Fortinet black logo

CLI Reference

wanopt webcache

wanopt webcache

Use this command to change how the WAN optimization web-cache operates. In most cases the default settings are acceptable, however you may wish to change them to improve performance or optimize the cache for your specific configuration.

config wanopt webcache
    set max-object-size {integer}   Maximum cacheable object size in kB (1 - 2147483 kb (2GB). All objects that exceed this are delivered to the client but not stored in the web cache. range[1-2147483]
    set neg-resp-time {integer}   Time in minutes to cache negative responses or errors (0 - 4294967295, default = 0  which means negative responses are not cached). range[0-4294967295]
    set fresh-factor {integer}   Frequency that the server is checked to see if any objects have expired (1 - 100, default = 100). The higher the fresh factor, the less often the checks occur. range[1-100]
    set max-ttl {integer}   Maximum time an object can stay in the web cache without checking to see if it has expired on the server (default = 7200 min (5 days); maximum = 5256000 min (10 years)). range[1-5256000]
    set min-ttl {integer}   Minimum time an object can stay in the web cache without checking to see if it has expired on the server (default = 5 min; maximum = 5256000 (10 years)). range[1-5256000]
    set default-ttl {integer}   Default object expiry time (default = 1440 min (1 day); maximum = 5256000 min (10 years)). This only applies to those objects that do not have an expiry time set by the web server. range[1-5256000]
    set ignore-ims {enable | disable}   Enable/disable ignoring the if-modified-since (IMS) header.
    set ignore-conditional {enable | disable}   Enable/disable controlling the behavior of cache-control HTTP 1.1 header values.
    set ignore-pnc {enable | disable}   Enable/disable ignoring the pragma no-cache (PNC) header.
    set ignore-ie-reload {enable | disable}   Enable/disable ignoring the PNC-interpretation of Internet Explorer's Accept: / header.
    set cache-expired {enable | disable}   Enable/disable caching type-1 objects that are already expired on arrival.
    set cache-cookie {enable | disable}   Enable/disable caching cookies. Since cookies contain information for or about individual users, they not usually cached.
    set reval-pnc {enable | disable}   Enable/disable revalidation of pragma-no-cache (PNC) to address bandwidth concerns.
    set always-revalidate {enable | disable}   Enable/disable revalidation of requested cached objects, which have content on the server, before serving it to the client.
    set cache-by-default {enable | disable}   Enable/disable caching content that lacks explicit caching policies from the server.
    set host-validate {enable | disable}   Enable/disable validating "Host:" with original server IP.
    set external {enable | disable}   Enable/disable external Web caching.
end

Additional information

The following section is for those options that require additional explanation.

max-object-size <kb>

Maximum cacheable object size in kB. All objects retrieved that are larger than the maximum size are delivered to the client but are not stored in the web cache. Set value between 1-2147483 (or 1kB to just over 2GB). The default value is set to 512000 (or 512MB).

neg-resp-time <minutes>

Period of time in minutes to cache negative responses. The default value is set to 0, meaning no negative responses will be cached.

fresh-factor <percentage>

The fresh factor as a percentage. For cached objects that don’t have an expiry time, the web cache periodically checks the server to see if any objects have expired. The higher the fresh factor, the less often the checks occur. Set the value between 0-100. The default value is set to 100.

max-ttl

Maximum time-to-live period in minutes an object can stay in the web cache without checking to see if it has expired on the server. Set the value between 1-5256000. The default value is set to 7200 (or five days).

min-ttl

Minimum time-to-live period in minutes an object can stay in the web cache without checking to see if it has expired on the server. Set the value between 1-5256000. The default value is set to 5.

default-ttl

The default period of time in minutes before an object expires. This only applies to those objects that do not already have an expiry time set by the web server. Set the value between 1-5256000. The default value is set to 1440 (or one day).

ignore-ims {enable | disable}

Enable or disable (by default) the if-modified-since (IMS) header to be ignored. If the time specified by the IMS header in the client's conditional request is greater than the last modified time of the object in the cache, it is likely that the copy in the cache is stale. If so, HTTP does a conditional GET to the Overlay Caching Scheme (OCS), based on the last modified time of the cached object. Enabling ignore-ims overrides this behaviour.

ignore-conditional {enable | disable}

Enable or disable (by default) controlling the behaviour of cache-control header values. HTTP 1.1 provides additional controls to the client over the behaviour of caches concerning the staleness of the object. Depending on various Cache-Control headers, the FortiGate can be forced to consult the OCS before serving the object from the cache. For more information about the behaviour of cache-control header values, see RFC 2616.

