waf geo-ip-except
Use this command to specify IP addresses or ranges of IP addresses that are exceptions to the list of client IP addresses that FortiWeb blocks based on their geographic location.
For information on creating the blacklist by country or region, see
“waf geo-block-list”.
To use this command, your administrator account’s access control profile must have either
w or
rw permission to the
wafgrp area. For more information, see
“Permissions”.
Syntax
config waf geo-ip-except
next
end
next
end
Variable | Description | Default |
<geo-ip-except_name> | Type the name of a new or existing list of exceptions. To display the list of existing rules, type: edit ? | No default. |
<entry_index> | Type the index number of the individual entry in the table. The valid range is from 1 to 9,999,999,999,999,999,999. | No default. |
ip {address_ipv4 | ip_range_ipv4} | Type the IP address or IP address range that is exempt from blocking based on its geographic location. | No default. |
Example
This example adds the IP address range 192.0.2.0 to 192.0.2.5 to the geolocation blacklist exception list allow-north-america.
config waf geo-ip-except
edit "allow-north-america"
set ip 192.0.2.0-192.0.2.5
end
next
end
Related topics