config webfilter profile

Configure Web filter profiles.

config webfilter profile

Description: Configure Web filter profiles.

edit <name>

set comment {var-string}

set feature-set [flow|proxy]

set replacemsg-group {string}

set options {option1}, {option2}, ...

set https-replacemsg [enable|disable]

set ovrd-perm {option1}, {option2}, ...

set post-action [normal|block]

config override

Description: Web Filter override settings.

set ovrd-cookie [allow|deny]

set ovrd-scope [user|user-group|...]

set profile-type [list|radius]

set ovrd-dur-mode [constant|ask]

set ovrd-dur {user}

set profile-attribute [User-Name|NAS-IP-Address|...]

set ovrd-user-group <name1>, <name2>, ...

set profile <name1>, <name2>, ...

end

config web

Description: Web content filtering settings.

set bword-threshold {integer}

set bword-table {integer}

set urlfilter-table {integer}

set content-header-list {integer}

set blocklist [enable|disable]

set allowlist {option1}, {option2}, ...

set safe-search {option1}, {option2}, ...

set youtube-restrict [none|strict|...]

set vimeo-restrict {string}

set log-search [enable|disable]

set keyword-match <pattern1>, <pattern2>, ...

end

config ftgd-wf

Description: FortiGuard Web Filter settings.

set options {option1}, {option2}, ...

set exempt-quota {user}

set ovrd {user}

config filters

Description: FortiGuard filters.

edit <id>

set category {integer}

set action [block|authenticate|...]

set warn-duration {user}

set auth-usr-grp <name1>, <name2>, ...

set log [enable|disable]

set override-replacemsg {string}

set warning-prompt [per-domain|per-category]

set warning-duration-type [session|timeout]

next

end

config quota

Description: FortiGuard traffic quota settings.

edit <id>

set category {user}

set type [time|traffic]

set unit [B|KB|...]

set value {integer}

set duration {user}

set override-replacemsg {string}

next

end

set max-quota-timeout {integer}

set rate-javascript-urls [disable|enable]

set rate-css-urls [disable|enable]

set rate-crl-urls [disable|enable]

end

config antiphish

Description: AntiPhishing profile.

set status [enable|disable]

set default-action [exempt|log|...]

set check-uri [enable|disable]

set check-basic-auth [enable|disable]

set check-username-only [enable|disable]

set max-body-len {integer}

config inspection-entries

Description: AntiPhishing entries.

edit <name>

set fortiguard-category {user}

set action [exempt|log|...]

next

end

config custom-patterns

Description: Custom username and password regex patterns.

edit <pattern>

set category [username|password]

set type [regex|literal]

next

end

set authentication [domain-controller|ldap]

set domain-controller {string}

set ldap {string}

end

set wisp [enable|disable]

set wisp-servers <name1>, <name2>, ...

set wisp-algorithm [primary-secondary|round-robin|...]

set log-all-url [enable|disable]

set web-content-log [enable|disable]

set web-filter-activex-log [enable|disable]

set web-filter-command-block-log [enable|disable]

set web-filter-cookie-log [enable|disable]

set web-filter-applet-log [enable|disable]

set web-filter-jscript-log [enable|disable]

set web-filter-js-log [enable|disable]

set web-filter-vbs-log [enable|disable]

set web-filter-unknown-log [enable|disable]

set web-filter-referer-log [enable|disable]

set web-filter-cookie-removal-log [enable|disable]

set web-url-log [enable|disable]

set web-invalid-domain-log [enable|disable]

set web-ftgd-err-log [enable|disable]

set web-ftgd-quota-usage [enable|disable]

set extended-log [enable|disable]

set web-extended-all-action-log [enable|disable]

set web-antiphishing-log [enable|disable]

