Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

web-proxy profile

Use this command to configure web proxy profiles that control how the web proxy functions and handles web traffic.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set header-x-authenticated-user {pass | add | remove}

set header-x-authenticated-groups {pass | add | remove}

set log-header-change {enable | disable}

Action to take regarding the authenticated user's name in the header information for upstream proxies. This option can be used when a FortiGate is operating as an explicit proxy and authenticating users.

Pass, add, or remove the user and/or group HTTP header, and enable or disable the logging of HTTP header changes.

config web-proxy profile
    edit {name}
    # Configure web proxy profiles.
        set name {string}   Profile name. size[63]
        set header-client-ip {pass | add | remove}   Action to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-via-request {pass | add | remove}   Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-via-response {pass | add | remove}   Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-x-forwarded-for {pass | add | remove}   Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-front-end-https {pass | add | remove}   Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-x-authenticated-user {pass | add | remove}   Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-x-authenticated-groups {pass | add | remove}   Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set strip-encoding {enable | disable}   Enable/disable stripping unsupported encoding from the request header.
        set log-header-change {enable | disable}   Enable/disable logging HTTP header changes.
        config headers
            edit {id}
            # Configure HTTP forwarded requests headers.
                set id {integer}   HTTP forwarded header id. range[0-4294967295]
                set name {string}   HTTP forwarded header name. size[79]
                set action {add-to-request | add-to-response | remove-from-request | remove-from-response}   Action when HTTP the header forwarded.
                        add-to-request        Add the HTTP header to request.
                        add-to-response       Add the HTTP header to response.
                        remove-from-request   Remove the HTTP header from request.
                        remove-from-response  Remove the HTTP header from response.
                set content {string}   HTTP header's content. size[255]
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

header-client-ip {pass | add | remove}

Action to take on client IP in forwarded requests header. Set the action to one of the following:

  • pass: Forwards the same HTTP header.
  • add: Adds the HTTP header.
  • remove: Removes the HTTP header.

The default is set to pass.

header-via-request {pass | add | remove}

Action to take on via-request header in forwarded requests. The default is set to pass.

header-via-response {pass | add | remove}

Action to take on via-response header in forwarded requests. The default is set to pass.

header-x-forwarded-for {pass | add | remove}

Action to take on X-Forwarded-For (XFF) header in forwarded requests. The default is set to pass. XFF is a common non-standard request field, used to identify originating IP addresses of clients, and is also an email-header indicating that an email was forwarded from one or more accounts.

header-front-end-https {pass | add | remove}

Action to take on Front-End-Https header in forwarded requests. The default is set to pass. The Front-End-Https header is used for communication between front-end and back-end servers for SSL and formulating URLs using HTTPS instead of HTTP.

strip-encoding {enable | disable}

Enable or disable (by default) stripping of unsupported encoding in request header.

config headers

Use this configuration method to define HTTP forwarded requests headers for action.

name <name>

HTTP forwarded header name.

action <action>

Action to take when HTTP header is forwarded:

  • add-to-request: Add HTTP header to request (set by default).
  • add-to-response: Add HTTP header to response.
  • remove-from-request: Remove HTTP header from request.
  • remove-from-response: Remove HTTP header from response.

content <content>

Enter the HTTP header content.

web-proxy profile

Use this command to configure web proxy profiles that control how the web proxy functions and handles web traffic.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set header-x-authenticated-user {pass | add | remove}

set header-x-authenticated-groups {pass | add | remove}

set log-header-change {enable | disable}

Action to take regarding the authenticated user's name in the header information for upstream proxies. This option can be used when a FortiGate is operating as an explicit proxy and authenticating users.

Pass, add, or remove the user and/or group HTTP header, and enable or disable the logging of HTTP header changes.

config web-proxy profile
    edit {name}
    # Configure web proxy profiles.
        set name {string}   Profile name. size[63]
        set header-client-ip {pass | add | remove}   Action to take on the HTTP client-IP header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-via-request {pass | add | remove}   Action to take on the HTTP via header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-via-response {pass | add | remove}   Action to take on the HTTP via header in forwarded responses: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-x-forwarded-for {pass | add | remove}   Action to take on the HTTP x-forwarded-for header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-front-end-https {pass | add | remove}   Action to take on the HTTP front-end-HTTPS header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-x-authenticated-user {pass | add | remove}   Action to take on the HTTP x-authenticated-user header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set header-x-authenticated-groups {pass | add | remove}   Action to take on the HTTP x-authenticated-groups header in forwarded requests: forwards (pass), adds, or removes the HTTP header.
                pass    Forward the same HTTP header.
                add     Add the HTTP header.
                remove  Remove the HTTP header.
        set strip-encoding {enable | disable}   Enable/disable stripping unsupported encoding from the request header.
        set log-header-change {enable | disable}   Enable/disable logging HTTP header changes.
        config headers
            edit {id}
            # Configure HTTP forwarded requests headers.
                set id {integer}   HTTP forwarded header id. range[0-4294967295]
                set name {string}   HTTP forwarded header name. size[79]
                set action {add-to-request | add-to-response | remove-from-request | remove-from-response}   Action when HTTP the header forwarded.
                        add-to-request        Add the HTTP header to request.
                        add-to-response       Add the HTTP header to response.
                        remove-from-request   Remove the HTTP header from request.
                        remove-from-response  Remove the HTTP header from response.
                set content {string}   HTTP header's content. size[255]
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

header-client-ip {pass | add | remove}

Action to take on client IP in forwarded requests header. Set the action to one of the following:

  • pass: Forwards the same HTTP header.
  • add: Adds the HTTP header.
  • remove: Removes the HTTP header.

The default is set to pass.

header-via-request {pass | add | remove}

Action to take on via-request header in forwarded requests. The default is set to pass.

header-via-response {pass | add | remove}

Action to take on via-response header in forwarded requests. The default is set to pass.

header-x-forwarded-for {pass | add | remove}

Action to take on X-Forwarded-For (XFF) header in forwarded requests. The default is set to pass. XFF is a common non-standard request field, used to identify originating IP addresses of clients, and is also an email-header indicating that an email was forwarded from one or more accounts.

header-front-end-https {pass | add | remove}

Action to take on Front-End-Https header in forwarded requests. The default is set to pass. The Front-End-Https header is used for communication between front-end and back-end servers for SSL and formulating URLs using HTTPS instead of HTTP.

strip-encoding {enable | disable}

Enable or disable (by default) stripping of unsupported encoding in request header.

config headers

Use this configuration method to define HTTP forwarded requests headers for action.

name <name>

HTTP forwarded header name.

action <action>

Action to take when HTTP header is forwarded:

  • add-to-request: Add HTTP header to request (set by default).
  • add-to-response: Add HTTP header to response.
  • remove-from-request: Remove HTTP header from request.
  • remove-from-response: Remove HTTP header from response.

content <content>

Enter the HTTP header content.