wafredir/README.md
2020-05-30 04:30:27 +00:00

2.8 KiB

wafredir

HTTP redirect builder for FortiWeb WAFs. Configure your WAF from a spreadsheet.

Build

  1. Install Go from https://golang.org
  2. Open a terminal from this directory and run the command:
go build .

Usage

Run the built executable from a terminal. Default arguments are used if not specifid

Arguments of wafredir:

-action string

default (config): action can be either 'config' or 'test'. 'config' will read the input csv file and generate FortiOS compliant configuration to create redirection policies. 'test' will read the input csv file and validate that the redirects are actually working by making requests at the source URL and validating a redirect to the destination URL actually occurs.

-concurrentReq int

default (8): only used with the action 'test'. Determines the maximum number concurrent HTTP GET requests which can be in flight at any given time.

-csvfile string

path to an input csv file. The first column of the file should be the source URL, the second column of the file should be the destination URL, and the third column should be the status code (for example 301 or 302). (default "redirects.csv")

Example Usage:

./wafredir -action="test" -concurrentReq=420 -csvfile="path/to/file.csv"

Example input csv

The first column is the source URL, the second column is the destination URL, the third column is the redirect type, must be either 301 or 302.

http://myoldsite.com/boomer,https://mynewsite.io/zoomer,301
https://myoldblog.net/blog/post/1,https://mynewblog.ru/cykablyat,302
http://mysite.org,https://yoursite.net/referral/mysite,301

Example output of config mode

------------------------


config waf url-rewrite url-rewrite-rule 
edit "http://myoldsite.com/boomer"      
set location https://mynewsite.io/zoomer
set action redirect-301
config match-condition
edit 0
set object http-url
set reg-exp /boomer$
set protocol-filter enable
set HTTP-protocol http
next
end
next
edit "https://myoldblog.net/blog/post/1"
set location https://mynewblog.ru/cykablyat
set action redirect
config match-condition
edit 0
set object http-url
set reg-exp /blog/post/1$
set protocol-filter enable
set HTTP-protocol https
next
end
next
edit "http://mysite.org"
set location https://yoursite.net/referral/mysite
set action redirect-301
config match-condition
edit 0
set object http-url
set reg-exp $
set protocol-filter enable
set HTTP-protocol http
next
end
next
end
config waf url-rewrite url-rewrite-policy
edit "myoldsite.com-redirects"
config rule
edit 0
set url-rewrite-rule-name http://myoldsite.com/boomer
next
end
next
edit "myoldblog.net-redirects"
config rule
edit 0
set url-rewrite-rule-name https://myoldblog.net/blog/post/1
next
end
next
edit "mysite.org-redirects"
config rule
edit 0
set url-rewrite-rule-name http://mysite.org
next
end
next
end