Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config webfilter urlfilter

Configure URL filter lists.

config webfilter urlfilter

Description: Configure URL filter lists.

edit <id>

set name {string}

set comment {var-string}

set one-arm-ips-urlfilter [enable|disable]

set ip-addr-block [enable|disable]

config entries

Description: URL filter entries.

edit <id>

set url {string}

set type [simple|regex|...]

set action [exempt|block|...]

set antiphish-action [block|log]

set status [enable|disable]

set exempt {option1}, {option2}, ...

set web-proxy-profile {string}

set referrer-host {string}

set dns-address-family [ipv4|ipv6|...]

next

end

next

end

config webfilter urlfilter

Parameter

Description

Type

Size

Default

name

Name of URL filter list.

string

Maximum length: 63

comment

Optional comments.

var-string

Maximum length: 255

one-arm-ips-urlfilter

Enable/disable DNS resolver for one-arm IPS URL filter operation.

option

-

disable

 

Option

Description

enable

Enable DNS resolver for one-arm IPS URL filter operation.

disable

Disable DNS resolver for one-arm IPS URL filter operation.

ip-addr-block

Enable/disable blocking URLs when the hostname appears as an IP address.

option

-

disable

 

Option

Description

enable

Enable blocking URLs when the hostname appears as an IP address.

disable

Disable blocking URLs when the hostname appears as an IP address.

config entries

Parameter

Description

Type

Size

Default

url

URL to be filtered.

string

Maximum length: 511

type

Filter type (simple, regex, or wildcard).

option

-

simple

 

Option

Description

simple

Simple URL string.

regex

Regular expression URL string.

wildcard

Wildcard URL string.

action

Action to take for URL filter matches.

option

-

exempt

 

Option

Description

exempt

Exempt matches.

block

Block matches.

allow

Allow matches (no log).

monitor

Allow matches (with log).

antiphish-action

Action to take for AntiPhishing matches.

option

-

block

 

Option

Description

block

Block matches.

log

Allow matches with log.

status

Enable/disable this URL filter.

option

-

enable

 

Option

Description

enable

Enable this URL filter.

disable

Disable this URL filter.

exempt

If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.

option

-

av web-content activex-java-cookie dlp fortiguard range-block antiphish all

 

Option

Description

av

AntiVirus scanning.

web-content

Web filter content matching.

activex-java-cookie

ActiveX, Java, and cookie filtering.

dlp

DLP scanning.

fortiguard

FortiGuard web filtering.

range-block

Range block feature.

pass

Pass single connection from all.

antiphish

AntiPhish credential checking.

all

Exempt from all security profiles.

web-proxy-profile

Web proxy profile.

string

Maximum length: 63

referrer-host

Referrer host name.

string

Maximum length: 255

dns-address-family

Resolve IPv4 address, IPv6 address, or both from DNS server.

option

-

ipv4

 

Option

Description

ipv4

Resolve IPv4 address from DNS server.

ipv6

Resolve IPv6 address from DNS server.

both

Resolve both IPv4 and IPv6 addresses from DNS server.

config webfilter urlfilter

Configure URL filter lists.

config webfilter urlfilter

Description: Configure URL filter lists.

edit <id>

set name {string}

set comment {var-string}

set one-arm-ips-urlfilter [enable|disable]

set ip-addr-block [enable|disable]

config entries

Description: URL filter entries.

edit <id>

set url {string}

set type [simple|regex|...]

set action [exempt|block|...]

set antiphish-action [block|log]

set status [enable|disable]

set exempt {option1}, {option2}, ...

set web-proxy-profile {string}

set referrer-host {string}

set dns-address-family [ipv4|ipv6|...]

next

end

next

end

config webfilter urlfilter

Parameter

Description

Type

Size

Default

name

Name of URL filter list.

string

Maximum length: 63

comment

Optional comments.

var-string

Maximum length: 255

one-arm-ips-urlfilter

Enable/disable DNS resolver for one-arm IPS URL filter operation.

option

-

disable

 

Option

Description

enable

Enable DNS resolver for one-arm IPS URL filter operation.

disable

Disable DNS resolver for one-arm IPS URL filter operation.

ip-addr-block

Enable/disable blocking URLs when the hostname appears as an IP address.

option

-

disable

 

Option

Description

enable

Enable blocking URLs when the hostname appears as an IP address.

disable

Disable blocking URLs when the hostname appears as an IP address.

config entries

Parameter

Description

Type

Size

Default

url

URL to be filtered.

string

Maximum length: 511

type

Filter type (simple, regex, or wildcard).

option

-

simple

 

Option

Description

simple

Simple URL string.

regex

Regular expression URL string.

wildcard

Wildcard URL string.

action

Action to take for URL filter matches.

option

-

exempt

 

Option

Description

exempt

Exempt matches.

block

Block matches.

allow

Allow matches (no log).

monitor

Allow matches (with log).

antiphish-action

Action to take for AntiPhishing matches.

option

-

block

 

Option

Description

block

Block matches.

log

Allow matches with log.

status

Enable/disable this URL filter.

option

-

enable

 

Option

Description

enable

Enable this URL filter.

disable

Disable this URL filter.

exempt

If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.

option

-

av web-content activex-java-cookie dlp fortiguard range-block antiphish all

 

Option

Description

av

AntiVirus scanning.

web-content

Web filter content matching.

activex-java-cookie

ActiveX, Java, and cookie filtering.

dlp

DLP scanning.

fortiguard

FortiGuard web filtering.

range-block

Range block feature.

pass

Pass single connection from all.

antiphish

AntiPhish credential checking.

all

Exempt from all security profiles.

web-proxy-profile

Web proxy profile.

string

Maximum length: 63

referrer-host

Referrer host name.

string

Maximum length: 255

dns-address-family

Resolve IPv4 address, IPv6 address, or both from DNS server.

option

-

ipv4

 

Option

Description

ipv4

Resolve IPv4 address from DNS server.

ipv6

Resolve IPv6 address from DNS server.

both

Resolve both IPv4 and IPv6 addresses from DNS server.