Description
Scope
Solution
This article describes how in FortiOS v5.4 introduced a new Web Application Firewall security profile.
This feature allows the disabling of a particular signature if traffic to a web server is being blocked by the profile.
Scope
FortiGate and FortiWiFi units running FortiOS 5.4 and above
Solution
Although an entire category of signatures can be enabled/disabled from the GUI, a specific signature within that category can only be disabled from the CLI by using its Signature ID, shown in the logs as Event ID.
From the CLI, enter the following commands:
Keep in mind that when an exemption of an attack signature has been already created and another one need to be created, in case that only the new signature is added it will overwrite the previous exemptions.
From the CLI, enter the following commands:
# config waf profileNote:
edit {Profile Name}
# config signature
set disabled-signature {Event ID}
end
end
Keep in mind that when an exemption of an attack signature has been already created and another one need to be created, in case that only the new signature is added it will overwrite the previous exemptions.
Example:
# config waf profileTo add signature 50160002.
edit {Profile Name}
# config signature
set disabled-signature set disabled-signature 50140001 50140002 50140003
end
end
# config waf profileIn this case the previous configuration will be overwritten and only the new entry will be exempted.The correct configuration is:
edit {Profile Name}
# config signature
set disabled-signature 50160002
end
end
# config waf profile
edit {Profile Name}
# config signature
set disabled-signature set disabled-signature 50140001 50140002 50140003 50160002
end
end
