Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.2.5 Handbook
    7.2.5
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Predefined scripts

    Predefined scripts

    Predefined scripts provides the syntax, usage, and examples of the predefined commands that are useful for writing scripts.

    Predefined scripts
    Predefined script Description
    INSERT_RANDOM_MESSAGE_ID_DEMO

    Inserts a 32-bit hex string into the HTTP header with a parameter "Message-ID".

    Note: You can use the script directly, without making any changes.

    GENERAL_REDIRECT_DEMO FortiADC redirects HTTP requests to a set location.
    USE_REQUEST_HEADERS_in_OTHER_EVENTS FortiADC uses a session ID to obtain data from that session.
    COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO FortiADC tries to find the client IP address in an internal list and returns the result.
    HTTP_2_HTTPS_REDIRECTION_FULL_URL FortiADC redirects an HTTP request.
    REWRITE_HTTP_2_HTTPS_in_LOCATION FortiADC changes an HTTP location given in an HTTP response with an HTTPS location.
    REWRITE_HTTPS_2_HTTP_in_LOCATION FortiADC changes an HTTPS location given in an HTTP response with an HTTP location.
    REWRITE_HTTP_2_HTTPS_in_REFERER FortiADC changes a HTTP referer given in an HTTP response with an HTTPS referer.
    REWRITE_HTTPS_2_HTTP_in_REFERER FortiADC changes a HTTPS referer given in an HTTP response with an HTTP referer.
    HTTP_DATA_FETCH_SET_DEMO FortiADC reads the body of every HTTP request, and can manipulate the data depending on settings.
    HTTP_DATA_FIND_REMOVE_REPLACE_DEMO FortiADC reads the body of every HTTP request and will find and replace data in the body.
    MULTIPLE_SCRIPT_CONTROL_DEMO_1 When multiple scripts are running, this will determine the priority of each script.
    MULTIPLE_SCRIPT_CONTROL_DEMO_2 When multiple scripts are running, this will determine the priority of each script.
    HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server.
    AES_DIGEST_SIGN_2F_COMMANDS Demonstrates how to use AES to encryption/decryption data and some tools to generate the digest.
    AUTH_COOKIE_BAKE Allows you to retrieve the baked cookie and edit the cookie content.
    AUTH_EVENTS_n_COMMANDS Used to get the information from authentication process.
    CLASS_SEARCH_n_MATCH Demonstrates how to use the class_match and class_search utility function.
    CONTENT_ROUTING_by_URI Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.
    CONTENT_ROUTING_by_X_FORWARDED_FOR Routes to a pool member based on IP address in the X-Forwarded-For header. You should not use this script as is. Instead, copy it and customize the X-Fowarded-For header values and pool member names.
    COOKIE_COMMANDS Demonstrate the cookie command to get the whole cookie in a table and how to remove/insert/set the cookie attribute.
    COOKIE_COMMANDS_USAGE Demonstrate the sub-function to handle the cookie attribute "SameSite" and others.
    COOKIE_CRYPTO_COMMANDS Used to perform cookie encryption/decryption on behalf of the real server.
    CUSTOMIZE_AUTH_KEY Demonstrate how to customize the crypto key for authentication cookie.
    GEOIP_UTILITY Used to fetch the GEO information country and possible province name of an IP address.
    HTTP_2_HTTPS_REDIRECTION Redirects requests to the HTTPS site. You can use this script without changes
    HTTP_DATA_FETCH_SET_DEMO "Collects data in HTTP request body or HTTP response body. In HTTP_REQUEST or HTTP_RESPONSE, you could collect specified size data with “size” in collect().In HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE. You could print the data use “content”, calculate data length with “size”, and rewrite the data with “set”. Note: Do NOT use this script ""as is"". Instead, copy it and manipulate the collected data."
    IP_COMMANDS Used to get various types IP Address and port number between client and server side.
    MANAGEMENT_COMMANDS Allow you to disable/enable rest of the events from executing.
    OPTIONAL_CLIENT_AUTHENTICATION

    Performs optional client authentication.

