Fortinet black logo

Examples of built-in predefined scripts

Copy Link
Copy Doc ID 8173d994-aa85-11e9-81a4-00505692583a:653314
Download PDF

Examples of built-in predefined scripts

As of V5.3.0, FortiADC has the following built-in scripts; the user can refer to these examples to finish their scripting as needed.

Predefined script

Description

IP_COMMANDS

Used to get various types IP Address and port number between client and server side.

SNAT_COMMANDS

Allows you to overwrite client source address to a specific IP for certain clients, also support IPv4toIPv6 or IPv6toIPv4 type.

Note: Make sure the flag SOURCE ADDRESS is selected in the HTTP or HTTPS type of profile.

SOCKOPT_COMMAND_USAGE

Allows the user to customize the TCP_send buffer and TCP_receive buffer size.

TCP_EVENTS_n_COMMANDS

Demonstrates how to reject a TCP connection from a client in TCP_ACCEPTED event.

GEOIP_UTILITY

Used to fetch the GEO information country and possible province name of an IP address.

CONTENT_ROUTING_by_URI

Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.

CONTENT_ROUTING_by_X_FORWARDED_FOR

Routes to a pool member based on IP address in the X-Forwarded-For header. You should not use this script as is. Instead, copy it and customize the X-Fowarded-For header values and pool member names.

GENERAL_REDIRECT_DEMO

Redirects requests to a URL with the user-defined code and cookie.

Note: Do NOT use this script "as is". Instead, copy and customize the code, URL, and cookie.

HTTP_2_HTTPS_REDIRECTION

Redirects requests to the HTTPS site. You can use this script without changes

HTTP_2_HTTPS_REDIRECTION_FULL_URL

Redirects requests to the specified HTTPS URL.

Note: This script can be used directly, without making any change.

REDIRECTION_by_STATUS_CODE

Redirects requests based on the status code of server HTTP response (for example, a redirect to the mobile version of a site). Do NOT use this script "as is". Instead, copy it and customize the condition in the server HTTP response status code and the URL values.

REDIRECTION_by_USER_AGENT

Redirects requests based on User Agent (for example, a redirect to the mobile version of a site). You should not use this script as is. Instead, copy it and customize the User Agent and URL values

REWRITE_HOST_n_PATH

Rewrites the host and path in the HTTP request, for example, if the site is reorganized. You should not use this script as is. Instead, copy

REWRITE_HTTP_2_HTTPS_in_LOCATION

Rewrites HTTP location to HTTPS, for example, rewrite

“Location:http://www.example.com” to

“Location:https://www.example.com”

Note: You can use the script directly, without making any change

REWRITE_HTTP_2_HTTPS_in_REFERER

Rewrites HTTP referer to HTTPS, for example, rewrite

“Referer: http://www.example.com” to

“Referer: https://www.example.com”.

Note: You can use the script directly, without making any change.

REWRITE_HTTPS_2_HTTP_in_LOCATION

Rewrites HTTPS location to HTTP, for example, rewrite

“Location:https://www.example.com” to

“Location:http://www.example.com”.

Note: You can use the script directly, without making any change.

REWRITE_HTTPS_2_HTTP_in_REFERER

Rewrites HTTPS referer to HTTP, for example, rewrite

“Referer: https://www.example.com” to

“Referer: http://www.example.com”.

Note: You can use the script directly, without making any change

HTTP_DATA_FETCH_SET_DEMO

Collects data in HTTP request body or HTTP response body. In HTTP_REQUEST or HTTP_RESPONSE, you could collect specified size data with “size” in collect().In HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE. You could print the data use “content”, calculate data length with “size”, and rewrite the data with “set”.

Note: Do NOT use this script "as is". Instead, copy it and manipulate the collected data.

HTTP_DATA_FIND_REMOVE_REPLACE_DEMO

Finds a specified string, removes a specified string, or replaces a specified string to new content in HTTP data.

Note: Do NOT use this script "as is". Instead, copy it and manipulate the collected data.

URL_UTILITY_COMMANDS

Demonstrate how to use those url tools to encode/decode/parser/compare .

USE_REQUEST_HEADERS_in_OTHER_EVENTS

Stores a request header value in an event and uses it in other events. For example, you can store a URL in a request event, and use it in a response event.

Note: Do NOT use this script "as is". Instead, copy it and customize the content you want to store, use collect() in HTTP_REQUEST to trigger HTTP_DATA_REQUEST,or use collect() in HTTP_ RESPONSE to trigger HTTP_DATA_ RESPONSE.

SSL_EVENTS_n_COMMANDS

Demonstrate how to fetch the SSL certificate information and some of the SSL connection parameters between server and client side.

AUTH_COOKIE_BAKE

Allows you to retrieve the baked cookie and edit the cookie content.

AUTH_EVENTS_n_COMMANDS

Used to get the information from authentication process.

OPTIONAL_CLIENT_AUTHENTICATION

Performs optional client authentication.

