM (url-protection~p) # show
config security waf url-protection
edit "url-protection-policy"
config url-access-rule
edit 1
set url-pattern tmp
set action deny
set severity high
next
end
config file-extension-rule
edit 1
set file-extension-pattern tmp
set action deny
set severity high
next
end
next
end
 
FortiADC-VM (url-protection~p) # end