Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
shafiq23
Staff
Staff

Created on ‎01-11-2024 10:10 PM

Article Id 293752

Technical Tip: How to disable Web Anti-defacement (WAD) Auto Restore configuration using API

Description

This article describes how to disable Web anti-defacement(WAD) Auto Restore configuration using API.
Scope FortiWeb v6.3.17 and later
Solution

When ‘Auto Restore’ is enabled in the WAD website configuration, automatic file restore will take place when there is a difference between local backup and web server files. To avoid unexpected file restoration by FortiWeb, it is important to disable ‘Auto Restore’ before file changes are made in the web server.

 

Requirement:

  1. <FWB-IP> = FortiWeb management IP.
  2. <ID> = WAD website ID.
  3. <base64_token>
  4.  Encode string with BASE64 and use it as Authorization token.
  5.  {“username”:”admin”,”password”:“a”,”vdom”:”root”}

 

API Request Format reference:
https://fndn.fortinet.net/index.php?/fortiapi/939-fortiweb/964/

 

WAD website config API Path: /api/v2.0/cmdb/wad/website
WAD website files changes acknowledge API Path: /api/v2.0/wad/antidefacement.changelist

 

  1. Review WAD config according to website ID:


curl --location 'https://<FWB-IP>/api/v2.0/cmdb/wad/website?mkey=<ID>' --header 'Authorization: <base64_token>' --header 'Accept: application/json'

 

GET request.PNG

 

The response body should look like this:


{ "results": { "can_view": 0, "q_ref": 0, "can_clone": 1, "q_type": 0, "id": "1", "name": "DVWA", "description": "", "monitor": "enable", "monitor_val": "1", "hostname-ip": "10.100.1.209", "connect-type": "smb", "connect-type_val": "2", "port": 21, "share-name": "htdocs", "web-folder": "", "user": "fortinet", "password": "ENC XXXX", "alert-email": "", "alert-email_val": "0", "interval-root": 1200, "interval-other": 1200, "monitor-depth": 10, "backup-max-fsize": 10240, "backup-skip-ftype": "", "last-backup-time": 0, "auto": "restore", "auto_val": "1", "file-filter": "", "file-filter_val": "0" } }

 

  1. Disable auto restore by deriving results from the GET request response body:


curl --location --request PUT 'https://<FWB-IP>/api/v2.0/cmdb/wad/website?mkey=<ID>' --header 'Authorization: <base64_token>' --header 'Content-Type: application/json' --data '{"data": { "can_view": 0, "q_ref": 0, "can_clone": 1, "q_type": 0, "id": "1", "name": "DVWA", "description": "", "monitor": "enable", "monitor_val": "1", "hostname-ip": "10.100.1.209", "connect-type": "smb", "connect-type_val": "2", "port": 21, "share-name": "htdocs", "web-folder": "", "user": "fortinet", "password": "ENC XXXX", "alert-email": "", "alert-email_val": "0", "interval-root": 1200, "interval-other": 1200, "monitor-depth": 10, "backup-max-fsize": 10240, "backup-skip-ftype": "", "last-backup-time": 0, "auto": "disable", "auto_val": "1", "file-filter": "", "file-filter_val": "0" } }'

 

*Use the above body data format to properly update the API.

 

PUT request.PNG

 

  1. Web server under maintenance(file changes).
  2. Wait for the configured monitor period until the 'Total Changed' number is updated.

 

file changes.png

 

  1. Acknowledge ALL changes(to update FortiWeb local backup directory before enabling Auto Restore again).
  • Review all file changes in GUI and acknowledge file changes under Web Protection -> Web Anti-Defacement -> Anti Defacement, select ‘Total Changed’ digit, and select Acknowledge All.

OR

 

  • Acknowledge All with an API call:


curl --location --request POST 'https://<FWB-IP>/api/v2.0/wad/antidefacement.changelist' --header 'Authorization: <base64_token>' --header 'Content-Type: application/json' --data '{"id": 1, "command": "ackall"}'

 

'id': 1 is WAD website ID.

 

POST request.PNG

 

  1. Re-enable auto restore:


curl --location --request PUT 'https://<FWB-IP>/api/v2.0/cmdb/wad/website?mkey=<ID>' --header 'Authorization: <base64_token>' --header 'Content-Type: application/json' --data '{"data": { "can_view": 0, "q_ref": 0, "can_clone": 1, "q_type": 0, "id": "1", "name": "DVWA", "description": "", "monitor": "enable", "monitor_val": "1", "hostname-ip": "10.100.1.209", "connect-type": "smb", "connect-type_val": "2", "port": 21, "share-name": "htdocs", "web-folder": "", "user": "fortinet", "password": "ENC XXXX", "alert-email": "", "alert-email_val": "0", "interval-root": 1200, "interval-other": 1200, "monitor-depth": 10, "backup-max-fsize": 10240, "backup-skip-ftype": "", "last-backup-time": 0, "auto": "restore", "auto_val": "1", "file-filter": "", "file-filter_val": "0" } }'


FortiWeb will now have the latest local backup identical to web server files.

 

Note:

  1. Scripts can be used to automate API calls.
  2. Avoid executing simultaneous API updates for multiple WAD websites.

 

Related documentation:
https://fndn.fortinet.net/index.php?/fortiapi/939-fortiweb/2115/939/wad/
124
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.