Note: Before using this script, you must have the following four parameters configured in the client-ssl-profile:

l client-certificate-verify—Set to the verify you'd like to use to verify the client certificate.

l client-certificate-verify-option—Set to optional

l ssl-session-cache-flag—Disable.

l use-tls-tickets—Disable.

l

CUSTOMIZE_AUTH_KEY

Demonstrate how to customize the crypto key for authentication cookie.

COOKIE_COMMANDS

Demonstrate the cookie command to get the whole cookie in a table and how to remove/insert/set the cookie attribute.

COOKIE_COMMANDS_USAGE

Demonstrate the sub-function to handle the cookie attribute "SameSite" and others.

COOKIE_CRYPTO_COMMANDS

Used to perform cookie encryption/decryption on behalf of the real server.

AES_DIGEST_SIGN_2F_COMMANDS

Demonstrate how to use AES to encryption/decryption data and some tools to generate the digest.

CLASS_SEARCH_n_MATCH

Demonstrates how to use the class_match and class_search utility function.

COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO

Compares an IP address to an address group to determine if the IP address is included in the specified IP group. For example ,192.168.1.2 is included 192.168.1.0/24.

Note: Do NOT use this script "as is". Instead, copy it and customize the IP address and the IP address group.

INSERT_RANDOM_MESSAGE_ID_DEMO

Inserts a 32-bit hex string into the HTTP header with a parameter “Message-ID”.

Note: You can use the script directly, without making any change.

MANAGEMENT_COMMANDS

Allow you to disable/enable rest of the events from executing.

UTILITY_FUNCTIONS_DEMO

Demonstrates how to use the basic string operations and random number/alphabet, time, MD5, SHA1, SHA2, BASE64, BASE32, table to string conversion, network to host conversion utility function.

SPECIAL_CHARACTERS_HANDLING_DEMO

Shows how to use those "magic characters" which have special meanings when used in a certain pattern. The magic characters are ( ) . % + - * ? [ ] ^ $

MULTIPLE_SCRIPT_CONTROL_DEMO_1

Uses demo_1 and demo_2 script to show how multiple scripts work. Demo_1 with priority 12 has a higher priority.

Note: You could enable or disable other events. Do NOT use this script "as is". Instead, copy it and customize the operation.

MULTIPLE_SCRIPT_CONTROL_DEMO_2

Uses demo_1 and demo_2 script to show how multiple scripts work. Demo_2 with priority 24 has a lower priority.

Note: You could enable or disable other events. Do NOT use this script "as is". Instead, copy it and customize the operation

Examples of built-in predefined scripts

As of V5.3.0, FortiADC has the following built-in scripts; the user can refer to these examples to finish their scripting as needed.

Predefined script

Description

IP_COMMANDS

Used to get various types IP Address and port number between client and server side.

SNAT_COMMANDS

Allows you to overwrite client source address to a specific IP for certain clients, also support IPv4toIPv6 or IPv6toIPv4 type.

Note: Make sure the flag SOURCE ADDRESS is selected in the HTTP or HTTPS type of profile.

SOCKOPT_COMMAND_USAGE

Allows the user to customize the TCP_send buffer and TCP_receive buffer size.

TCP_EVENTS_n_COMMANDS

Demonstrates how to reject a TCP connection from a client in TCP_ACCEPTED event.

GEOIP_UTILITY

Used to fetch the GEO information country and possible province name of an IP address.

CONTENT_ROUTING_by_URI

Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.

CONTENT_ROUTING_by_X_FORWARDED_FOR

Routes to a pool member based on IP address in the X-Forwarded-For header. You should not use this script as is. Instead, copy it and customize the X-Fowarded-For header values and pool member names.

GENERAL_REDIRECT_DEMO

Redirects requests to a URL with the user-defined code and cookie.

Note: Do NOT use this script "as is". Instead, copy and customize the code, URL, and cookie.

HTTP_2_HTTPS_REDIRECTION

Redirects requests to the HTTPS site. You can use this script without changes

HTTP_2_HTTPS_REDIRECTION_FULL_URL

Redirects requests to the specified HTTPS URL.

Note: This script can be used directly, without making any change.

REDIRECTION_by_STATUS_CODE

Redirects requests based on the status code of server HTTP response (for example, a redirect to the mobile version of a site). Do NOT use this script "as is". Instead, copy it and customize the condition in the server HTTP response status code and the URL values.

REDIRECTION_by_USER_AGENT

Redirects requests based on User Agent (for example, a redirect to the mobile version of a site). You should not use this script as is. Instead, copy it and customize the User Agent and URL values

REWRITE_HOST_n_PATH

Rewrites the host and path in the HTTP request, for example, if the site is reorganized. You should not use this script as is. Instead, copy

REWRITE_HTTP_2_HTTPS_in_LOCATION

Rewrites HTTP location to HTTPS, for example, rewrite

“Location:http://www.example.com” to

“Location:https://www.example.com”

Note: You can use the script directly, without making any change

REWRITE_HTTP_2_HTTPS_in_REFERER

Rewrites HTTP referer to HTTPS, for example, rewrite

“Referer: http://www.example.com” to

“Referer: https://www.example.com”.

