Hello,
The Web Application Firewall on FortiGates is blocking access to two URLs due to the following event IDs:
1. URL: [https://web.domain.com/page.php]
Event ID: 60140003
Event Type: waf-signature
Sub Type: waf
Type: utm
FortiGate # diagnose waf dump | grep -f 60140003
60140003 - This signature prevents attackers from performing RFI attacks to include a malicious code from a remote resource. <---
2. URL: [https://web.domain.com/file.php]
Event ID: 40000141
Event Type: waf-signature
Sub Type: waf
Type: utm
FortiGate # diagnose waf dump | grep -f 40000141
40000141 - This signature prevents attackers from injecting SQL Databases using "\*". <---
Could you please guide me on how to add exceptions in WAF profile for these two URLs in FortiManager, so that access will be granted?
Thank you!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Please see the article Creating an exemption for a FortiGate Web... - Fortinet Community on adding exemptions to signatures in a profile.
best regards,
Jin
Created on 10-17-2024 12:18 AM Edited on 10-17-2024 12:36 AM
Hello @jintrah_FTNT,
Thank you for your response. If i disable the signature, will it be disabled for all other URLs as well, or just for the two specific URLs?
When I edit the WAF profile in FMG and navigate to the 'disabled-signatures' option, I cannot find the signature ID in the drop-down menu. Should I instead go to the 'custom-signatures' section, create a new custom signature, and add the event IDs in the pattern field and then set action to permit?
Thank you!
Hello,
If disabled in the profile, this goes for all urls.
best regards,
Jin
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.