Skip to main content
Tutek
Tutek
New Member
April 7, 2023
Question

WAF exempt

  • April 7, 2023
  • 1 reply
  • 1489 views

Hi,

after upgrade from 6.4 to 7.0.11 I have problem that WAF is blocking my public facing servers. On Fortigate I have errors like "Event Type waf-http-constraint". So I'm trying to create an exempt using this guide:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Creating-an-exemption-for-a-FortiGate-Web/ta-p/193701

But my problem is that in LOG-->Web Application Firewall log, when I click on the connection that is blocked then on details pane, I don't have "EVENT ID" to be configured for exemption, I have such information on the details pane:

 

ID	7219242010517962773 Time	2023-04-07 11:46:04 euid	3 epid	101 dsteuid	3 dstepid	1197 logver	700110489 Type	utm Sub Type	waf Log ID	1203030257 Log event original timestamp	1680860764162709200 Source Interface Role	wan Destination Interface Role	dmz Event Type	waf-http-constraint Timezone	+0200 dtime	2023-04-07 11:46:03 itime_t	1680860764 Device Name	FGT

 

1 reply

gfleming
Staff
gfleming
Staff
April 8, 2023

Is it blocking all connections to your web server? Something doesn't seem right in that case. Can you show your WAF profile config and FW policy config?

 

And do you not see the event ID in the GUI as referenced by the tech tip doc you linked?

Terms & ConditionsAccessibility statement