Fortinet black logo

CLI Reference

webfilter urlfilter

Configure URL filter lists.

  config webfilter urlfilter
      Description: Configure URL filter lists.
      edit <id>
          set name {string}
          set comment {var-string}
          set one-arm-ips-urlfilter [enable|disable]
          set ip-addr-block [enable|disable]
          config entries
              Description: URL filter entries.
              edit <id>
                  set url {string}
                  set type [simple|regex|...]
                  set action [exempt|block|...]
                  set status [enable|disable]
                  set exempt {option1}, {option2}, ...
                  set web-proxy-profile {string}
                  set referrer-host {string}
                  set dns-address-family [ipv4|ipv6|...]
              next
          end
      next
  end

config webfilter urlfilter

Parameter Name Description Type Size
name Name of URL filter list. string Maximum length: 63
comment Optional comments. var-string Maximum length: 255
one-arm-ips-urlfilter Enable/disable DNS resolver for one-arm IPS URL filter operation.
enable: Enable DNS resolver for one-arm IPS URL filter operation.
disable: Disable DNS resolver for one-arm IPS URL filter operation.
option -
ip-addr-block Enable/disable blocking URLs when the hostname appears as an IP address.
enable: Enable blocking URLs when the hostname appears as an IP address.
disable: Disable blocking URLs when the hostname appears as an IP address.
option -

config entries

Parameter Name Description Type Size
url URL to be filtered. string Maximum length: 511
type Filter type (simple, regex, or wildcard).
simple: Simple URL string.
regex: Regular expression URL string.
wildcard: Wildcard URL string.
option -
action Action to take for URL filter matches.
exempt: Exempt matches.
block: Block matches.
allow: Allow matches (no log).
monitor: Allow matches (with log).
option -
status Enable/disable this URL filter.
enable: Enable this URL filter.
disable: Disable this URL filter.
option -
exempt If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.
av: AntiVirus scanning.
web-content: Web filter content matching.
activex-java-cookie: ActiveX, Java, and cookie filtering.
dlp: DLP scanning.
fortiguard: FortiGuard web filtering.
range-block: Range block feature.
pass: Pass single connection from all.
all: Exempt from all security profiles.
option -
web-proxy-profile Web proxy profile. string Maximum length: 63
referrer-host Referrer host name. string Maximum length: 255
dns-address-family Resolve IPv4 address, IPv6 address, or both from DNS server.
ipv4: Resolve IPv4 address from DNS server.
ipv6: Resolve IPv6 address from DNS server.
both: Resolve both IPv4 and IPv6 addresses from DNS server.
option -

Configure URL filter lists.

  config webfilter urlfilter
      Description: Configure URL filter lists.
      edit <id>
          set name {string}
          set comment {var-string}
          set one-arm-ips-urlfilter [enable|disable]
          set ip-addr-block [enable|disable]
          config entries
              Description: URL filter entries.
              edit <id>
                  set url {string}
                  set type [simple|regex|...]
                  set action [exempt|block|...]
                  set status [enable|disable]
                  set exempt {option1}, {option2}, ...
                  set web-proxy-profile {string}
                  set referrer-host {string}
                  set dns-address-family [ipv4|ipv6|...]
              next
          end
      next
  end

config webfilter urlfilter

Parameter Name Description Type Size
name Name of URL filter list. string Maximum length: 63
comment Optional comments. var-string Maximum length: 255
one-arm-ips-urlfilter Enable/disable DNS resolver for one-arm IPS URL filter operation.
enable: Enable DNS resolver for one-arm IPS URL filter operation.
disable: Disable DNS resolver for one-arm IPS URL filter operation.
option -
ip-addr-block Enable/disable blocking URLs when the hostname appears as an IP address.
enable: Enable blocking URLs when the hostname appears as an IP address.
disable: Disable blocking URLs when the hostname appears as an IP address.
option -

config entries

Parameter Name Description Type Size
url URL to be filtered. string Maximum length: 511
type Filter type (simple, regex, or wildcard).
simple: Simple URL string.
regex: Regular expression URL string.
wildcard: Wildcard URL string.
option -
action Action to take for URL filter matches.
exempt: Exempt matches.
block: Block matches.
allow: Allow matches (no log).
monitor: Allow matches (with log).
option -
status Enable/disable this URL filter.
enable: Enable this URL filter.
disable: Disable this URL filter.
option -
exempt If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.
av: AntiVirus scanning.
web-content: Web filter content matching.
activex-java-cookie: ActiveX, Java, and cookie filtering.
dlp: DLP scanning.
fortiguard: FortiGuard web filtering.
range-block: Range block feature.
pass: Pass single connection from all.
all: Exempt from all security profiles.
option -
web-proxy-profile Web proxy profile. string Maximum length: 63
referrer-host Referrer host name. string Maximum length: 255
dns-address-family Resolve IPv4 address, IPv6 address, or both from DNS server.
ipv4: Resolve IPv4 address from DNS server.
ipv6: Resolve IPv6 address from DNS server.
both: Resolve both IPv4 and IPv6 addresses from DNS server.
option -