A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
Article Id 191197


This article describes how to configure 'config waf file-upload-restriction-rule -> config file-types' from CLI. 'waf file-upload-restriction-rule' is used for 'waf file-upload-restriction-policy' to define the specific host and request URL for which file upload restrictions apply, and define the specific file types that can be uploaded to that host or URL. To apply the rule, select it in a file upload restriction policy.






Config file-types in 'waf file-upload-restriction-rule' is used to define multiple file types as follows. This example allows both MPEG and FLV files to be uploaded to the URL /file-uploads on the host


# config waf file-upload-restriction-rule
    edit file-upload-rule1
        set host-status enable
        set host
        set request-file /file-uploads
        config file-types
            edit 1
                set file-type-id 00013
                set file-type-name MPEG
            edit 2
                set file-type-id 00008
                set file-type-name FLV


file-type-id: Numeric type ID that corresponds to the file type. Recognized IDs are updated by FortiGuard services and may vary.

file-type-name: Type the extension, such as MP3, of the file type to be allowed to upload. Recognized file types are updated by FortiGuard services and may vary.

As described above, file-type-id and file-type-name are maintained by FortiGuard services and these are specifically paired, so type both parameters exactly from CLI (TAB completion support is not provided for these parameters).

As of writing, the latest version of FortiWeb is 5.5.4, the web GUI is recommended to configure this function.

First, configure a file-upload-restriction-rule which has all the supported file from GUI as follows:



1) Open Web Protection -> File Upload Restriction Rules.



2) Click 'Create New' button on the top left corner.



3) Provide a name to choose as 'All_File_Types', appropriate parameters and click 'Add File Types'.



4) Use 'CTRL + A' in the left window of 'New File Upload Restriction Rule Items' and click the Right Allow button.





5) Select the OK button.




6) A list of supported pairs of file-type-id and file-type-name can be obtained by using the CLI and typing 'show waf file-upload-restriction-rule All_File_Types'.

It may be needed to check the File Upload Restriction Rule from time to time because FortiGuard may add new file types.