config security waf web-attack-signature
Use this command to configure web attack signature policies. The attack signature policy includes rules to enable scanning of HTTP headers and HTTP body content in HTTP requests, HTTP responses, or both.
Table 16 describes the predefined policies. You can select the predefined policies in your WAF profiles, or you can create policies that enable a different set of scan classes or a different action. In this release, you cannot exclude individual signatures or create custom signatures. You can enable or disable the scan classes.
Table 16: Web Attack Signature predefined policies
Policy | Status | Action |
High-Level-Security | • Scan HTTP header—Enabled. • Scan HTTP Request Body—Enabled. • Scan HTTP Response Body—Disabled. | • High Severity Action—Deny. • Medium Severity Action—Deny. • Low Severity Action—Alert. |
Medium-Level-Security | • Scan HTTP header—Enabled. • Scan HTTP Request Body—Enabled. • Scan HTTP Response Body—Disabled. | • High Severity Action—Deny. • Medium Severity Action—Alert. • Low Severity Action—Alert. |
Alert-Only | • Scan HTTP header—Enabled. • Scan HTTP Request Body—Disabled. • Scan HTTP Response Body—Disabled. | • High Severity Action—Alert. • Medium Severity Action—Alert. • Low Severity Action—Alert. |
Before you begin:
• You must have read-write permission for security settings.
After you have created a web attack signature policy, you can specify it in a WAF profile configuration.
Syntax
config security waf web-attack-signature
edit <name>
set scan-enable {enable|disable}
set scan-request-body {enable|disable}
set scan-response-body {enable|disable}
set high-severity-action {alert|deny}
set medium-severity-action {alert|deny}
set low-severity-action {alert|deny}
end
next
end
scan-enable | Enable/disable scanning against the signature database. This includes HTTP header scanning but not HTTP body scanning. |
scan-request-body | Enable/disable scanning against HTTP request body signatures. |
scan-response-body | Enable/disable against HTTP response body signatures. |
high-severity-action | • alert • deny |
medium-severity-action | • alert • deny |
low-severity-action | • alert • deny |
Example
FortiADC-VM # get security waf web-attack-signature High-Level-Security
status : enable
request-body-detection : enable
response-body-detection : disable
high-severity-action : deny
medium-severity-action : deny
low-severity-action : alert
FortiADC-VM # get security waf web-attack-signature Medium-Level-Security
status : enable
request-body-detection : enable
response-body-detection : disable
high-severity-action : deny
medium-severity-action : alert
low-severity-action : alert
FortiADC-VM # get security waf web-attack-signature Alert-Only
status : enable
request-body-detection : disable
response-body-detection : disable
high-severity-action : alert
medium-severity-action : alert
low-severity-action : alert