Fortinet white logo
Fortinet white logo

CLI Reference

config webfilter urlfilter

config webfilter urlfilter

Configure URL filter lists.

config webfilter urlfilter
    Description: Configure URL filter lists.
    edit <id>
        set comment {var-string}
        config entries
            Description: URL filter entries.
            edit <id>
                set action [exempt|block|...]
                set antiphish-action [block|log]
                set dns-address-family [ipv4|ipv6|...]
                set exempt {option1}, {option2}, ...
                set referrer-host {string}
                set status [enable|disable]
                set type [simple|regex|...]
                set url {string}
                set web-proxy-profile {string}
            next
        end
        set ip-addr-block [enable|disable]
        set ip4-mapped-ip6 [enable|disable]
        set name {string}
        set one-arm-ips-urlfilter [enable|disable]
    next
end

config webfilter urlfilter

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Maximum length: 255

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip-addr-block

Enable/disable blocking URLs when the hostname appears as an IP address.

option

-

disable

Option

Description

enable

Enable blocking URLs when the hostname appears as an IP address.

disable

Disable blocking URLs when the hostname appears as an IP address.

ip4-mapped-ip6

Enable/disable matching of IPv4 mapped IPv6 URLs.

option

-

disable

Option

Description

enable

Enable matching IPv4 mapped IPv6 URLs.

disable

Disable matching IPv4 mapped IPv6 URLs.

name

Name of URL filter list.

string

Maximum length: 63

one-arm-ips-urlfilter

Enable/disable DNS resolver for one-arm IPS URL filter operation.

option

-

disable

Option

Description

enable

Enable DNS resolver for one-arm IPS URL filter operation.

disable

Disable DNS resolver for one-arm IPS URL filter operation.

config entries

Parameter

Description

Type

Size

Default

action

Action to take for URL filter matches.

option

-

exempt

Option

Description

exempt

Exempt matches.

block

Block matches.

allow

Allow matches (no log).

monitor

Allow matches (with log).

antiphish-action

Action to take for AntiPhishing matches.

option

-

block

Option

Description

block

Block matches.

log

Allow matches with log.

dns-address-family

Resolve IPv4 address, IPv6 address, or both from DNS server.

option

-

ipv4

Option

Description

ipv4

Resolve IPv4 address from DNS server.

ipv6

Resolve IPv6 address from DNS server.

both

Resolve both IPv4 and IPv6 addresses from DNS server.

exempt

If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.

option

-

av web-content activex-java-cookie dlp fortiguard range-block antiphish all

Option

Description

av

AntiVirus scanning.

web-content

Web filter content matching.

activex-java-cookie

ActiveX, Java, and cookie filtering.

dlp

DLP scanning.

fortiguard

FortiGuard web filtering.

range-block

Range block feature.

pass

Pass single connection from all.

antiphish

AntiPhish credential checking.

all

Exempt from all security profiles.

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

referrer-host

Referrer host name.

string

Maximum length: 255

status

Enable/disable this URL filter.

option

-

enable

Option

Description

enable

Enable this URL filter.

disable

Disable this URL filter.

type

Filter type (simple, regex, or wildcard).

option

-

simple

Option

Description

simple

Simple URL string.

regex

Regular expression URL string.

wildcard

Wildcard URL string.

url

URL to be filtered.

string

Maximum length: 511

web-proxy-profile

Web proxy profile.

string

Maximum length: 63

config webfilter urlfilter

config webfilter urlfilter

Configure URL filter lists.

config webfilter urlfilter
    Description: Configure URL filter lists.
    edit <id>
        set comment {var-string}
        config entries
            Description: URL filter entries.
            edit <id>
                set action [exempt|block|...]
                set antiphish-action [block|log]
                set dns-address-family [ipv4|ipv6|...]
                set exempt {option1}, {option2}, ...
                set referrer-host {string}
                set status [enable|disable]
                set type [simple|regex|...]
                set url {string}
                set web-proxy-profile {string}
            next
        end
        set ip-addr-block [enable|disable]
        set ip4-mapped-ip6 [enable|disable]
        set name {string}
        set one-arm-ips-urlfilter [enable|disable]
    next
end

config webfilter urlfilter

Parameter

Description

Type

Size

Default

comment

Optional comments.

var-string

Maximum length: 255

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

ip-addr-block

Enable/disable blocking URLs when the hostname appears as an IP address.

option

-

disable

Option

Description

enable

Enable blocking URLs when the hostname appears as an IP address.

disable

Disable blocking URLs when the hostname appears as an IP address.

ip4-mapped-ip6

Enable/disable matching of IPv4 mapped IPv6 URLs.

option

-

disable

Option

Description

enable

Enable matching IPv4 mapped IPv6 URLs.

disable

Disable matching IPv4 mapped IPv6 URLs.

name

Name of URL filter list.

string

Maximum length: 63

one-arm-ips-urlfilter

Enable/disable DNS resolver for one-arm IPS URL filter operation.

option

-

disable

Option

Description

enable

Enable DNS resolver for one-arm IPS URL filter operation.

disable

Disable DNS resolver for one-arm IPS URL filter operation.

config entries

Parameter

Description

Type

Size

Default

action

Action to take for URL filter matches.

option

-

exempt

Option

Description

exempt

Exempt matches.

block

Block matches.

allow

Allow matches (no log).

monitor

Allow matches (with log).

antiphish-action

Action to take for AntiPhishing matches.

option

-

block

Option

Description

block

Block matches.

log

Allow matches with log.

dns-address-family

Resolve IPv4 address, IPv6 address, or both from DNS server.

option

-

ipv4

Option

Description

ipv4

Resolve IPv4 address from DNS server.

ipv6

Resolve IPv6 address from DNS server.

both

Resolve both IPv4 and IPv6 addresses from DNS server.

exempt

If action is set to exempt, select the security profile operations that exempt URLs skip. Separate multiple options with a space.

option

-

av web-content activex-java-cookie dlp fortiguard range-block antiphish all

Option

Description

av

AntiVirus scanning.

web-content

Web filter content matching.

activex-java-cookie

ActiveX, Java, and cookie filtering.

dlp

DLP scanning.

fortiguard

FortiGuard web filtering.

range-block

Range block feature.

pass

Pass single connection from all.

antiphish

AntiPhish credential checking.

all

Exempt from all security profiles.

id

Id.

integer

Minimum value: 0 Maximum value: 4294967295

0

referrer-host

Referrer host name.

string

Maximum length: 255

status

Enable/disable this URL filter.

option

-

enable

Option

Description

enable

Enable this URL filter.

disable

Disable this URL filter.

type

Filter type (simple, regex, or wildcard).

option

-

simple

Option

Description

simple

Simple URL string.

regex

Regular expression URL string.

wildcard

Wildcard URL string.

url

URL to be filtered.

string

Maximum length: 511

web-proxy-profile

Web proxy profile.

string

Maximum length: 63