config waf signature
  edit "GeneralWebSiteProtect"
    config  main_class_list
      edit "010000000"
        set fpm-status disable
        set action alert_deny
        set severity High
      next
      edit "020000000"
        set status disable
        set fpm-status disable
      next
      edit "030000000"
        set action alert_deny
        set severity High
      next
      edit "040000000"
        set status disable
        set fpm-status disable
      next
      edit "050000000"
        set fpm-status disable
        set action alert_deny
        set severity High
      next
      edit "060000000"
        set status disable
        set fpm-status disable
      next
      edit "070000000"
        set fpm-status disable
        set action alert_deny
      next
      edit "080000000"
        set status disable
        set fpm-status disable
        set severity Low
      next
      edit "090000000"
        set fpm-status disable
        set action alert_deny
        set severity High
      next
      edit "100000000"
        set status disable
        set fpm-status disable
        set severity High
      next
    end
    config  sub_class_disable_list
    end
    config  signature_disable_list
      edit "060030001"
      next
      edit "060120001"
      next
      edit "080080005"
      next
      edit "080200001"
      next
      edit "080080003"
      next
      edit "090410001"
      next
      edit "090410002"
      next
      edit "040000141"
      next
      edit "040000136"
      next
      edit "060180001"
      next
      edit "060180002"
      next
      edit "060180003"
      next
      edit "060180004"
      next
      edit "060180005"
      next
      edit "060180006"
      next
      edit "060180007"
      next
      edit "060180008"
      next
      edit "010000072"
      next
      edit "010000092"
      next
      edit "010000093"
      next
      edit "010000214"
      next
      edit "030000182"
      next
      edit "030000195"
      next
      edit "030000204"
      next
      edit "050140001"
      next
      edit "050140003"
      next
      edit "050140004"
      next
      edit "050220001"
      next
      edit "080200004"
      next
      edit "080200005"
      next
      edit "080210001"
      next
      edit "080210002"
      next
      edit "080210003"
      next
      edit "080210004"
      next
      edit "080210005"
      next
      edit "090240001"
      next
      edit "050180003"
      next
    end
    config  alert_only_list
    end
    config  fpm_disable_list
    end
    config  scoring_override_disable_list
    end
    config  score_grade_list
    end
    config  filter_list
    end
  next
end

config waf syntax-based-attack-detection
  edit "SyntaxBasedDetection"
    config  exception-element-list
    end
  next
end

config waf x-forwarded-for
  edit "x-forwarded-for"
    set tracing-original-ip enable
    set original-ip-header X-FORWARDED-FOR
    config  ip-list
    end
    set block-based-on-original-ip enable
    set skip-private-original-ip disable
  next
end

config waf web-protection-profile inline-protection
  edit "GeneralWebSiteProtect"
    set signature-rule GeneralWebSiteProtect
    set x-forwarded-for-rule x-forwarded-for
    set redirect-url http://
    set ip-intelligence enable
    set syntax-based-attack-detection SyntaxBasedDetection
  next
end