Variable | Description | Default |
<file-upload-restriction-policy_name> | Type the name of an existing or new file upload restriction policy. The maximum length is 35 characters. To display the list of existing policies, type: edit ? | No default. |
action {alert | alert_deny | block‑period} | Type the action you want FortiWeb to perform when the policy is violated: • alert — Accept the request and generate an alert and/or log message. • alert_deny — Block the request (or reset the connection) and generate an alert email and/or log message. You can customize the web page that FortiWeb returns to the client with the HTTP status code. See the FortiWeb Administration Guide or “system replacemsg”. • block-period — Block subsequent requests from the client for a number of seconds. Also configure block-period <seconds_int>. Note: If FortiWeb is deployed behind a NAT load balancer, when using this option, you must also define an X-header that indicates the original client’s IP (see “waf x-forwarded-for”). Failure to do so may cause FortiWeb to block all connections when it detects a violation of this type. Caution: This setting will be ignored if monitor-mode {enable | disable} is enabled. Note: Logging and/or alert email will occur only if enabled and configured. See “config log disk” and “config log alertemail”. Note: If an auto-learning profile will be selected in the policy with offline protection profiles that use this rule, you should select alert. If the action is alert_deny, the FortiWeb appliance will reset the connection when it detects an attack, resulting in incomplete session information for the auto-learning feature. For more information on auto-learning requirements, see “config waf web-protection-profile autolearning-profile”. | alert |
severity {High | Medium | Low} | Select the severity level to use in logs and reports generated when a violation of the rule occurs. | Low |
trigger <trigger-policy_name> | Type the name of the trigger to apply when this policy is violated (see “config log trigger-policy”). The maximum length is 35 characters. To display the list of existing triggers, type: set trigger ? | No default. |
av-scan {enable |disable} | Specify enable to scan for trojans. Also enable and configure the signature rule for the Trojans class (070000000; see “config waf signature”). | |
block-period <seconds_int> | If action is block-period, type the number of seconds that violating requests will be blocked. The valid range is from 1 to 3,600 seconds. | 1 |
<entry_index> | Type the index number of the individual entry in the table. The valid range is from 1 to 9,999,999,999,999,999,999. | No default. |
file-upload-restriction-rule <rule_name> | Type the name of an upload restriction rule to use with the policy, if any. See “config waf file-upload-restriction-rule”. The maximum length is 35 characters. To display the list of existing rules, type: set file-upload-restriction-rule ? | No default. |