Solution |
When ‘Auto Restore’ is enabled in the WAD website configuration, automatic file restore will take place when there is a difference between local backup and web server files. To avoid unexpected file restoration by FortiWeb, it is important to disable ‘Auto Restore’ before file changes are made in the web server.
Requirement:
- <FWB-IP> = FortiWeb management IP.
- <ID> = WAD website ID.
- <base64_token>
- Encode string with BASE64 and use it as Authorization token.
- {“username”:”admin”,”password”:“a”,”vdom”:”root”}
API Request Format reference: https://fndn.fortinet.net/index.php?/fortiapi/939-fortiweb/964/
WAD website config API Path: /api/v2.0/cmdb/wad/website WAD website files changes acknowledge API Path: /api/v2.0/wad/antidefacement.changelist
- Review WAD config according to website ID:
curl --location 'https://<FWB-IP>/api/v2.0/cmdb/wad/website?mkey=<ID>' --header 'Authorization: <base64_token>' --header 'Accept: application/json'
The response body should look like this:
{ "results": { "can_view": 0, "q_ref": 0, "can_clone": 1, "q_type": 0, "id": "1", "name": "DVWA", "description": "", "monitor": "enable", "monitor_val": "1", "hostname-ip": "10.100.1.209", "connect-type": "smb", "connect-type_val": "2", "port": 21, "share-name": "htdocs", "web-folder": "", "user": "fortinet", "password": "ENC XXXX", "alert-email": "", "alert-email_val": "0", "interval-root": 1200, "interval-other": 1200, "monitor-depth": 10, "backup-max-fsize": 10240, "backup-skip-ftype": "", "last-backup-time": 0, "auto": "restore", "auto_val": "1", "file-filter": "", "file-filter_val": "0" } }
- Disable auto restore by deriving results from the GET request response body:
curl --location --request PUT 'https://<FWB-IP>/api/v2.0/cmdb/wad/website?mkey=<ID>' --header 'Authorization: <base64_token>' --header 'Content-Type: application/json' --data '{"data": { "can_view": 0, "q_ref": 0, "can_clone": 1, "q_type": 0, "id": "1", "name": "DVWA", "description": "", "monitor": "enable", "monitor_val": "1", "hostname-ip": "10.100.1.209", "connect-type": "smb", "connect-type_val": "2", "port": 21, "share-name": "htdocs", "web-folder": "", "user": "fortinet", "password": "ENC XXXX", "alert-email": "", "alert-email_val": "0", "interval-root": 1200, "interval-other": 1200, "monitor-depth": 10, "backup-max-fsize": 10240, "backup-skip-ftype": "", "last-backup-time": 0, "auto": "disable", "auto_val": "1", "file-filter": "", "file-filter_val": "0" } }'
*Use the above body data format to properly update the API.
- Web server under maintenance(file changes).
- Wait for the configured monitor period until the 'Total Changed' number is updated.
- Acknowledge ALL changes(to update FortiWeb local backup directory before enabling Auto Restore again).
- Review all file changes in GUI and acknowledge file changes under Web Protection -> Web Anti-Defacement -> Anti Defacement, select ‘Total Changed’ digit, and select Acknowledge All.
OR
- Acknowledge All with an API call:
curl --location --request POST 'https://<FWB-IP>/api/v2.0/wad/antidefacement.changelist' --header 'Authorization: <base64_token>' --header 'Content-Type: application/json' --data '{"id": 1, "command": "ackall"}'
'id': 1 is WAD website ID.
- Re-enable auto restore:
curl --location --request PUT 'https://<FWB-IP>/api/v2.0/cmdb/wad/website?mkey=<ID>' --header 'Authorization: <base64_token>' --header 'Content-Type: application/json' --data '{"data": { "can_view": 0, "q_ref": 0, "can_clone": 1, "q_type": 0, "id": "1", "name": "DVWA", "description": "", "monitor": "enable", "monitor_val": "1", "hostname-ip": "10.100.1.209", "connect-type": "smb", "connect-type_val": "2", "port": 21, "share-name": "htdocs", "web-folder": "", "user": "fortinet", "password": "ENC XXXX", "alert-email": "", "alert-email_val": "0", "interval-root": 1200, "interval-other": 1200, "monitor-depth": 10, "backup-max-fsize": 10240, "backup-skip-ftype": "", "last-backup-time": 0, "auto": "restore", "auto_val": "1", "file-filter": "", "file-filter_val": "0" } }'
FortiWeb will now have the latest local backup identical to web server files.
Note:
- Scripts can be used to automate API calls.
- Avoid executing simultaneous API updates for multiple WAD websites.
Related documentation: https://fndn.fortinet.net/index.php?/fortiapi/939-fortiweb/2115/939/wad/
|