FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to Block/Allow URLs that contain a specific string with Web Application Firewall.
Scope
FortiGate, Web Application Firewall.
Solution
set pattern "<any_string>"
This article describes how to use WAF to allow or block any URL that contains the desired string. Open the CLI and then create a WAF profile. Each profile should have its name and then set a name for each use case.
Copy the following CLI commands into the CLI window of the FortiGate.
It is also possible to copy the following CLI commands and replace <profile_exception> with the desired name for the signature-exception profile. Then replace <test_string> with the string desired to trigger the signature exception (regex is allowed). Then set the action to <block/allow> url when test_string is present.
config waf profile edit <waf_profile_name> config signature-exception edit 0 set name "<profile_exception>" set type url set pattern "<test_string>" set action allow next end next end
To check if the settings have been set, run the following:
