Fortinet white logo
Fortinet white logo

Administration Guide

Settings

Settings

You can optimize web cache settings to improve performance and exempt specific URL patterns from caching and/or forward them to a web proxy server.

In most cases, the default settings for the WAN optimization web cache are acceptable. However, you might want to change them to improve performance or optimize the cache for your configuration.

Go to Web Cache > Settings to configure web cache settings.

Configure the following settings and then select Apply to save your changes:

Always Revalidate

Always re-validate requested cached objects with content on the server before serving them to the client.

Max Cache Object Size

The maximum size of objects (files) that are cached (the default is 512,000 KB).

Objects that are larger than this size are still delivered to the client but are not stored in the FortiProxy web cache.

Negative Response Duration

The amount of time, in minutes, that the FortiProxy unit caches error responses from web servers (default is 0 minutes).

The content server might send a client error code (4xx HTTP response) or a server error code (5xx HTTP response) as a response to some requests. If the web cache is configured to cache these negative responses, it returns that response in subsequent requests for that page or image for the specified number of minutes, regardless of the actual object status.

Fresh Factor

For cached objects that do not have an expiry time, the web cache periodically checks the server to see if the objects have expired. The higher the fresh factor, the less often the checks occur (default is 100%).

For example, if you set Max TTL and Default TTL to 7,200 minutes (5 days) and set Fresh Factor to 20, the web cache checks the cached objects 5 times before they expire, but, if you set the Fresh Factor to 100, the web cache will only check once.

Max TTL

The maximum amount of time (Time to Live), in minutes, an object can stay in the web cache without the cache checking to see if it has expired on the server. From 1 to 5,256,000 minutes (one year) (default is 7,200 minutes).

Min TTL

The minimum amount of time an object can stay in the web cache before the web cache checks to see if it has expired on the server. From 1 to 5,256,000 minutes (default is 5 minutes).

Default TTL

The default expiry time for objects that do not have an expiry time set by the web server. From 1 to 5,256,000 minutes (default is 1,440 minutes).

Proxy FQDN

This setting cannot be changed from the default: default.fqdn.

Max HTTP request length

This setting cannot be changed from the default: 4KB.

Max HTTP message length

This setting cannot be changed from the default: 32KB.

Ignore

If-modified-since

If the time specified by the if-modified-since (IMS) header in the clientʼs conditional request is greater than the last modified time of the object in the cache, it is a strong indication that the copy in the cache is stale. If so, HTTP does a conditional GET to the original content source, based on the last modified time of the cached object.

Enable ignoring if-modified-since to override this behavior.

HTTP 1.1 Conditionals

HTTP 1.1 provides additional controls to the client for the behavior of caches toward stale objects. Depending on various cache-control headers, the FortiProxy unit can be forced to consult the OCS before serving the object from the cache. For more information about the behavior of cache-control header values, see RFC 2616.

Enable ignoring HTTP 1.1 conditionals to override this behavior.

Pragma-no-cache

Typically, if a client sends an HTTP GET request with a pragma no-cache (PNC) or cache-control no-cache header, a cache must consult the OCS before serving the content. This behavior means that the unit always re-fetches the entire object from the OCS, even if the cached copy of the object is fresh.

Because of this behavior, PNC requests can degrade performance and increase server-side bandwidth use.

Enable ignoring Pragma-no-cache so that the PNC header from the client request is ignored. The FortiProxy unit treats the request as if the PNC header is not present.

IE Reload

Some versions of Internet Explorer issue Accept / header instead of Pragma no-cache header when you select Refresh. When an Accept header has only the / value, the FortiProxy unit treats it as a PNC header if it is a type-N object. Enable ignoring IE reload to cause the FortiProxy unit to ignore the PNC interpretation of the Accept / header.

Expiry Options

Cache Expired Objects

Enable to cache expired type-1 objects (if all other conditions make the object cacheable).

Revalidated Pragma-no-cache

The PNC header in a request can affect how efficiently the device uses bandwidth.

If you do not want to completely ignore PNC in client requests by selecting Ignore > Pragma-no-cache, you can lower the impact on bandwidth usage with this option.

When selected, a clientʼs nonconditional PNC-GET request results in a conditional GET request sent to the OCS if the object is already in the cache. This gives the OCS a chance to return the 304 Not Modified response, which consumes less server-side bandwidth because the OCS has not been forced to return full content.

By default, Revalidate Pragma-no-cache is disabled and is not affected by changes in the top-level profile. When the Substitute Get for PNC configuration is enabled, the revalidate PNC configuration has no effect.

Most download managers make byte-range requests with a PNC header. To serve such requests from the cache, you need to also configure byte-range support when you configure the Revalidate pragma-no-cache option.

HTTP traffic caching reports

Another way to review traffic caching is to generate top-entry reports with the following CLI commands:

config system global

set http-view {enable | disable}

end

After enabling top-entry reports, you can execute and generate six different kinds of reports, depending upon what statistics you are interested in. Enter the following command:

execute http-view report {00 | 01 | 02 | 03 | 04 | 05}

Enter the two-digit value for the report that you want generated:

  • 00: Top entries by total HTTP requests

  • 01: Top entries by bandwidth consumed

  • 02: Top entries by cacheable percent of total requests

  • 03: Top entries by cache hit percent of total requests

  • 04: Top entries by cache hit percent of cacheable requests

  • 05: Top entries by bandwidth saved with cache hits

Each generated report shows the appropriate domain traffic within the last hour.

Settings

Settings

You can optimize web cache settings to improve performance and exempt specific URL patterns from caching and/or forward them to a web proxy server.

In most cases, the default settings for the WAN optimization web cache are acceptable. However, you might want to change them to improve performance or optimize the cache for your configuration.

Go to Web Cache > Settings to configure web cache settings.

Configure the following settings and then select Apply to save your changes:

Always Revalidate

Always re-validate requested cached objects with content on the server before serving them to the client.

Max Cache Object Size

The maximum size of objects (files) that are cached (the default is 512,000 KB).

Objects that are larger than this size are still delivered to the client but are not stored in the FortiProxy web cache.

Negative Response Duration

The amount of time, in minutes, that the FortiProxy unit caches error responses from web servers (default is 0 minutes).

The content server might send a client error code (4xx HTTP response) or a server error code (5xx HTTP response) as a response to some requests. If the web cache is configured to cache these negative responses, it returns that response in subsequent requests for that page or image for the specified number of minutes, regardless of the actual object status.

Fresh Factor

For cached objects that do not have an expiry time, the web cache periodically checks the server to see if the objects have expired. The higher the fresh factor, the less often the checks occur (default is 100%).

For example, if you set Max TTL and Default TTL to 7,200 minutes (5 days) and set Fresh Factor to 20, the web cache checks the cached objects 5 times before they expire, but, if you set the Fresh Factor to 100, the web cache will only check once.

Max TTL

The maximum amount of time (Time to Live), in minutes, an object can stay in the web cache without the cache checking to see if it has expired on the server. From 1 to 5,256,000 minutes (one year) (default is 7,200 minutes).

Min TTL

The minimum amount of time an object can stay in the web cache before the web cache checks to see if it has expired on the server. From 1 to 5,256,000 minutes (default is 5 minutes).

Default TTL

The default expiry time for objects that do not have an expiry time set by the web server. From 1 to 5,256,000 minutes (default is 1,440 minutes).

Proxy FQDN

This setting cannot be changed from the default: default.fqdn.

Max HTTP request length

This setting cannot be changed from the default: 4KB.

Max HTTP message length

This setting cannot be changed from the default: 32KB.

Ignore

If-modified-since

If the time specified by the if-modified-since (IMS) header in the clientʼs conditional request is greater than the last modified time of the object in the cache, it is a strong indication that the copy in the cache is stale. If so, HTTP does a conditional GET to the original content source, based on the last modified time of the cached object.

Enable ignoring if-modified-since to override this behavior.

HTTP 1.1 Conditionals

HTTP 1.1 provides additional controls to the client for the behavior of caches toward stale objects. Depending on various cache-control headers, the FortiProxy unit can be forced to consult the OCS before serving the object from the cache. For more information about the behavior of cache-control header values, see RFC 2616.

Enable ignoring HTTP 1.1 conditionals to override this behavior.

Pragma-no-cache

Typically, if a client sends an HTTP GET request with a pragma no-cache (PNC) or cache-control no-cache header, a cache must consult the OCS before serving the content. This behavior means that the unit always re-fetches the entire object from the OCS, even if the cached copy of the object is fresh.

Because of this behavior, PNC requests can degrade performance and increase server-side bandwidth use.

Enable ignoring Pragma-no-cache so that the PNC header from the client request is ignored. The FortiProxy unit treats the request as if the PNC header is not present.

IE Reload

Some versions of Internet Explorer issue Accept / header instead of Pragma no-cache header when you select Refresh. When an Accept header has only the / value, the FortiProxy unit treats it as a PNC header if it is a type-N object. Enable ignoring IE reload to cause the FortiProxy unit to ignore the PNC interpretation of the Accept / header.

Expiry Options

Cache Expired Objects

Enable to cache expired type-1 objects (if all other conditions make the object cacheable).

Revalidated Pragma-no-cache

The PNC header in a request can affect how efficiently the device uses bandwidth.

If you do not want to completely ignore PNC in client requests by selecting Ignore > Pragma-no-cache, you can lower the impact on bandwidth usage with this option.

When selected, a clientʼs nonconditional PNC-GET request results in a conditional GET request sent to the OCS if the object is already in the cache. This gives the OCS a chance to return the 304 Not Modified response, which consumes less server-side bandwidth because the OCS has not been forced to return full content.

By default, Revalidate Pragma-no-cache is disabled and is not affected by changes in the top-level profile. When the Substitute Get for PNC configuration is enabled, the revalidate PNC configuration has no effect.

Most download managers make byte-range requests with a PNC header. To serve such requests from the cache, you need to also configure byte-range support when you configure the Revalidate pragma-no-cache option.

HTTP traffic caching reports

Another way to review traffic caching is to generate top-entry reports with the following CLI commands:

config system global

set http-view {enable | disable}

end

After enabling top-entry reports, you can execute and generate six different kinds of reports, depending upon what statistics you are interested in. Enter the following command:

execute http-view report {00 | 01 | 02 | 03 | 04 | 05}

Enter the two-digit value for the report that you want generated:

  • 00: Top entries by total HTTP requests

  • 01: Top entries by bandwidth consumed

  • 02: Top entries by cacheable percent of total requests

  • 03: Top entries by cache hit percent of total requests

  • 04: Top entries by cache hit percent of cacheable requests

  • 05: Top entries by bandwidth saved with cache hits

Each generated report shows the appropriate domain traffic within the last hour.