Fortinet black logo

CLI Reference

waf web-cache-rule

waf web-cache

To improve performance of your back-end network and servers by reducing their traffic and processing load, you can

configure FortiWeb to cache responses from your servers.

Use this command to create web cache rules and policies.

To configure the web caching, you must enable it in system feature-visibility.

Syntax

config waf web-cache-rule

edit "<rule-name_entry>"

set host-status {enable | disable}

set host <host_str>

set path <path_str>

set HTTP-method {get-head | get-head-options | all-methods}

set request-file-type {text | picture | media | binary | other}

set allow-return-code {allow-200 | allow-200-206 | allow-200-206-301-302}

set cache-inactive-time <cache-inactive-time_int>

set inactive-time-type {minutes | hours}

set client-cache-expire <client-cache-expire_int>

set client-cache-expire-type {minutes | hours}

set key-factor {method | protocol | host | url | arguments | cookies}

set enable-client-expire {enable | disable}

set policy-id <entry_index>

config cookie-name-list

edit <cookie-name-list_id>

set cookie-name "<cookie-name_str>"

end

config bypass-sub-url

edit "<bypass-sub-url_id>"

set HTTP-method {get | post | head | options | trace | connect | delete | put | patch | any}

set type {plain | regular}

set url-expression <url-expression_str>

set enable-bypass-args {enable | disable}

set bypass-args <bypass-args_str>

set enable-bypass-cookies {enable | disable}

set bypass-cookies <bypass-cookies_str>

end

next

end

config waf web-cache-policy

edit "<web-cache-policy_name>"

next

end



Variable Description Default
"<rule-name_entry>" Enter a 40-character string for the name, for example e1947036-a1fa-489e-8434-c8a401a75f78. No default.
host-status {enable | disable} Enable to require that the Host: field of the HTTP request match a protected host names entry in order to match the web cache rule. Also configure host <host_str>. No default.

host <host_str>

Select which protected host names entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the web cache rule.

No default.

path <path_str>

Enter a path for your web pages, for example /test, a prefix of a set of URLs.

No default.

HTTP-method {get-head | get-head-options | all-methods}

Select whether to cache the response contents according to the HTTP method you use.

get-head

request-file-type {text | picture | media | binary | other}

Select whether to cache the response contents according to the content type.

All values

allow-return-code {allow-200 | allow-200-206 | allow-200-206-301-302}

Select whether to cache the response contents according to the response code.

200

cache-inactive-time <cache-inactive-time_int>

Specify a timeout threshold that the cache becomes invalid and needs to be refreshed. After the timeout, the cached web contents will be removed automatically.

60 minutes

inactive-time-type {minutes | hours}

Select the time unit for the cache inactive time.

minutes

client-cache-expire <client-cache-expire_int>

Enter a period specified by max-age so that if the client requests the same contents again in the period, the client can obtain the web content from local cache directly.

60 minutes

client-cache-expire-type {minutes | hours}

Select the time unit for the cache expiration time.

minutes

key-factor {method | protocol | host | url | arguments | cookies}

Select the protocol variable that you want to use to generate the cache key.

All values except cookies.

enable-client-expire {enable | disable}

Enable to clear the cache based on the specified period.

disable

policy-id <entry_index>

Enter the ID of the server policy that has enabled this web cache.

disable

"<cookie-name-list_id>"

Enter the cookie name ID if you specify cookie in key-factor {method | protocol | host | url | arguments | cookies}

cookie-name "<cookie-name_str>"

Enter a cookie name related to the ID.

No default.

"<bypass-sub-url_id>"

Enter the bypass sub URL list ID.

No default.

HTTP-method {get | post | head | options | trace | connect | delete | put | patch | any}

Select the HTTP method in which the request sub URL is included.

No default.

type {plain | regular}

Select whether the url-expression <url-expression_str> field must contain either:

  • plain—The field is a string that the request sub URLmust match exactly.
  • regular—The field is a regular expression that defines a set of matching sub URLs.

plain

url-expression <url-expression_str>

Depending on your selection in type {plain | regular}, enter either:

  • The literal URL, such as /index.php, that the HTTP request must contain in order to match the web cache rule. The URL must begin with a slash ( / ).
  • A regular expression, such as ^/*.php, matching all and only the URLs to which the web cache rule should apply. The pattern is not required to begin with a slash ( / ). However, it must at least match URLs that begin with a slash, such as /index.cfm.

Note: Regular expressions beginning with an exclamation point ( ! ) are not supported. For information on language and regular expression matching, see the FortiWeb Administration Guide:

HTTPs://docs.fortinet.com/fortiweb/admin-guides

No default.

enable-bypass-args {enable | disable}

Enable this option so that the request matches the bypass URL only when the request brings the specific arguments.

bypass-args <bypass-args_str>

Enter the bypass arguments.

No default.

enable-bypass-cookies {enable | disable}

Enable this option so that the request matches the bypass URL only when the request brings the specific cookies.

disable

bypass-cookies <bypass-cookies_str>

Enter the bypass arguments.

No default.

"<web-cache-policy_name>"

Enter the server policy ID as the cache policy name.

No default.

