config webfilter profile

Configure Web filter profiles.

config webfilter profile

Description: Configure Web filter profiles.

edit <name>

set comment {var-string}

set feature-set [flow|proxy]

set replacemsg-group {string}

set options {option1}, {option2}, ...

set https-replacemsg [enable|disable]

set ovrd-perm {option1}, {option2}, ...

set post-action [normal|block]

config override

Description: Web Filter override settings.

set ovrd-cookie [allow|deny]

set ovrd-scope [user|user-group|...]

set profile-type [list|radius]

set ovrd-dur-mode [constant|ask]

set ovrd-dur {user}

set profile-attribute [User-Name|NAS-IP-Address|...]

set ovrd-user-group <name1>, <name2>, ...

set profile <name1>, <name2>, ...

end

config web

Description: Web content filtering settings.

set bword-threshold {integer}

set bword-table {integer}

set urlfilter-table {integer}

set content-header-list {integer}

set blocklist [enable|disable]

set allowlist {option1}, {option2}, ...

set safe-search {option1}, {option2}, ...

set youtube-restrict [none|strict|...]

set vimeo-restrict {string}

set log-search [enable|disable]

set keyword-match <pattern1>, <pattern2>, ...

end

config ftgd-wf

Description: FortiGuard Web Filter settings.

set options {option1}, {option2}, ...

set exempt-quota {user}

set ovrd {user}

config filters

Description: FortiGuard filters.

edit <id>

set category {integer}

set action [block|authenticate|...]

set warn-duration {user}

set auth-usr-grp <name1>, <name2>, ...

set log [enable|disable]

set override-replacemsg {string}

set warning-prompt [per-domain|per-category]

set warning-duration-type [session|timeout]

next

end

config quota

Description: FortiGuard traffic quota settings.

edit <id>

set category {user}

set type [time|traffic]

set unit [B|KB|...]

set value {integer}

set duration {user}

set override-replacemsg {string}

next

end

set max-quota-timeout {integer}

set rate-javascript-urls [disable|enable]

set rate-css-urls [disable|enable]

set rate-crl-urls [disable|enable]

end

config antiphish

Description: AntiPhishing profile.

set status [enable|disable]

set default-action [exempt|log|...]

set check-uri [enable|disable]

set check-basic-auth [enable|disable]

set check-username-only [enable|disable]

set max-body-len {integer}

config inspection-entries

Description: AntiPhishing entries.

edit <name>

set fortiguard-category {user}

set action [exempt|log|...]

next

end

config custom-patterns

Description: Custom username and password regex patterns.

edit <pattern>

set category [username|password]

set type [regex|literal]

next

end

set authentication [domain-controller|ldap]

set domain-controller {string}

set ldap {string}

end

set wisp [enable|disable]

set wisp-servers <name1>, <name2>, ...

set wisp-algorithm [primary-secondary|round-robin|...]

set log-all-url [enable|disable]

set web-content-log [enable|disable]

set web-filter-activex-log [enable|disable]

set web-filter-command-block-log [enable|disable]

set web-filter-cookie-log [enable|disable]

set web-filter-applet-log [enable|disable]

set web-filter-jscript-log [enable|disable]

set web-filter-js-log [enable|disable]

set web-filter-vbs-log [enable|disable]

set web-filter-unknown-log [enable|disable]

set web-filter-referer-log [enable|disable]

set web-filter-cookie-removal-log [enable|disable]

set web-url-log [enable|disable]

set web-invalid-domain-log [enable|disable]

set web-ftgd-err-log [enable|disable]

set web-ftgd-quota-usage [enable|disable]

set extended-log [enable|disable]

set web-extended-all-action-log [enable|disable]

set web-antiphishing-log [enable|disable]

next

end

config webfilter profile

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Maximum length: 255

feature-set

Flow/proxy feature set.

option

-

flow

 

Option

Description

flow

Flow feature set.

proxy

Proxy feature set.

replacemsg-group

Replacement message group.

string

Maximum length: 35

options

Options.

option

-

 

Option

Description

activexfilter

ActiveX filter.

cookiefilter

Cookie filter.

javafilter

Java applet filter.

block-invalid-url

Block sessions contained an invalid domain name.

jscript

Javascript block.

js

JS block.

vbs

VB script block.

unknown

Unknown script block.

intrinsic

Intrinsic script block.

wf-referer

Referring block.

wf-cookie

Cookie block.

https-replacemsg

Enable replacement messages for HTTPS.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

ovrd-perm

Permitted override types.

option

-

 

Option

Description

bannedword-override

Banned word override.

urlfilter-override

URL filter override.

fortiguard-wf-override

FortiGuard Web Filter override.

contenttype-check-override

Content-type header override.

post-action

Action taken for HTTP POST traffic.

option

-

normal

 

Option

Description

normal

Normal, POST requests are allowed.

block

POST requests are blocked.

wisp

Enable/disable web proxy WISP.

option

-

disable

 

Option

Description

enable

Enable web proxy WISP.

disable

Disable web proxy WISP.

wisp-servers <name>

WISP servers.