    Note: Before using this script, you must have the following four parameters configured in the client-ssl-profile:

    • client-certificate-verify—Set to the verify you'd like to use to verify the client certificate.
    • client-certificate-verify-option—Set to optional
    • ssl-session-cache-flag—Disable.
    • use-tls-tickets—Disable. "
    REDIRECTION_by_STATUS_CODE Redirects requests based on the status code of server HTTP response (for example, a redirect to the mobile version of a site). Do NOT use this script "as is". Instead, copy it and customize the condition in the server HTTP response status code and the URL values.
    REDIRECTION_by_USER_AGENT Redirects requests based on User Agent (for example, a redirect to the mobile version of a site). You should not use this script as is. Instead, copy it and customize the User Agent and URL values
    REWRITE_HOST_n_PATH Rewrites the host and path in the HTTP request, for example, if the site is reorganized. You should not use this script as is. Instead, copy
    SNAT_COMMANDS

    Allows you to overwrite client source address to a specific IP for certain clients, also support IPv4toIPv6 or IPv6toIPv4 type.

    Note: Make sure the flag SOURCE ADDRESS is selected in the HTTP or HTTPS type of profile.

    SOCKOPT_COMMAND_USAGE Allows user to customize the TCP_send buffer and TCP_receive buffer size.
    SPECIAL_CHARACTERS_HANDLING_DEMO Shows how to use those "magic characters" which have special meanings when used in a certain pattern. The magic characters are ( ) . % + - * ? [ ] ^ $
    SSL_EVENTS_n_COMMANDS Demonstrate how to fetch the SSL certificate information and some of the SSL connection parameters between server and client side.
    TCP_EVENTS_n_COMMANDS Demonstrate how to reject a TCP connection from a client in TCP_ACCEPTED event.
    URL_UTILITY_COMMANDS Demonstrate how to use those url tools to encode/decode/parser/compare .
    UTILITY_FUNCTIONS_DEMO Demonstrates how to use the basic string operations and random number/alphabet, time, MD5, SHA1, SHA2, BASE64, BASE32, table to string conversion, network to host conversion utility function.
    Previous
    Next

    Predefined scripts

    Predefined scripts

    Predefined scripts provides the syntax, usage, and examples of the predefined commands that are useful for writing scripts.

    Predefined scripts
    Predefined script Description
    INSERT_RANDOM_MESSAGE_ID_DEMO

    Inserts a 32-bit hex string into the HTTP header with a parameter "Message-ID".

    Note: You can use the script directly, without making any changes.