Related topics

waf web-cache

To improve performance of your back-end network and servers by reducing their traffic and processing load, you can

configure FortiWeb to cache responses from your servers.

Use this command to create web cache rules and policies.

To configure the web caching, you must enable it in system feature-visibility.

Syntax

config waf web-cache-rule

edit "<rule-name_entry>"

set host-status {enable | disable}

set host <host_str>

set path <path_str>

set HTTP-method {get-head | get-head-options | all-methods}

set request-file-type {text | picture | media | binary | other}

set allow-return-code {allow-200 | allow-200-206 | allow-200-206-301-302}

set cache-inactive-time <cache-inactive-time_int>

set inactive-time-type {minutes | hours}

set client-cache-expire <client-cache-expire_int>

set client-cache-expire-type {minutes | hours}

set key-factor {method | protocol | host | url | arguments | cookies}

set enable-client-expire {enable | disable}

set policy-id <entry_index>

config cookie-name-list

edit <cookie-name-list_id>

set cookie-name "<cookie-name_str>"

end

config bypass-sub-url

edit "<bypass-sub-url_id>"

set HTTP-method {get | post | head | options | trace | connect | delete | put | patch | any}

set type {plain | regular}

set url-expression <url-expression_str>

set enable-bypass-args {enable | disable}

set bypass-args <bypass-args_str>

set enable-bypass-cookies {enable | disable}

set bypass-cookies <bypass-cookies_str>

end

next

end

config waf web-cache-policy

edit "<web-cache-policy_name>"

next

end



Variable Description Default
"<rule-name_entry>" Enter a 40-character string for the name, for example e1947036-a1fa-489e-8434-c8a401a75f78. No default.
host-status {enable | disable} Enable to require that the Host: field of the HTTP request match a protected host names entry in order to match the web cache rule. Also configure host <host_str>. No default.

host <host_str>

Select which protected host names entry (either a web host name or IP address) that the Host: field of the HTTP request must be in to match the web cache rule.

No default.

path <path_str>

Enter a path for your web pages, for example /test, a prefix of a set of URLs.

No default.

HTTP-method {get-head | get-head-options | all-methods}

Select whether to cache the response contents according to the HTTP method you use.

get-head

request-file-type {text | picture | media | binary | other}

Select whether to cache the response contents according to the content type.

All values

allow-return-code {allow-200 | allow-200-206 | allow-200-206-301-302}

Select whether to cache the response contents according to the response code.

200

cache-inactive-time <cache-inactive-time_int>

Specify a timeout threshold that the cache becomes invalid and needs to be refreshed. After the timeout, the cached web contents will be removed automatically.

60 minutes

inactive-time-type {minutes | hours}

Select the time unit for the cache inactive time.

minutes

client-cache-expire <client-cache-expire_int>

Enter a period specified by max-age so that if the client requests the same contents again in the period, the client can obtain the web content from local cache directly.

60 minutes

client-cache-expire-type {minutes | hours}

Select the time unit for the cache expiration time.

minutes

key-factor {method | protocol | host | url | arguments | cookies}

Select the protocol variable that you want to use to generate the cache key.

All values except cookies.

enable-client-expire {enable | disable}

Enable to clear the cache based on the specified period.

disable

policy-id <entry_index>

Enter the ID of the server policy that has enabled this web cache.

disable

"<cookie-name-list_id>"

Enter the cookie name ID if you specify cookie in key-factor {method | protocol | host | url | arguments | cookies}

cookie-name "<cookie-name_str>"

Enter a cookie name related to the ID.

No default.

"<bypass-sub-url_id>"

Enter the bypass sub URL list ID.

No default.

HTTP-method {get | post | head | options | trace | connect | delete | put | patch | any}

Select the HTTP method in which the request sub URL is included.

No default.

type {plain | regular}

Select whether the url-expression <url-expression_str> field must contain either:

  • plain—The field is a string that the request sub URLmust match exactly.
  • regular—The field is a regular expression that defines a set of matching sub URLs.

plain

url-expression <url-expression_str>

Depending on your selection in type {plain | regular}, enter either:

  • The literal URL, such as /index.php, that the HTTP request must contain in order to match the web cache rule. The URL must begin with a slash ( / ).
  • A regular expression, such as ^/*.php, matching all and only the URLs to which the web cache rule should apply. The pattern is not required to begin with a slash ( / ). However, it must at least match URLs that begin with a slash, such as /index.cfm.

Note: Regular expressions beginning with an exclamation point ( ! ) are not supported. For information on language and regular expression matching, see the FortiWeb Administration Guide:

HTTPs://docs.fortinet.com/fortiweb/admin-guides

No default.

enable-bypass-args {enable | disable}

Enable this option so that the request matches the bypass URL only when the request brings the specific arguments.

bypass-args <bypass-args_str>

Enter the bypass arguments.

No default.

enable-bypass-cookies {enable | disable}

Enable this option so that the request matches the bypass URL only when the request brings the specific cookies.

disable

bypass-cookies <bypass-cookies_str>

Enter the bypass arguments.

No default.

"<web-cache-policy_name>"

Enter the server policy ID as the cache policy name.

No default.

Related topics