Fortinet white logo
Fortinet white logo

CLI Reference

config webfilter urlfilter

config webfilter urlfilter

Configure URL filter lists.

config webfilter urlfilter

Description: Configure URL filter lists.

edit <id>

set name {string}

set comment {var-string}

set one-arm-ips-urlfilter [enable|disable]

set ip-addr-block [enable|disable]

config entries

Description: URL filter entries.

edit <id>

set url {string}

set type [simple|regex|...]

set action [exempt|block|...]

set antiphish-action [block|log]

set status [enable|disable]

set exempt {option1}, {option2}, ...

set web-proxy-profile {string}

set referrer-host {string}

set dns-address-family [ipv4|ipv6|...]

next

end

next

end

config webfilter urlfilter

Parameter name

Description

Type

Size

name

Name of URL filter list.

string

Maximum length: 63

comment

Optional comments.

var-string

Maximum length: 255

one-arm-ips-urlfilter

Enable/disable DNS resolver for one-arm IPS URL filter operation.

option

-

Option

Description

enable

Enable DNS resolver for one-arm IPS URL filter operation.

disable

Disable DNS resolver for one-arm IPS URL filter operation.

ip-addr-block

Enable/disable blocking URLs when the hostname appears as an IP address.

option

-

Option

Description

enable

Enable blocking URLs when the hostname appears as an IP address.

disable

Disable blocking URLs when the hostname appears as an IP address.

config entries

Parameter name

Description

Type

Size

url

URL to be filtered.

string

Maximum length: 511

type

Filter type (simple, regex, or wildcard).

option

-

Option

Description

simple

Simple URL string.

regex

Regular expression URL string.

wildcard

Wildcard URL string.

action

Action to take for URL filter matches.

option

-

Option

Description

exempt

Exempt matches.

block

Block matches.

allow

Allow matches (no log).

monitor

Allow matches (with log).

antiphish-action

Action to take for AntiPhishing matches.

option

-

Option

Description

block

Block matches.

log

Allow matches with log.

status

Enable/disable this URL filter.

option

-

Option

Description

enable

Enable this URL filter.

disable

Disable this URL filter.

exempt

If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.

option

-

Option

Description

av

AntiVirus scanning.

web-content

Web filter content matching.

activex-java-cookie

ActiveX, Java, and cookie filtering.

dlp

DLP scanning.

fortiguard

FortiGuard web filtering.

range-block

Range block feature.

pass

Pass single connection from all.

antiphish

AntiPhish credential checking.

all

Exempt from all security profiles.

web-proxy-profile

Web proxy profile.

string

Maximum length: 63

referrer-host

Referrer host name.

string

Maximum length: 255

dns-address-family

Resolve IPv4 address, IPv6 address, or both from DNS server.

option

-

Option

Description

ipv4

Resolve IPv4 address from DNS server.

ipv6

Resolve IPv6 address from DNS server.

both

Resolve both IPv4 and IPv6 addresses from DNS server.

config webfilter urlfilter

config webfilter urlfilter

Configure URL filter lists.

config webfilter urlfilter

Description: Configure URL filter lists.

edit <id>

set name {string}

set comment {var-string}

set one-arm-ips-urlfilter [enable|disable]

set ip-addr-block [enable|disable]

config entries

Description: URL filter entries.

edit <id>

set url {string}

set type [simple|regex|...]

set action [exempt|block|...]

set antiphish-action [block|log]

set status [enable|disable]

set exempt {option1}, {option2}, ...

set web-proxy-profile {string}

set referrer-host {string}

set dns-address-family [ipv4|ipv6|...]

next

end

next

end

config webfilter urlfilter

Parameter name

Description

Type

Size

name

Name of URL filter list.

string

Maximum length: 63

comment

Optional comments.

var-string

Maximum length: 255

one-arm-ips-urlfilter

Enable/disable DNS resolver for one-arm IPS URL filter operation.

option

-

Option

Description

enable

Enable DNS resolver for one-arm IPS URL filter operation.

disable

Disable DNS resolver for one-arm IPS URL filter operation.

ip-addr-block

Enable/disable blocking URLs when the hostname appears as an IP address.

option

-

Option

Description

enable

Enable blocking URLs when the hostname appears as an IP address.

disable

Disable blocking URLs when the hostname appears as an IP address.

config entries

Parameter name

Description

Type

Size

url

URL to be filtered.

string

Maximum length: 511

type

Filter type (simple, regex, or wildcard).

option

-

Option

Description

simple

Simple URL string.

regex

Regular expression URL string.

wildcard

Wildcard URL string.

action

Action to take for URL filter matches.

option

-

Option

Description

exempt

Exempt matches.

block

Block matches.

allow

Allow matches (no log).

monitor

Allow matches (with log).

antiphish-action

Action to take for AntiPhishing matches.

option

-

Option

Description

block

Block matches.

log

Allow matches with log.

status

Enable/disable this URL filter.

option

-

Option

Description

enable

Enable this URL filter.

disable

Disable this URL filter.

exempt

If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.

option

-

Option

Description

av

AntiVirus scanning.

web-content

Web filter content matching.

activex-java-cookie

ActiveX, Java, and cookie filtering.

dlp

DLP scanning.

fortiguard

FortiGuard web filtering.

range-block

Range block feature.

pass

Pass single connection from all.

antiphish

AntiPhish credential checking.

all

Exempt from all security profiles.

web-proxy-profile

Web proxy profile.

string

Maximum length: 63

referrer-host

Referrer host name.

string

Maximum length: 255

dns-address-family

Resolve IPv4 address, IPv6 address, or both from DNS server.

option

-

Option

Description

ipv4

Resolve IPv4 address from DNS server.

ipv6

Resolve IPv6 address from DNS server.

both

Resolve both IPv4 and IPv6 addresses from DNS server.