waf Signatures - eventid information??

Forum|Forum|8 years ago
November 14, 2017
2 replies
18634 views

Hello, I want to understand some logs of WAF and I don't find any information about it the ID of LOG

Example: a WAF log with id 50140004 Generix Attacks

LOG

type=utm subtype=waf level=warning vd=root eventtype=waf-signature service=HTTP action=blocked profile="Web Application Firewall" severity=high eventid=50140004 msg="Generic Attacks" agent=Firefox/5.0 direction=request

packetpusher

New Member

I am curious as well.

TKucera

New Member

Hello, I found some information on that link http://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/FortiWeb_5_5/FortiWeb_5_5_5_Administration_Guide_Revision1.pdf

.

hmtay_FTNT

Staff

http://help.fortinet.com/fweb/570/Content/FortiWeb/fortiweb-admin/web_protection.htm

Here's an explanation of all the possible values.

Homing

dgipaul

New Member

CLI:

fortihost # config global
fortihost (global) # diagnose waf dump | grep 90300017
90300017 - This signature prevents attackers from obtaining file and folder names using a tilde character "~" in a get request .

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded