Fortinet white logo
Fortinet white logo

CLI Reference

config webfilter urlfilter

config webfilter urlfilter

Configure URL filter lists.

config webfilter urlfilter
    Description: Configure URL filter lists.
    edit <id>
        set comment {var-string}
        config entries
            Description: URL filter entries.
            edit <id>
                set url {string}
                set type [simple|regex|...]
                set action [exempt|block|...]
                set antiphish-action [block|log]
                set status [enable|disable]
                set exempt {option1}, {option2}, ...
                set web-proxy-profile {string}
                set referrer-host {string}
                set dns-address-family [ipv4|ipv6|...]
            next
        end
        set ip-addr-block [enable|disable]
        set name {string}
        set one-arm-ips-urlfilter [enable|disable]
    next
end

config webfilter urlfilter

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Maximum length: 255

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip-addr-block

Enable/disable blocking URLs when the hostname appears as an IP address.

option

-

disable

Option

Description

enable

Enable blocking URLs when the hostname appears as an IP address.

disable

Disable blocking URLs when the hostname appears as an IP address.

name

Name of URL filter list.

string

Maximum length: 63

one-arm-ips-urlfilter

Enable/disable DNS resolver for one-arm IPS URL filter operation.

option

-

disable

Option

Description

enable

Enable DNS resolver for one-arm IPS URL filter operation.

disable

Disable DNS resolver for one-arm IPS URL filter operation.

config entries

Parameter

Description

Type

Size

Default

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

url

URL to be filtered.

string

Maximum length: 511

type

Filter type (simple, regex, or wildcard).

option

-

simple

Option

Description

simple

Simple URL string.

regex

Regular expression URL string.

wildcard

Wildcard URL string.

action

Action to take for URL filter matches.

option

-

exempt

Option

Description

exempt

Exempt matches.

block

Block matches.

allow

Allow matches (no log).

monitor

Allow matches (with log).

antiphish-action

Action to take for AntiPhishing matches.

option

-

block

Option

Description

block

Block matches.

log

Allow matches with log.

status

Enable/disable this URL filter.

option

-

enable

Option

Description

enable

Enable this URL filter.

disable

Disable this URL filter.

exempt

If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.

option

-

av web-content activex-java-cookie dlp fortiguard range-block antiphish all

Option

Description

av

AntiVirus scanning.

web-content

Web filter content matching.

activex-java-cookie

ActiveX, Java, and cookie filtering.

dlp

DLP scanning.

fortiguard

FortiGuard web filtering.

range-block

Range block feature.

pass

Pass single connection from all.

antiphish

AntiPhish credential checking.

all

Exempt from all security profiles.

web-proxy-profile

Web proxy profile.

string

Maximum length: 63

referrer-host

Referrer host name.

string

Maximum length: 255

dns-address-family

Resolve IPv4 address, IPv6 address, or both from DNS server.

option

-

ipv4

Option

Description

ipv4

Resolve IPv4 address from DNS server.

ipv6

Resolve IPv6 address from DNS server.

both

Resolve both IPv4 and IPv6 addresses from DNS server.

config webfilter urlfilter

config webfilter urlfilter

Configure URL filter lists.

config webfilter urlfilter
    Description: Configure URL filter lists.
    edit <id>
        set comment {var-string}
        config entries
            Description: URL filter entries.
            edit <id>
                set url {string}
                set type [simple|regex|...]
                set action [exempt|block|...]
                set antiphish-action [block|log]
                set status [enable|disable]
                set exempt {option1}, {option2}, ...
                set web-proxy-profile {string}
                set referrer-host {string}
                set dns-address-family [ipv4|ipv6|...]
            next
        end
        set ip-addr-block [enable|disable]
        set name {string}
        set one-arm-ips-urlfilter [enable|disable]
    next
end

config webfilter urlfilter

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Maximum length: 255

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip-addr-block

Enable/disable blocking URLs when the hostname appears as an IP address.

option

-

disable

Option

Description

enable

Enable blocking URLs when the hostname appears as an IP address.

disable

Disable blocking URLs when the hostname appears as an IP address.

name

Name of URL filter list.

string

Maximum length: 63

one-arm-ips-urlfilter

Enable/disable DNS resolver for one-arm IPS URL filter operation.

option

-

disable

Option

Description

enable

Enable DNS resolver for one-arm IPS URL filter operation.

disable

Disable DNS resolver for one-arm IPS URL filter operation.

config entries

Parameter

Description

Type

Size

Default

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

url

URL to be filtered.

string

Maximum length: 511

type

Filter type (simple, regex, or wildcard).

option

-

simple

Option

Description

simple

Simple URL string.

regex

Regular expression URL string.

wildcard

Wildcard URL string.

action

Action to take for URL filter matches.

option

-

exempt

Option

Description

exempt

Exempt matches.

block

Block matches.

allow

Allow matches (no log).

monitor

Allow matches (with log).

antiphish-action

Action to take for AntiPhishing matches.

option

-

block

Option

Description

block

Block matches.

log

Allow matches with log.

status

Enable/disable this URL filter.

option

-

enable

Option

Description

enable

Enable this URL filter.

disable

Disable this URL filter.

exempt

If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.

option

-

av web-content activex-java-cookie dlp fortiguard range-block antiphish all

Option

Description

av

AntiVirus scanning.

web-content

Web filter content matching.

activex-java-cookie

ActiveX, Java, and cookie filtering.

dlp

DLP scanning.

fortiguard

FortiGuard web filtering.

range-block

Range block feature.

pass

Pass single connection from all.

antiphish

AntiPhish credential checking.

all

Exempt from all security profiles.

web-proxy-profile

Web proxy profile.

string

Maximum length: 63

referrer-host

Referrer host name.

string

Maximum length: 255

dns-address-family

Resolve IPv4 address, IPv6 address, or both from DNS server.

option

-

ipv4

Option

Description

ipv4

Resolve IPv4 address from DNS server.

ipv6

Resolve IPv6 address from DNS server.

both

Resolve both IPv4 and IPv6 addresses from DNS server.