Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
mtogo_FTNT
Staff
Staff

Created on ‎09-25-2016 08:03 PM Edited on ‎06-03-2022 07:29 AM By Anonymous

Article Id 191197

Technical Tip: How to configure 'config waf file-upload-restriction-rule -> config file-types' from CLI

Description


This article describes how to configure 'config waf file-upload-restriction-rule -> config file-types' from CLI. 'waf file-upload-restriction-rule' is used for 'waf file-upload-restriction-policy' to define the specific host and request URL for which file upload restrictions apply, and define the specific file types that can be uploaded to that host or URL. To apply the rule, select it in a file upload restriction policy.

Scope

 

FortiWeb



Solution

 

Config file-types in 'waf file-upload-restriction-rule' is used to define multiple file types as follows. This example allows both MPEG and FLV files to be uploaded to the URL /file-uploads on the host www.example.com.

 

# config waf file-upload-restriction-rule
    edit file-upload-rule1
        set host-status enable
        set host www.example.com
        set request-file /file-uploads
        config file-types
            edit 1
                set file-type-id 00013
                set file-type-name MPEG
                next
            edit 2
                set file-type-id 00008
                set file-type-name FLV
            next
        end
    next
end

 

file-type-id: Numeric type ID that corresponds to the file type. Recognized IDs are updated by FortiGuard services and may vary.

file-type-name: Type the extension, such as MP3, of the file type to be allowed to upload. Recognized file types are updated by FortiGuard services and may vary.

As described above, file-type-id and file-type-name are maintained by FortiGuard services and these are specifically paired, so type both parameters exactly from CLI (TAB completion support is not provided for these parameters).

As of writing, the latest version of FortiWeb is 5.5.4, the web GUI is recommended to configure this function.

First, configure a file-upload-restriction-rule which has all the supported file from GUI as follows:

 

 

1) Open Web Protection -> File Upload Restriction Rules.

 

 

2) Click 'Create New' button on the top left corner.

 

 

3) Provide a name to choose as 'All_File_Types', appropriate parameters and click 'Add File Types'.

 

 

4) Use 'CTRL + A' in the left window of 'New File Upload Restriction Rule Items' and click the Right Allow button.

 

 

FD39344_file-types1.png

 

5) Select the OK button.

 

FD39344_file-types2.png

 

6) A list of supported pairs of file-type-id and file-type-name can be obtained by using the CLI and typing 'show waf file-upload-restriction-rule All_File_Types'.

It may be needed to check the File Upload Restriction Rule from time to time because FortiGuard may add new file types.

 

Labels:
1602
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.