ignore-pnc {enable | disable}

Enable or disable (by default) the pragma no-cache (PNC) header to be ignored. Typically, if a client sends an HTTP GET request with a PNC header, a cache must consult the OCS before serving the content. This means the FortiGate always re-fetches the entire object from the OCS, even if the cached copy of the object is fresh. Because of this, PNC requests can degrade performance and increase server-side bandwidth. Enabling ignore-pnc ignores the PNC header from the client request.

ignore-ie-reload {enable | disable}

Enable (by default) or disable the FortiGate to ignore the PNC interpretation of Internet Explorer's Accept: / header. Some versions of Internet Explorer issue Accept: / headers instead of PNC headers when you select Refresh. When an Accept header has only the / value, the FortiGate unit treats it as a PNC header if it is a type-N object. Enabling ignore-ie-reload ignores this interpretation.

cache-expired {enable | disable}

Enable or disable (by default) caching of type-1 objects that are already expired upon acquisition. When this setting is enabled, type-1 objects that are already expired at the time of acquisition are cached (if all other conditions make the object cachable). If disabled, expired type-1 objects are considered non-cachable.

cache-cookie {enable | disable}

Enable or disable (by default) the caching of cookies. Typically, it is best to not perform cookie caching, as HTTP responses with cookies contain specific user data.

reval-pnc {enable | disable}

Enable or disable (by default) PNC revalidation to address bandwidth concerns. The PNC header in a client's request can affect the efficiency of the FortiGate unit from a bandwidth gain perspective. If you do not want to completely ignore PNC in client requests (such as when using the ignore-pnc entry shown above), you can lower the impact of the PNC by enabling reval-pnc.

always-revalidate {enable | disable}

Enable or disable (by default) the revalidation of requested cached objects, which have content on the server, before serving it to the client.

cache-by-default {enable | disable}

Enable or disable (by default) the caching of content that lack explicit caching policies from the server.

host-validate {enable | disable}

Enable or disable (by default) the validation of Host: header with original server IP.

external {enable | disable}

Enable or disable (by default) external cache.

wanopt webcache

Use this command to change how the WAN optimization web-cache operates. In most cases the default settings are acceptable, however you may wish to change them to improve performance or optimize the cache for your specific configuration.

config wanopt webcache
    set max-object-size {integer}   Maximum cacheable object size in kB (1 - 2147483 kb (2GB). All objects that exceed this are delivered to the client but not stored in the web cache. range[1-2147483]
    set neg-resp-time {integer}   Time in minutes to cache negative responses or errors (0 - 4294967295, default = 0  which means negative responses are not cached). range[0-4294967295]
    set fresh-factor {integer}   Frequency that the server is checked to see if any objects have expired (1 - 100, default = 100). The higher the fresh factor, the less often the checks occur. range[1-100]
    set max-ttl {integer}   Maximum time an object can stay in the web cache without checking to see if it has expired on the server (default = 7200 min (5 days); maximum = 5256000 min (10 years)). range[1-5256000]
    set min-ttl {integer}   Minimum time an object can stay in the web cache without checking to see if it has expired on the server (default = 5 min; maximum = 5256000 (10 years)). range[1-5256000]
    set default-ttl {integer}   Default object expiry time (default = 1440 min (1 day); maximum = 5256000 min (10 years)). This only applies to those objects that do not have an expiry time set by the web server. range[1-5256000]
    set ignore-ims {enable | disable}   Enable/disable ignoring the if-modified-since (IMS) header.
    set ignore-conditional {enable | disable}   Enable/disable controlling the behavior of cache-control HTTP 1.1 header values.
    set ignore-pnc {enable | disable}   Enable/disable ignoring the pragma no-cache (PNC) header.
    set ignore-ie-reload {enable | disable}   Enable/disable ignoring the PNC-interpretation of Internet Explorer's Accept: / header.
    set cache-expired {enable | disable}   Enable/disable caching type-1 objects that are already expired on arrival.
    set cache-cookie {enable | disable}   Enable/disable caching cookies. Since cookies contain information for or about individual users, they not usually cached.
    set reval-pnc {enable | disable}   Enable/disable revalidation of pragma-no-cache (PNC) to address bandwidth concerns.
    set always-revalidate {enable | disable}   Enable/disable revalidation of requested cached objects, which have content on the server, before serving it to the client.
    set cache-by-default {enable | disable}   Enable/disable caching content that lacks explicit caching policies from the server.
    set host-validate {enable | disable}   Enable/disable validating "Host:" with original server IP.
    set external {enable | disable}   Enable/disable external Web caching.
end

