Help
FortiADC
FortiADC enhances the scalability, performance, and security of your applications whether they are hosted on premises or in the cloud.
scheehan_FTNT
Staff
Staff

Created on ‎03-22-2022 05:57 AM

Technical Tip: WAF URL Protection Pattern Matching

Description

This article describes the WAF URL protection rule in FortiADC to perform allow and deny action based upon a specific pattern.
Scope v6.2 and later
Solution

Example scenario:

1. www.abc.com/about.hml  < --- action Deny

2.www.xyz.com/about.html < --- action Alert (pass)

 

Configure Example of URL Protection Rule:

scheehan_FTNT_0-1647952188436.png

 

For more info about configuring WAF profile, please refer to the below guide for more info

https://docs.fortinet.com/document/fortiadc/6.2.2/handbook/746707/configuring-waf-action-objects

 

Verification on security log under WAF category:

log_id=0202006007 type=attack subtype=waf pri=alert count=1 severity=low service=http action=alert sigid=1030010002 owasp_top10=A5:2017-Broken Access Control subcat=waf_url_protect http_method=GET http_host=www.xyz.com  http_url=/about.html msg="Attack ID: 1030010002 Desc: "Request URL Pattern Violation" Module: "URL Protection" Check Type: "URL Access Rule""

 

log_id=0202006007 type=attack subtype=waf pri=alert count=1 severity=low service=http action=deny sigid=1030010001 owasp_top10=A5:2017-Broken Access Control subcat=waf_url_protect http_method=GET http_host=www.abc.com  http_url=/about.html msg="Attack ID: 1030010001 Desc: "Request URL Pattern Violation" Module: "URL Protection" Check Type: "URL Access Rule""
Labels:
239
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.