Variable | Description | Default |
<rule_name> | Type the name of a new or existing rule. The maximum length is 35 characters. To display the list of existing rules, type: edit ? | No default. |
action {alert | alert_deny | block-period} | Select one of the following actions that the FortiWeb appliance will perform when the count exceeds the rate limit: • alert — Accept the connection and generate an alert email and/or log message. • alert_deny — Block the connection and generate an alert email and/or log message. • block-period — Block subsequent requests from the client for a number of seconds. Also configure block-period <seconds_int>. Caution: This setting will be ignored if monitor-mode {enable | disable} is enabled. Note: Logging and/or alert email will occur only if enabled and configured. See “config log disk” and “config log alertemail”. Note: If an auto-learning profile will be selected in the policy with offline protection profiles that use this rule, you should select alert. If the action is alert_deny, the FortiWeb appliance will reset the connection when it detects an attack, resulting in incomplete session information for the auto-learning feature. For more information on auto-learning requirements, see “config waf web-protection-profile autolearning-profile”. | alert |
block-period <seconds_int> | Type the length of time for which the FortiWeb appliance will block additional requests after a client exceeds the rate threshold. The valid range is from 1 to 3,600 seconds. | 1 |
http-connection-threshold <limit_int> | Type the maximum number of TCP connections allowed from the same client. The valid range is from 1 to 1,024. | 1 |
severity {High | Medium | Low} | Select the severity level to use in logs and reports generated when a violation of the rule occurs. | Medium |
trigger-policy <trigger-policy_name> | Type the name of the trigger to apply when this rule is violated (see “config log trigger-policy”). The maximum length is 35 characters. To display the list of existing trigger policies, type: set trigger ? | No default. |