- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Web Application Firewall is blocking access to URLs
Hello,
The Web Application Firewall on FortiGates is blocking access to two URLs due to the following event IDs:
1. URL: [https://web.domain.com/page.php]
Event ID: 60140003
Event Type: waf-signature
Sub Type: waf
Type: utm
FortiGate # diagnose waf dump | grep -f 60140003
60140003 - This signature prevents attackers from performing RFI attacks to include a malicious code from a remote resource. <---
2. URL: [https://web.domain.com/file.php]
Event ID: 40000141
Event Type: waf-signature
Sub Type: waf
Type: utm
FortiGate # diagnose waf dump | grep -f 40000141
40000141 - This signature prevents attackers from injecting SQL Databases using "\*". <---
Could you please guide me on how to add exceptions in WAF profile for these two URLs in FortiManager, so that access will be granted?
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please see the article Creating an exemption for a FortiGate Web... - Fortinet Community on adding exemptions to signatures in a profile.
best regards,
Jin
Created on ‎10-17-2024 12:18 AM Edited on ‎10-17-2024 12:36 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @jintrah_FTNT,
Thank you for your response. If i disable the signature, will it be disabled for all other URLs as well, or just for the two specific URLs?
When I edit the WAF profile in FMG and navigate to the 'disabled-signatures' option, I cannot find the signature ID in the drop-down menu. Should I instead go to the 'custom-signatures' section, create a new custom signature, and add the event IDs in the pattern field and then set action to permit?
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
If disabled in the profile, this goes for all urls.
best regards,
Jin