Server name.

string

Maximum length: 79

wisp-algorithm

WISP server selection algorithm.

option

-

auto-learning

 

Option

Description

primary-secondary

Select the first healthy server in order.

round-robin

Select the next healthy server.

auto-learning

Select the lightest loading healthy server.

log-all-url

Enable/disable logging all URLs visited.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-content-log

Enable/disable logging logging blocked web content.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-activex-log

Enable/disable logging ActiveX.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-command-block-log

Enable/disable logging blocked commands.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-cookie-log

Enable/disable logging cookie filtering.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-applet-log

Enable/disable logging Java applets.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-jscript-log

Enable/disable logging JScripts.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-js-log

Enable/disable logging Java scripts.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-vbs-log

Enable/disable logging VBS scripts.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-unknown-log

Enable/disable logging unknown scripts.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-referer-log

Enable/disable logging referrers.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-filter-cookie-removal-log

Enable/disable logging blocked cookies.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-url-log

Enable/disable logging URL filtering.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-invalid-domain-log

Enable/disable logging invalid domain names.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-ftgd-err-log

Enable/disable logging rating errors.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-ftgd-quota-usage

Enable/disable logging daily quota usage.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

extended-log

Enable/disable extended logging for web filtering.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-extended-all-action-log

Enable/disable extended any filter action logging for web filtering.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

web-antiphishing-log

Enable/disable logging of AntiPhishing checks.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

config override

Parameter

Description

Type

Size

Default

ovrd-cookie

Allow/deny browser-based (cookie) overrides.

option

-

deny

 

Option

Description

allow

Allow browser-based (cookie) override.

deny

Deny browser-based (cookie) override.

ovrd-scope

Override scope.

option

-

user

 

Option

Description

user

Override for the user.

user-group

Override for the user's group.

ip

Override for the initiating IP.

browser

Create browser-based (cookie) override.

ask

Prompt for scope when initiating an override.

profile-type

Override profile type.

option

-

list

 

Option

Description

list

Profile chosen from list.

radius

Profile determined by RADIUS server.

ovrd-dur-mode

Override duration mode.

option

-

constant

 

Option

Description

constant

Constant mode.

ask

Prompt for duration when initiating an override.

ovrd-dur

Override duration.

user

Not Specified

15m

profile-attribute

Profile attribute to retrieve from the RADIUS server.

option

-

Login-LAT-Service

 

Option

Description

User-Name

Use this attribute.

NAS-IP-Address

Use this attribute.

Framed-IP-Address

Use this attribute.

Framed-IP-Netmask

Use this attribute.

Filter-Id

Use this attribute.

Login-IP-Host

Use this attribute.

Reply-Message

Use this attribute.

Callback-Number

Use this attribute.

Callback-Id

Use this attribute.

Framed-Route

Use this attribute.

Framed-IPX-Network

Use this attribute.

Class

Use this attribute.

Called-Station-Id

Use this attribute.

Calling-Station-Id

Use this attribute.

NAS-Identifier

Use this attribute.

Proxy-State

Use this attribute.

Login-LAT-Service

Use this attribute.

Login-LAT-Node

Use this attribute.

Login-LAT-Group

Use this attribute.

Framed-AppleTalk-Zone

Use this attribute.

Acct-Session-Id

Use this attribute.

Acct-Multi-Session-Id

Use this attribute.

ovrd-user-group <name>

User groups with permission to use the override.

User group name.

string

Maximum length: 79

profile <name>

Web filter profile with permission to create overrides.

Web profile.

string

Maximum length: 79

config web

Parameter

Description

Type

Size

Default

bword-threshold

Banned word score threshold.

integer

Minimum value: 0 Maximum value: 2147483647

10

bword-table

Banned word table ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

urlfilter-table

URL filter table ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

content-header-list

Content header list.

integer

Minimum value: 0 Maximum value: 4294967295

0

blocklist

Enable/disable automatic addition of URLs detected by FortiSandbox to blocklist.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

allowlist

FortiGuard allowlist settings.

option

-

 

Option

Description

exempt-av

Exempt antivirus.

exempt-webcontent

Exempt web content.

exempt-activex-java-cookie

Exempt ActiveX-JAVA-Cookie.

exempt-dlp

Exempt DLP.