Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 6.2.0 Handbook
    6.2.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring caching rules

    Using caching features

    The system RAM cache can store HTTP content and serve subsequent HTTP requests for that content without forwarding the requests to the backend servers, thereby reducing the load on the backend servers.

    You can configure basic static caching or dynamic caching rules.

    Static caching

    Static caching feature illustrates the static caching feature.

    Static caching feature

    Before content is cached After content has been cached
    1. FortiADC receives the request from Client A and checks to see if it has a cached copy of the content.
    2. If it does not, it forwards the request to a backend server.
    3. The server sends content in response, and FortiADC caches the content.
    4. FortiADC sends it to the client.
    1. FortiADC receives the request from Client B and checks to see if it has a cached copy of the content.
    2. It does, so it responds by sending the content to the client. The backend server is not contacted.

    In general, the RAM cache conforms with the cache requirements described in sections 13 and 14 in RFC 2616.

    If caching is enabled for the profile that is applied to traffic processing, the system evaluates HTTP responses to determine whether or not to cache the content. HTTP responses with status codes 200, 203, 300, 301, 400 can be cached.

    The following content is not cached:

    • A response for a request that uses any method other than GET.
    • A response for a request of which URI is contained in URI Exclude List or Dynamic Request URI Invalid list.
    • A response for a request that contains any of the following headers: If-Match, If-Unmodified-Since, Authorization, Proxy-Authorization.
    • A response that contains any of the following headers: Pragma, Vary, Set-Cookie, and Set-Cookie2.
    • A response that does not include the Content-Length header. The Content-Length header must be 0.
    • A response that does not contain the following headers: Cache-Control, Expires.
    • A response with a Cache-Control header that does not have any of the following values: public, max-age, s-maxage.
    • A response with a Cache-Control header that has one of the following values: no-cache, no-store, private.

    In addition, content is not cached if the user-configured RAM cache thresholds described below are exceeded.

    Dynamic caching

    Dynamic caching is subject to rules you configure. In the Dynamic Caching Rules List, content that matches "caching invalid" URIs is never cached; otherwise, content that matches the Dynamic Cache Rule List of URIs is cached for the period you specify.

    Dynamic caching is useful for dynamic web app experiences, such as online stores. For example, suppose a site uses a shopping cart. The URL to list items in the shopping cart is as follows:

    http://customshop.com/cart/list

    The URLs to add or delete items in the cart is as follows:

    http://customshop.com/cart/add

    http://customshop.com/cart/delete

    In this case, you never want to cache the added or deleted pages because the old content will be "invalidated" by the changes you make. You may want, however, to cache the list page, but only for the period of time that you specify. The dynamic "invalid" rules makes it possible for you to never cache added and deleted pages, whereas the Dynamic Cache Rule List allows you to cache the list page for a specified period of time.

    Another case where dynamic caching is useful is when content on a page is dynamic. For example, suppose an online ticket vendor has the following URL that shows how many tickets remain available for an event: http://customshop.com/tickets/get_remains. The number of tickets available is updated by a backend database. In this case, you might want to invalidate caching the URL or give it a small age out time.

    Configuring caching rules

    Before you begin:

    • You must have a good understanding of caching and knowledge about the size of content objects clients access on the backend servers.
    • You must have deep and detailed knowledge of your website URIs if you want to create dynamic caching rules.
    • You must have Read-Write permission for Load Balance settings.

    Caching is not enabled by default. After you have configured caching, you can select it in the profile configuration. To enable caching, select the profile when you configure the virtual server.

    To configure caching:
    1. Click Server Load Balance > Application Optimization.
    2. Click the Caching tab.
    3. Click Create New to display the Caching configuration editor.
    4. Complete the configuration as described in Caching configuration.
    5. Save the configuration.

    Caching configuration
    Settings Guidelines

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the profile configuration.

    Note: After you initially save the configuration, you cannot edit the name.

    Maximum Object Size

    The default is 1 MB. The valid range is 1 byte to 10 MB.

    Maximum Cache Size

    The default is 100 MB. The valid range is 1 byte to 500 MB.

    Maximum Entries

    The default is 10,000. The valid range is 1 to 262,144.

    Maximum Age

    The default is 43,200 seconds. The valid range is 60 to 86,400.

    The backend real server response header also includes a maximum age value. The FortiADC system enforces whichever value is smaller.

    URI Exclude List

    URI

    Specify URIs to build the list. You can use regular expressions.

    This list has precedence over the Dynamic Cache Rule List. In other words, if a URI matches this list, it is ineligible for caching, even if it also matches the Dynamic Cache Rule list.
    Dynamic Cache Rule List
    ID Enter a unique ID. Valid values range from 1 to 1023.
    Age Timeout for the dynamic cache entry. The default is 60 seconds. The valid range is 1-86,400. This age applies instead of any age value in the backend server response header.
    URI

    Pattern to match the URIs that have content you want cached and served by FortiADC.

    Be careful with matching patterns and the order rules in the list. Rules are consulted from lowest rule ID to highest. The first rule that matches is applied.
    Invalid URI

    Pattern to match URIs that trigger cache invalidation.

    Be careful with matching patterns and the order rules in the list. Rules are consulted from lowest rule ID to highest. The first rule that matches is applied.