next

end

config webfilter profile

Parameter	Description	Type	Size	Default
comment	Optional comments.	var-string	Maximum length: 255
feature-set	Flow/proxy feature set.	option	-	flow
	Option Description flow Flow feature set. proxy Proxy feature set.
replacemsg-group	Replacement message group.	string	Maximum length: 35
options	Options.	option	-
	Option Description activexfilter ActiveX filter. cookiefilter Cookie filter. javafilter Java applet filter. block-invalid-url Block sessions contained an invalid domain name. jscript Javascript block. js JS block. vbs VB script block. unknown Unknown script block. intrinsic Intrinsic script block. wf-referer Referring block. wf-cookie Cookie block.
https-replacemsg	Enable replacement messages for HTTPS.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
ovrd-perm	Permitted override types.	option	-
	Option Description bannedword-override Banned word override. urlfilter-override URL filter override. fortiguard-wf-override FortiGuard Web Filter override. contenttype-check-override Content-type header override.
post-action	Action taken for HTTP POST traffic.	option	-	normal
	Option Description normal Normal, POST requests are allowed. block POST requests are blocked.
wisp	Enable/disable web proxy WISP.	option	-	disable
	Option Description enable Enable web proxy WISP. disable Disable web proxy WISP.
wisp-servers <name>	WISP servers. Server name.	string	Maximum length: 79
wisp-algorithm	WISP server selection algorithm.	option	-	auto-learning
	Option Description primary-secondary Select the first healthy server in order. round-robin Select the next healthy server. auto-learning Select the lightest loading healthy server.
log-all-url	Enable/disable logging all URLs visited.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
web-content-log	Enable/disable logging logging blocked web content.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-activex-log	Enable/disable logging ActiveX.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-command-block-log	Enable/disable logging blocked commands.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-cookie-log	Enable/disable logging cookie filtering.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-applet-log	Enable/disable logging Java applets.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-jscript-log	Enable/disable logging JScripts.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-js-log	Enable/disable logging Java scripts.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-vbs-log	Enable/disable logging VBS scripts.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-unknown-log	Enable/disable logging unknown scripts.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-referer-log	Enable/disable logging referrers.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-filter-cookie-removal-log	Enable/disable logging blocked cookies.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-url-log	Enable/disable logging URL filtering.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-invalid-domain-log	Enable/disable logging invalid domain names.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-ftgd-err-log	Enable/disable logging rating errors.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
web-ftgd-quota-usage	Enable/disable logging daily quota usage.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.
extended-log	Enable/disable extended logging for web filtering.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
web-extended-all-action-log	Enable/disable extended any filter action logging for web filtering.	option	-	disable
	Option Description enable Enable setting. disable Disable setting.
web-antiphishing-log	Enable/disable logging of AntiPhishing checks.	option	-	enable
	Option Description enable Enable setting. disable Disable setting.

config override

Parameter	Description	Type	Size	Default
ovrd-cookie	Allow/deny browser-based (cookie) overrides.	option	-	deny
	Option Description allow Allow browser-based (cookie) override. deny Deny browser-based (cookie) override.
ovrd-scope	Override scope.	option	-	user
	Option Description user Override for the user. user-group Override for the user's group. ip Override for the initiating IP. browser Create browser-based (cookie) override. ask Prompt for scope when initiating an override.
profile-type	Override profile type.	option	-	list
	Option Description list Profile chosen from list. radius Profile determined by RADIUS server.
ovrd-dur-mode	Override duration mode.	option	-	constant
	Option Description constant Constant mode. ask Prompt for duration when initiating an override.
ovrd-dur	Override duration.	user	Not Specified	15m
profile-attribute	Profile attribute to retrieve from the RADIUS server.	option	-	Login-LAT-Service
	Option Description User-Name Use this attribute. NAS-IP-Address Use this attribute. Framed-IP-Address Use this attribute. Framed-IP-Netmask Use this attribute. Filter-Id Use this attribute. Login-IP-Host Use this attribute. Reply-Message Use this attribute. Callback-Number Use this attribute. Callback-Id Use this attribute. Framed-Route Use this attribute. Framed-IPX-Network Use this attribute. Class Use this attribute. Called-Station-Id Use this attribute. Calling-Station-Id Use this attribute. NAS-Identifier Use this attribute. Proxy-State Use this attribute. Login-LAT-Service Use this attribute. Login-LAT-Node Use this attribute. Login-LAT-Group Use this attribute. Framed-AppleTalk-Z