Description |
This article describes the WAF URL protection rule in FortiADC to perform allow and deny action based upon a specific pattern. |
Scope | v6.2 and later |
Solution |
Example scenario: 1. www.abc.com/about.hml < --- action Deny 2.www.xyz.com/about.html < --- action Alert (pass)
Configure Example of URL Protection Rule:
For more info about configuring WAF profile, please refer to the below guide for more info https://docs.fortinet.com/document/fortiadc/6.2.2/handbook/746707/configuring-waf-action-objects
Verification on security log under WAF category: log_id=0202006007 type=attack subtype=waf pri=alert count=1 severity=low service=http action=alert sigid=1030010002 owasp_top10=A5:2017-Broken Access Control subcat=waf_url_protect http_method=GET http_host=www.xyz.com http_url=/about.html msg="Attack ID: 1030010002 Desc: "Request URL Pattern Violation" Module: "URL Protection" Check Type: "URL Access Rule""
log_id=0202006007 type=attack subtype=waf pri=alert count=1 severity=low service=http action=deny sigid=1030010001 owasp_top10=A5:2017-Broken Access Control subcat=waf_url_protect http_method=GET http_host=www.abc.com http_url=/about.html msg="Attack ID: 1030010001 Desc: "Request URL Pattern Violation" Module: "URL Protection" Check Type: "URL Access Rule"" |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.