Fortinet black logo

CLI Reference

waf web-cache-exception

waf web-cache-exception

Use this command to configure FortiWeb to cache responses from your servers.

Use web-cache-exception to cache all URLs except for a few. To cache only a few URLs, see .

To apply this policy, include it in an inline protection profile. For details, see waf web-protection-profile inline-protection.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf web-cache-exception

edit "<web-cache-exception_rule_name>"

config exception-list

edit <entry_index>

set host-status {enable | disable}

set host "<host_str>"

set url-type {plain | regular}

set url-patten "<url-pattern_str>"

set cookie-name "<cookie-name_str>"

end

next

end

Variable Description Default

"<web-cache-exception_rule_name>"

Enter the name of a new or existing rule. The maximum length is 63 characters.

To display the list of existing policies, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999.

No default.

host-status {enable | disable}

Specify enable to require that the Host: field of the HTTP request match a protected host names entry in order to match the exception. Also specify a value for host.

disable

host "<host_str>"

Specify which protected host names entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the exception.

Maximum length is 256 characters.

This option is available only if the value of host-status {enable | disable} is enabled.

No default.

url-type {plain | regular}

Specify the type of value that is used for url-patten "<url-pattern_str>":

  • plain—A literal URL.
  • regular — A regular expression designed to match multiple URLs.
plain

url-patten "<url-pattern_str>"

If the value of url-type {plain | regular} is plain, specify the literal URL, such as /index.php, that the HTTP request must contain in order to match the rule. The URL must begin with a slash ( / ).

If the value of url-type is regular, specify a regular expression, such as ^/*.php, that matches all and only the URLs that the rule applies to. The pattern does not require a slash ( / ); however, it must match URLs that begin with a slash, such as /index.cfm.

Do not include the domain name, such as www.example.com, which is specified by host.

Maximum length is 256 characters.

Tip: Generally, URLs that require autolearning adapters do not work well with caching either. Do not cache dynamic URLs that contain variables such as user names (e.g. older versions of Microsoft OWA) or volatile data such as parameters. Because FortiWeb is unlikely to receive identical subsequent requests for them, dynamic URLs can rapidly consume cache without improving performance.

No default.

cookie-name "<cookie-name_str>"

Specify the name of the cookie, such as sessionid, as it appears in the Cookie: HTTP header.

Maximum length is 127 characters.

Tip: Content that is unique to a user, such as personalized pages that appear after a person has logged in, usually should not be cached. If the web application’s authentication is cookie-based, configure this setting with the name of the authentication cookie. Otherwise, if it is parameter-based, configure the exception with a URL pattern that matches the authentication ID parameter.

No default.

Related topics

waf web-cache-exception

Use this command to configure FortiWeb to cache responses from your servers.

Use web-cache-exception to cache all URLs except for a few. To cache only a few URLs, see .

To apply this policy, include it in an inline protection profile. For details, see waf web-protection-profile inline-protection.

To use this command, your administrator account’s access control profile must have either w or rw permission to the wafgrp area. For details, see Permissions.

Syntax

config waf web-cache-exception

edit "<web-cache-exception_rule_name>"

config exception-list

edit <entry_index>

set host-status {enable | disable}

set host "<host_str>"

set url-type {plain | regular}

set url-patten "<url-pattern_str>"

set cookie-name "<cookie-name_str>"

end

next

end

Variable Description Default

"<web-cache-exception_rule_name>"

Enter the name of a new or existing rule. The maximum length is 63 characters.

To display the list of existing policies, enter:

edit ?

No default.

<entry_index>

Enter the index number of the individual entry in the table. The valid range is 1–9,999,999,999,999,999,999.

No default.

host-status {enable | disable}

Specify enable to require that the Host: field of the HTTP request match a protected host names entry in order to match the exception. Also specify a value for host.

disable

host "<host_str>"

Specify which protected host names entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the exception.

Maximum length is 256 characters.

This option is available only if the value of host-status {enable | disable} is enabled.

No default.

url-type {plain | regular}

Specify the type of value that is used for url-patten "<url-pattern_str>":

  • plain—A literal URL.
  • regular — A regular expression designed to match multiple URLs.
plain

url-patten "<url-pattern_str>"

If the value of url-type {plain | regular} is plain, specify the literal URL, such as /index.php, that the HTTP request must contain in order to match the rule. The URL must begin with a slash ( / ).

If the value of url-type is regular, specify a regular expression, such as ^/*.php, that matches all and only the URLs that the rule applies to. The pattern does not require a slash ( / ); however, it must match URLs that begin with a slash, such as /index.cfm.

Do not include the domain name, such as www.example.com, which is specified by host.

Maximum length is 256 characters.

Tip: Generally, URLs that require autolearning adapters do not work well with caching either. Do not cache dynamic URLs that contain variables such as user names (e.g. older versions of Microsoft OWA) or volatile data such as parameters. Because FortiWeb is unlikely to receive identical subsequent requests for them, dynamic URLs can rapidly consume cache without improving performance.

No default.

cookie-name "<cookie-name_str>"

Specify the name of the cookie, such as sessionid, as it appears in the Cookie: HTTP header.

Maximum length is 127 characters.

Tip: Content that is unique to a user, such as personalized pages that appear after a person has logged in, usually should not be cached. If the web application’s authentication is cookie-based, configure this setting with the name of the authentication cookie. Otherwise, if it is parameter-based, configure the exception with a URL pattern that matches the authentication ID parameter.

No default.

Related topics