Additional information

The following section is for those options that require additional explanation.

max-object-size <kb>

Maximum cacheable object size in kB. All objects retrieved that are larger than the maximum size are delivered to the client but are not stored in the web cache. Set value between 1-2147483 (or 1kB to just over 2GB). The default value is set to 512000 (or 512MB).

neg-resp-time <minutes>

Period of time in minutes to cache negative responses. The default value is set to 0, meaning no negative responses will be cached.

fresh-factor <percentage>

The fresh factor as a percentage. For cached objects that don’t have an expiry time, the web cache periodically checks the server to see if any objects have expired. The higher the fresh factor, the less often the checks occur. Set the value between 0-100. The default value is set to 100.

max-ttl

Maximum time-to-live period in minutes an object can stay in the web cache without checking to see if it has expired on the server. Set the value between 1-5256000. The default value is set to 7200 (or five days).

min-ttl

Minimum time-to-live period in minutes an object can stay in the web cache without checking to see if it has expired on the server. Set the value between 1-5256000. The default value is set to 5.

default-ttl

The default period of time in minutes before an object expires. This only applies to those objects that do not already have an expiry time set by the web server. Set the value between 1-5256000. The default value is set to 1440 (or one day).

ignore-ims {enable | disable}

Enable or disable (by default) the if-modified-since (IMS) header to be ignored. If the time specified by the IMS header in the client's conditional request is greater than the last modified time of the object in the cache, it is likely that the copy in the cache is stale. If so, HTTP does a conditional GET to the Overlay Caching Scheme (OCS), based on the last modified time of the cached object. Enabling ignore-ims overrides this behaviour.

ignore-conditional {enable | disable}

Enable or disable (by default) controlling the behaviour of cache-control header values. HTTP 1.1 provides additional controls to the client over the behaviour of caches concerning the staleness of the object. Depending on various Cache-Control headers, the FortiGate can be forced to consult the OCS before serving the object from the cache. For more information about the behaviour of cache-control header values, see RFC 2616.

ignore-pnc {enable | disable}

Enable or disable (by default) the pragma no-cache (PNC) header to be ignored. Typically, if a client sends an HTTP GET request with a PNC header, a cache must consult the OCS before serving the content. This means the FortiGate always re-fetches the entire object from the OCS, even if the cached copy of the object is fresh. Because of this, PNC requests can degrade performance and increase server-side bandwidth. Enabling ignore-pnc ignores the PNC header from the client request.

ignore-ie-reload {enable | disable}

Enable (by default) or disable the FortiGate to ignore the PNC interpretation of Internet Explorer's Accept: / header. Some versions of Internet Explorer issue Accept: / headers instead of PNC headers when you select Refresh. When an Accept header has only the / value, the FortiGate unit treats it as a PNC header if it is a type-N object. Enabling ignore-ie-reload ignores this interpretation.

cache-expired {enable | disable}

Enable or disable (by default) caching of type-1 objects that are already expired upon acquisition. When this setting is enabled, type-1 objects that are already expired at the time of acquisition are cached (if all other conditions make the object cachable). If disabled, expired type-1 objects are considered non-cachable.

cache-cookie {enable | disable}

Enable or disable (by default) the caching of cookies. Typically, it is best to not perform cookie caching, as HTTP responses with cookies contain specific user data.

reval-pnc {enable | disable}

Enable or disable (by default) PNC revalidation to address bandwidth concerns. The PNC header in a client's request can affect the efficiency of the FortiGate unit from a bandwidth gain perspective. If you do not want to completely ignore PNC in client requests (such as when using the ignore-pnc entry shown above), you can lower the impact of the PNC by enabling reval-pnc.

always-revalidate {enable | disable}

Enable or disable (by default) the revalidation of requested cached objects, which have content on the server, before serving it to the client.

cache-by-default {enable | disable}

Enable or disable (by default) the caching of content that lack explicit caching policies from the server.

host-validate {enable | disable}

Enable or disable (by default) the validation of Host: header with original server IP.

external {enable | disable}

Enable or disable (by default) external cache.