Good afternoon.
I've been having this problem for a while and I can't find a solution. If you can give me a hand I appreciate it.
We have some applications configured in Pass mode in URL Access Rule, like: /application/*
This means that no alerts are left in the log if a signature is included.
Ask:
Can the waf be configured in some way, so that it lets the urls through, but that the alerts that would block the application appeared?
There is no "Alert" option, which would solve the problem, in the actions of the Action of:Restricting access to specific URLs
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Slightly confused. You want to pass traffic through to a URL but alert on something? What are you wanting to alert on?
Thank you very much for answering my question. I will try to explain myself better.
We have url access policy with several url access rules. In with the "Action" Pass and others in "Alert& Deny" and in them we have Url Access Condition, which allude to a URL Pattern.
If a rule is in Pass, the url that is not protected does not give us information about what would be blocked in the Log&Report\Attacks
If the rule is set to Alert&Deny, the WAF denies communications according to its policies and the alert appears in the Log&Report, but it denies us the connection.
We need the communication of those URLs configured in the URL Access Policy to go through the WAF, that they are not denied, but that their vulnerabilities or the attack that the WAF would have denied appear in the Log&Report\Attacks.
We have tried putting the "continue" option, but it denies communications when a policy detects it.
We also don't want to create a policy in “monitor” mode, so that it gives it to us.
A greeting and thank you very much again
Hello,
I believe action that you are looking for is 'Continue' however you mentioned that it is still getting denied with that action. Please look into respective attack log on which web protection profile was blocking the connection. In this way, you could fine tune the related profile action to 'Alert'. Please refer Fortiweb sequence of scans for more information;
https://docs.fortinet.com/document/fortiweb/7.2.1/administration-guide/234292/sequence-of-scans
Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1678 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.