Technical Tip: WAF URL Protection Pattern Matching
| Description | This article describes the WAF URL protection rule in FortiADC to perform allow and deny action based upon a specific pattern. |
| Scope | v6.2 and later |
| Solution | Example scenario: 1. www.abc.com/about.hml < --- action Deny 2.www.xyz.com/about.html < --- action Alert (pass)
Configure Example of URL Protection Rule: 
For more info about configuring WAF profile, please refer to the below guide for more info https://docs.fortinet.com/document/fortiadc/6.2.2/handbook/746707/configuring-waf-action-objects
Verification on security log under WAF category: log_id=0202006007 type=attack subtype=waf pri=alert count=1 severity=low service=http action=alert sigid=1030010002 owasp_top10=A5:2017-Broken Access Control subcat=waf_url_protect http_method=GET http_host=www.xyz.com http_url=/about.html msg="Attack ID: 1030010002 Desc: "Request URL Pattern Violation" Module: "URL Protection" Check Type: "URL Access Rule""
log_id=0202006007 type=attack subtype=waf pri=alert count=1 severity=low service=http action=deny sigid=1030010001 owasp_top10=A5:2017-Broken Access Control subcat=waf_url_protect http_method=GET http_host=www.abc.com http_url=/about.html msg="Attack ID: 1030010001 Desc: "Request URL Pattern Violation" Module: "URL Protection" Check Type: "URL Access Rule"" |