    This list has precence over the Dynamic Cache URI list. In other words, if a URI matches this list, it is ineligible for caching, even if it also matches the Dynamic Cache URI list.
    Previous
    Next

    Configuring caching rules

    Using caching features

    The system RAM cache can store HTTP content and serve subsequent HTTP requests for that content without forwarding the requests to the backend servers, thereby reducing the load on the backend servers.

    You can configure basic static caching or dynamic caching rules.

    Static caching

    Static caching feature illustrates the static caching feature.

    Static caching feature

    Before content is cached After content has been cached
    1. FortiADC receives the request from Client A and checks to see if it has a cached copy of the content.
    2. If it does not, it forwards the request to a backend server.
    3. The server sends content in response, and FortiADC caches the content.
    4. FortiADC sends it to the client.
    1. FortiADC receives the request from Client B and checks to see if it has a cached copy of the content.
    2. It does, so it responds by sending the content to the client. The backend server is not contacted.

    In general, the RAM cache conforms with the cache requirements described in sections 13 and 14 in RFC 2616.

    If caching is enabled for the profile that is applied to traffic processing, the system evaluates HTTP responses to determine whether or not to cache the content. HTTP responses with status codes 200, 203, 300, 301, 400 can be cached.

    The following content is not cached:

    • A response for a request that uses any method other than GET.
    • A response for a request of which URI is contained in URI Exclude List or Dynamic Request URI Invalid list.
    • A response for a request that contains any of the following headers: If-Match, If-Unmodified-Since, Authorization, Proxy-Authorization.
    • A response that contains any of the following headers: Pragma, Vary, Set-Cookie, and Set-Cookie2.
    • A response that does not include the Content-Length header. The Content-Length header must be 0.
    • A response that does not contain the following headers: Cache-Control, Expires.
    • A response with a Cache-Control header that does not have any of the following values: public, max-age, s-maxage.
    • A response with a Cache-Control header that has one of the following values: no-cache, no-store, private.

    In addition, content is not cached if the user-configured RAM cache thresholds described below are exceeded.

    Dynamic caching

    Dynamic caching is subject to rules you configure. In the Dynamic Caching Rules List, content that matches "caching invalid" URIs is never cached; otherwise, content that matches the Dynamic Cache Rule List of URIs is cached for the period you specify.

    Dynamic caching is useful for dynamic web app experiences, such as online stores. For example, suppose a site uses a shopping cart. The URL to list items in the shopping cart is as follows:

    http://customshop.com/cart/list

    The URLs to add or delete items in the cart is as follows:

    http://customshop.com/cart/add

    http://customshop.com/cart/delete

    In this case, you never want to cache the added or deleted pages because the old content will be "invalidated" by the changes you make. You may want, however, to cache the list page, but only for the period of time that you specify. The dynamic "invalid" rules makes it possible for you to never cache added and deleted pages, whereas the Dynamic Cache Rule List allows you to cache the list page for a specified period of time.

    Another case where dynamic caching is useful is when content on a page is dynamic. For example, suppose an online ticket vendor has the following URL that shows how many tickets remain available for an event: http://customshop.com/tickets/get_remains. The number of tickets available is updated by a backend database. In this case, you might want to invalidate caching the URL or give it a small age out time.

    Configuring caching rules

    Before you begin:

    • You must have a good understanding of caching and knowledge about the size of content objects clients access on the backend servers.
    • You must have deep and detailed knowledge of your website URIs if you want to create dynamic caching rules.
    • You must have Read-Write permission for Load Balance settings.

    Caching is not enabled by default. After you have configured caching, you can select it in the profile configuration. To enable caching, select the profile when you configure the virtual server.

    To configure caching:
    1. Click Server Load Balance > Application Optimization.
    2. Click the Caching tab.
    3. Click Create New to display the Caching configuration editor.
    4. Complete the configuration as described in Caching configuration.
    5. Save the configuration.

    Caching configuration
    Settings Guidelines

    Name

    Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the profile configuration.

    Note: After you initially save the configuration, you cannot edit the name.

    Maximum Object Size

    The default is 1 MB. The valid range is 1 byte to 10 MB.

    Maximum Cache Size

    The default is 100 MB. The valid range is 1 byte to 500 MB.

    Maximum Entries

    The default is 10,000. The valid range is 1 to 262,144.

    Maximum Age

    The default is 43,200 seconds. The valid range is 60 to 86,400.

    The backend real server response header also includes a maximum age value. The FortiADC system enforces whichever value is smaller.

    URI Exclude List

    URI

    Specify URIs to build the list. You can use regular expressions.

    This list has precedence over the Dynamic Cache Rule List. In other words, if a URI matches this list, it is ineligible for caching, even if it also matches the Dynamic Cache Rule list.
    Dynamic Cache Rule List
    ID Enter a unique ID. Valid values range from 1 to 1023.
    Age Timeout for the dynamic cache entry. The default is 60 seconds. The valid range is 1-86,400. This age applies instead of any age value in the backend server response header.
    URI

    Pattern to match the URIs that have content you want cached and served by FortiADC.

    Be careful with matching patterns and the order rules in the list. Rules are consulted from lowest rule ID to highest. The first rule that matches is applied.
    Invalid URI

    Pattern to match URIs that trigger cache invalidation.

    Be careful with matching patterns and the order rules in the list. Rules are consulted from lowest rule ID to highest. The first rule that matches is applied.

    This list has precence over the Dynamic Cache URI list. In other words, if a URI matches this list, it is ineligible for caching, even if it also matches the Dynamic Cache URI list.
    Previous
    Next