Note: You can use the script directly, without making any change.

REWRITE_HTTPS_2_HTTP_in_LOCATION

Rewrites HTTPS location to HTTP, for example, rewrite

“Location:https://www.example.com” to

“Location:http://www.example.com”.

Note: You can use the script directly, without making any change.

REWRITE_HTTPS_2_HTTP_in_REFERER

Rewrites HTTPS referer to HTTP, for example, rewrite

“Referer: https://www.example.com” to

“Referer: http://www.example.com”.

Note: You can use the script directly, without making any change

HTTP_DATA_FETCH_SET_DEMO

Collects data in HTTP request body or HTTP response body. In HTTP_REQUEST or HTTP_RESPONSE, you could collect specified size data with “size” in collect().In HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE. You could print the data use “content”, calculate data length with “size”, and rewrite the data with “set”.

Note: Do NOT use this script "as is". Instead, copy it and manipulate the collected data.

HTTP_DATA_FIND_REMOVE_REPLACE_DEMO

Finds a specified string, removes a specified string, or replaces a specified string to new content in HTTP data.

Note: Do NOT use this script "as is". Instead, copy it and manipulate the collected data.

URL_UTILITY_COMMANDS

Demonstrate how to use those url tools to encode/decode/parser/compare .

USE_REQUEST_HEADERS_in_OTHER_EVENTS

Stores a request header value in an event and uses it in other events. For example, you can store a URL in a request event, and use it in a response event.

Note: Do NOT use this script "as is". Instead, copy it and customize the content you want to store, use collect() in HTTP_REQUEST to trigger HTTP_DATA_REQUEST,or use collect() in HTTP_ RESPONSE to trigger HTTP_DATA_ RESPONSE.

SSL_EVENTS_n_COMMANDS

Demonstrate how to fetch the SSL certificate information and some of the SSL connection parameters between server and client side.

AUTH_COOKIE_BAKE

Allows you to retrieve the baked cookie and edit the cookie content.

AUTH_EVENTS_n_COMMANDS

Used to get the information from authentication process.

OPTIONAL_CLIENT_AUTHENTICATION

Performs optional client authentication.

Note: Before using this script, you must have the following four parameters configured in the client-ssl-profile:

l client-certificate-verify—Set to the verify you'd like to use to verify the client certificate.

l client-certificate-verify-option—Set to optional

l ssl-session-cache-flag—Disable.

l use-tls-tickets—Disable.

l

CUSTOMIZE_AUTH_KEY

Demonstrate how to customize the crypto key for authentication cookie.

COOKIE_COMMANDS

Demonstrate the cookie command to get the whole cookie in a table and how to remove/insert/set the cookie attribute.

COOKIE_COMMANDS_USAGE

Demonstrate the sub-function to handle the cookie attribute "SameSite" and others.

COOKIE_CRYPTO_COMMANDS

Used to perform cookie encryption/decryption on behalf of the real server.

AES_DIGEST_SIGN_2F_COMMANDS

Demonstrate how to use AES to encryption/decryption data and some tools to generate the digest.

CLASS_SEARCH_n_MATCH

Demonstrates how to use the class_match and class_search utility function.

COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO

Compares an IP address to an address group to determine if the IP address is included in the specified IP group. For example ,192.168.1.2 is included 192.168.1.0/24.

Note: Do NOT use this script "as is". Instead, copy it and customize the IP address and the IP address group.

INSERT_RANDOM_MESSAGE_ID_DEMO

Inserts a 32-bit hex string into the HTTP header with a parameter “Message-ID”.

Note: You can use the script directly, without making any change.

MANAGEMENT_COMMANDS

Allow you to disable/enable rest of the events from executing.

UTILITY_FUNCTIONS_DEMO

Demonstrates how to use the basic string operations and random number/alphabet, time, MD5, SHA1, SHA2, BASE64, BASE32, table to string conversion, network to host conversion utility function.

SPECIAL_CHARACTERS_HANDLING_DEMO

Shows how to use those "magic characters" which have special meanings when used in a certain pattern. The magic characters are ( ) . % + - * ? [ ] ^ $

MULTIPLE_SCRIPT_CONTROL_DEMO_1

Uses demo_1 and demo_2 script to show how multiple scripts work. Demo_1 with priority 12 has a higher priority.

Note: You could enable or disable other events. Do NOT use this script "as is". Instead, copy it and customize the operation.

MULTIPLE_SCRIPT_CONTROL_DEMO_2

Uses demo_1 and demo_2 script to show how multiple scripts work. Demo_2 with priority 24 has a lower priority.

Note: You could enable or disable other events. Do NOT use this script "as is". Instead, copy it and customize the operation