Description
This article describes how in FortiOS v5.4 introduced a new Web Application Firewall security profile.
This feature allows the disabling of a particular signature if traffic to a web server is being blocked by the profile.
Scope
FortiGate and FortiWiFi units running FortiOS 5.4 and above.
Solution
Although an entire category of signatures can be enabled/disabled from the GUI, a specific signature within that category can only be disabled from the CLI by using its Signature ID, shown in the logs as Event ID.
From the CLI, enter the following commands:
From the CLI, enter the following commands:
config waf profile
edit {Profile Name}
config signature
set disabled-signature {Event ID}
end
end
edit {Profile Name}
config signature
set disabled-signature {Event ID}
end
end
Note:
Be advised that if there an exemption where an attack signature has already been created and a new one is added, the new one will override the previous exemptions.
Be advised that if there an exemption where an attack signature has already been created and a new one is added, the new one will override the previous exemptions.
Example:
config waf profile
edit {Profile Name}
config signature
set disabled-signature 50140001 50140002 50140003
end
end
To add signature 50160002:
config waf profile
edit (Profile Name)
config signature
append disabled-signature 50160002
end
end
This allows the previous signature to be added without overriding the previous exemption.
To verify, see the signatures with the following command:
show full-configuration waf profile default | grep disabled-signature
set disabled-signature 50140001 50140002 50140003 50160002
In this example, 'default' is the name of the waf profile. Adjust the command to the WAF profile as needed.