    GENERAL_REDIRECT_DEMO FortiADC redirects HTTP requests to a set location.
    USE_REQUEST_HEADERS_in_OTHER_EVENTS FortiADC uses a session ID to obtain data from that session.
    COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO FortiADC tries to find the client IP address in an internal list and returns the result.
    HTTP_2_HTTPS_REDIRECTION_FULL_URL FortiADC redirects an HTTP request.
    REWRITE_HTTP_2_HTTPS_in_LOCATION FortiADC changes an HTTP location given in an HTTP response with an HTTPS location.
    REWRITE_HTTPS_2_HTTP_in_LOCATION FortiADC changes an HTTPS location given in an HTTP response with an HTTP location.
    REWRITE_HTTP_2_HTTPS_in_REFERER FortiADC changes a HTTP referer given in an HTTP response with an HTTPS referer.
    REWRITE_HTTPS_2_HTTP_in_REFERER FortiADC changes a HTTPS referer given in an HTTP response with an HTTP referer.
    HTTP_DATA_FETCH_SET_DEMO FortiADC reads the body of every HTTP request, and can manipulate the data depending on settings.
    HTTP_DATA_FIND_REMOVE_REPLACE_DEMO FortiADC reads the body of every HTTP request and will find and replace data in the body.
    MULTIPLE_SCRIPT_CONTROL_DEMO_1 When multiple scripts are running, this will determine the priority of each script.
    MULTIPLE_SCRIPT_CONTROL_DEMO_2 When multiple scripts are running, this will determine the priority of each script.
    HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server.
    AES_DIGEST_SIGN_2F_COMMANDS Demonstrates how to use AES to encryption/decryption data and some tools to generate the digest.
    AUTH_COOKIE_BAKE Allows you to retrieve the baked cookie and edit the cookie content.
    AUTH_EVENTS_n_COMMANDS Used to get the information from authentication process.
    CLASS_SEARCH_n_MATCH Demonstrates how to use the class_match and class_search utility function.
    CONTENT_ROUTING_by_URI Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.
    CONTENT_ROUTING_by_X_FORWARDED_FOR Routes to a pool member based on IP address in the X-Forwarded-For header. You should not use this script as is. Instead, copy it and customize the X-Fowarded-For header values and pool member names.
    COOKIE_COMMANDS Demonstrate the cookie command to get the whole cookie in a table and how to remove/insert/set the cookie attribute.
    COOKIE_COMMANDS_USAGE Demonstrate the sub-function to handle the cookie attribute "SameSite" and others.
    COOKIE_CRYPTO_COMMANDS Used to perform cookie encryption/decryption on behalf of the real server.
    CUSTOMIZE_AUTH_KEY Demonstrate how to customize the crypto key for authentication cookie.
    GEOIP_UTILITY Used to fetch the GEO information country and possible province name of an IP address.
    HTTP_2_HTTPS_REDIRECTION Redirects requests to the HTTPS site. You can use this script without changes
    HTTP_DATA_FETCH_SET_DEMO "Collects data in HTTP request body or HTTP response body. In HTTP_REQUEST or HTTP_RESPONSE, you could collect specified size data with “size” in collect().In HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE. You could print the data use “content”, calculate data length with “size”, and rewrite the data with “set”. Note: Do NOT use this script ""as is"". Instead, copy it and manipulate the collected data."
    IP_COMMANDS Used to get various types IP Address and port number between client and server side.
    MANAGEMENT_COMMANDS Allow you to disable/enable rest of the events from executing.
    OPTIONAL_CLIENT_AUTHENTICATION

    Performs optional client authentication.

    Note: Before using this script, you must have the following four parameters configured in the client-ssl-profile:

    • client-certificate-verify—Set to the verify you'd like to use to verify the client certificate.
    • client-certificate-verify-option—Set to optional
    • ssl-session-cache-flag—Disable.
    • use-tls-tickets—Disable. "
    REDIRECTION_by_STATUS_CODE Redirects requests based on the status code of server HTTP response (for example, a redirect to the mobile version of a site). Do NOT use this script "as is". Instead, copy it and customize the condition in the server HTTP response status code and the URL values.
    REDIRECTION_by_USER_AGENT Redirects requests based on User Agent (for example, a redirect to the mobile version of a site). You should not use this script as is. Instead, copy it and customize the User Agent and URL values
    REWRITE_HOST_n_PATH Rewrites the host and path in the HTTP request, for example, if the site is reorganized. You should not use this script as is. Instead, copy
    SNAT_COMMANDS

    Allows you to overwrite client source address to a specific IP for certain clients, also support IPv4toIPv6 or IPv6toIPv4 type.

    Note: Make sure the flag SOURCE ADDRESS is selected in the HTTP or HTTPS type of profile.

    SOCKOPT_COMMAND_USAGE Allows user to customize the TCP_send buffer and TCP_receive buffer size.
    SPECIAL_CHARACTERS_HANDLING_DEMO Shows how to use those "magic characters" which have special meanings when used in a certain pattern. The magic characters are ( ) . % + - * ? [ ] ^ $
    SSL_EVENTS_n_COMMANDS Demonstrate how to fetch the SSL certificate information and some of the SSL connection parameters between server and client side.
    TCP_EVENTS_n_COMMANDS Demonstrate how to reject a TCP connection from a client in TCP_ACCEPTED event.
    URL_UTILITY_COMMANDS Demonstrate how to use those url tools to encode/decode/parser/compare .
    UTILITY_FUNCTIONS_DEMO Demonstrates how to use the basic string operations and random number/alphabet, time, MD5, SHA1, SHA2, BASE64, BASE32, table to string conversion, network to host conversion utility function.
    Previous
    Next