DescriptionThis article describes how in FortiOS v5.4 introduced a new Web Application Firewall security profile.
This feature allows the disabling of a particular signature if traffic to a web server is being blocked by the profile.
ScopeFortiGate and FortiWiFi units running FortiOS 5.4 and above
SolutionAlthough an entire category of signatures can be enabled/disabled from the GUI, a specific signature within that category can only be disabled from the CLI by using its Signature ID, shown in the logs as Event ID.
From the CLI, enter the following commands:# config waf profile
edit {Profile Name}
# config signature
set disabled-signature {Event ID}
end
end
Note:
Keep in mind that when an exemption of an attack signature has been already created and another one need to be created, in case that only the new signature is added it will overwrite the previous exemptions.
Example:
# config waf profile
edit {Profile Name}
# config signature
set disabled-signature set disabled-signature 50140001 50140002 50140003
end
end
To add signature 50160002.# config waf profile
edit {Profile Name}
# config signature
set disabled-signature 50160002
end
end
In this case the previous configuration will be overwritten and only the new entry will be exempted.The correct configuration is:# config waf profile
edit {Profile Name}
# config signature
set disabled-signature set disabled-signature 50140001 50140002 50140003 50160002
end
end