Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Abdal_opr
New Contributor

Web Application Firewall is blocking access to URLs

Hello,

 

The Web Application Firewall on FortiGates is blocking access to two URLs due to the following event IDs:

 

1. URL: [https://web.domain.com/page.php]
Event ID: 60140003
Event Type: waf-signature
Sub Type: waf
Type: utm

 

FortiGate  # diagnose waf dump | grep -f 60140003
  60140003 - This signature prevents attackers from performing RFI attacks to include a malicious code from a remote resource. <---

 

 

2. URL: [https://web.domain.com/file.php]
Event ID: 40000141
Event Type: waf-signature
Sub Type: waf
Type: utm

 

FortiGate # diagnose waf dump | grep -f 40000141
  40000141 - This signature prevents attackers from injecting SQL Databases using  "\*". <---

 

 

Could you please guide me on how to add exceptions in WAF profile for these two URLs in FortiManager, so that access will be granted?

 

Thank you!

3 REPLIES 3
jintrah_FTNT
Staff
Staff

Hi,

Please see the article Creating an exemption for a FortiGate Web... - Fortinet Community on adding exemptions to signatures in a profile.

 

best regards,

Jin

Abdal_opr

Hello @jintrah_FTNT,

 

Thank you for your response. If i disable the signature, will it be disabled for all other URLs as well, or just for the two specific URLs?

 

When I edit the WAF profile in FMG and navigate to the 'disabled-signatures' option, I cannot find the signature ID in the drop-down menu. Should I instead go to the 'custom-signatures' section, create a new custom signature, and add the event IDs in the pattern field and then set action to permit?

 

Thank you!

jintrah_FTNT

Hello,

If disabled in the profile, this goes for all urls. 

 

best regards,

Jin

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors