Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Script Reference Guide

    Home FortiWeb 8.0.3 Script Reference Guide
    8.0.3
    8.0.3
    8.0.0
    7.6.0
    7.0.2

    IP commands

    IP commands

    IP commands can be used in HTTP and TCP events.

    ip.addr("ip-string")

    Generate an IP address class with an IP string.

    Syntax
    ip.addr("ip-string")
    Arguments

    Name

    Description

    ip-string

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip_test = ip.addr("1.1.1.1")
}

    ip.eq(ip_class_1, "ip-string")/ ip.eq(ip_class_1, ip_class_2)

    Compare two IP addresses. The first one must be IP address class and the second one can be IP address class or IP string.

    Syntax
    ip.eq(ip_class_1, "ip-string") / ip.eq(ip_class_1, ip_class_2)
    Arguments

    Name

    Description

    ip_class_1

    IP class

    "ip-string" or ip_class_2

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip_1 = ip.addr("1.1.1.1")
    local ip_2 = ip.addr("1.1.1.2")
    debug("are two ips the same %s", ip.eq(ip_1, ip_2))
}

    ip.reputation("ip-string") / ip.reputation(ip_class)

    Check the reputation of a specific IP. Return Lua array with reputation categories. The reputation categories are: "Botnet", "Anonymous Proxy", "Phishing", "Spam", "Others", "Tor"

    If IP string is not a valid IP, return nil.

    Return value example: { "Anonymous Proxy", "Phishing" }

    Syntax
    ip.reputation("ip-string") / ip.reputation(ip_class)
    Arguments

    Name

    Description

    "ip_string" or ip_class

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    debug("check ip reputation %s", ip.reputation("1.1.1.1"))
}

    ip.geo("ip-string") / ip.geo(ip_class)

    Return GEO country name in string. If nothing is found or the IP string is not a valid IP, return nil.

    Syntax
    ip.geo("ip-string") / ip.geo(ip_class)
    Arguments

    Name

    Description

    "ip_string" or ip_class

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    debug("geo of ip %s", ip.geo("1.1.1.1"))
}

    ip.geo_code("ip-string") / ip.geo_code(ip_class)

    Return GEO country code in string. If nothing is found or the IP string is not a valid IP, return nil.

    Syntax
    ip.geo_code("ip-string") / ip.geo_code(ip_class)
    Arguments

    Name

    Description

    "ip_string" or ip_class

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    debug("geo code of ip %s", ip.geo_code ("1.1.1.1"))
}

    IP:local_addr()

    Return IP address class, which is the local address of the connection.

    Syntax
    IP:local_addr()
    Arguments

    N/A

    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:local_addr())
    if ip == "10.10.10.10" then
        debug("local addr equals to 10.10.10.10")
    end
}

    IP:remote_addr()

    Return IP address class, which is the remote address of the connection.

    Syntax
    IP:remote_addr()
    Arguments

    N/A

    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:remote_addr())
    if ip == "10.10.10.10" then
        debug("remote addr equals to 10.10.10.10")
    end
}

    IP:client_addr()

    Return IP address class, which is the client IP address of the stream.

    Syntax
    IP:client_addr()z
    Arguments

    N/A

    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:client_addr())
    if ip == "10.10.10.10" then
        debug("client addr equals to 10.10.10.10")
    end
}

    IP:server_addr()

    Return IP address class, which is the server IP address of the stream. If server is not connected, return nil.

    Syntax
    IP:server_addr()
    Arguments

    N/A

    Events

    Applicable in all events, except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:server_addr())
    if ip == "10.10.10.10" then
        debug("server addr equals to 10.10.10.10")
    end
}

    IP:version()

    Return the IP version of the connection.

    Syntax
    IP:version()
    Arguments

    N/A

    Events

    Applicable in all events, except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local version = IP:version()
    debug("ip version is %s", version)
}

    tostring(ip_class)

    Support use tostring(IP-class) to convert IP address class to IP string.

    Syntax
    tostring(ip_class)
    Arguments

    Name

    Description

    ip_class

    IP class
    Events

    Applicable in all events, except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:local_addr())
}
    Previous
    Next

    IP commands

    IP commands

    IP commands can be used in HTTP and TCP events.

    ip.addr("ip-string")

    Generate an IP address class with an IP string.

    Syntax
    ip.addr("ip-string")
    Arguments

    Name

    Description

    ip-string

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip_test = ip.addr("1.1.1.1")
}

    ip.eq(ip_class_1, "ip-string")/ ip.eq(ip_class_1, ip_class_2)

    Compare two IP addresses. The first one must be IP address class and the second one can be IP address class or IP string.

    Syntax
    ip.eq(ip_class_1, "ip-string") / ip.eq(ip_class_1, ip_class_2)
    Arguments

    Name

    Description

    ip_class_1

    IP class

    "ip-string" or ip_class_2

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip_1 = ip.addr("1.1.1.1")
    local ip_2 = ip.addr("1.1.1.2")
    debug("are two ips the same %s", ip.eq(ip_1, ip_2))
}

    ip.reputation("ip-string") / ip.reputation(ip_class)

    Check the reputation of a specific IP. Return Lua array with reputation categories. The reputation categories are: "Botnet", "Anonymous Proxy", "Phishing", "Spam", "Others", "Tor"

    If IP string is not a valid IP, return nil.

    Return value example: { "Anonymous Proxy", "Phishing" }

    Syntax
    ip.reputation("ip-string") / ip.reputation(ip_class)
    Arguments

    Name

    Description

    "ip_string" or ip_class

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    debug("check ip reputation %s", ip.reputation("1.1.1.1"))
}

    ip.geo("ip-string") / ip.geo(ip_class)

    Return GEO country name in string. If nothing is found or the IP string is not a valid IP, return nil.

    Syntax
    ip.geo("ip-string") / ip.geo(ip_class)
    Arguments

    Name

    Description

    "ip_string" or ip_class

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    debug("geo of ip %s", ip.geo("1.1.1.1"))
}

    ip.geo_code("ip-string") / ip.geo_code(ip_class)

    Return GEO country code in string. If nothing is found or the IP string is not a valid IP, return nil.

    Syntax
    ip.geo_code("ip-string") / ip.geo_code(ip_class)
    Arguments

    Name

    Description

    "ip_string" or ip_class

    A string which specifies the IP address or IP class
    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    debug("geo code of ip %s", ip.geo_code ("1.1.1.1"))
}

    IP:local_addr()

    Return IP address class, which is the local address of the connection.

    Syntax
    IP:local_addr()
    Arguments

    N/A

    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:local_addr())
    if ip == "10.10.10.10" then
        debug("local addr equals to 10.10.10.10")
    end
}

    IP:remote_addr()

    Return IP address class, which is the remote address of the connection.

    Syntax
    IP:remote_addr()
    Arguments

    N/A

    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:remote_addr())
    if ip == "10.10.10.10" then
        debug("remote addr equals to 10.10.10.10")
    end
}

    IP:client_addr()

    Return IP address class, which is the client IP address of the stream.

    Syntax
    IP:client_addr()z
    Arguments

    N/A

    Events

    Applicable in all events except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:client_addr())
    if ip == "10.10.10.10" then
        debug("client addr equals to 10.10.10.10")
    end
}

    IP:server_addr()

    Return IP address class, which is the server IP address of the stream. If server is not connected, return nil.

    Syntax
    IP:server_addr()
    Arguments

    N/A

    Events

    Applicable in all events, except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:server_addr())
    if ip == "10.10.10.10" then
        debug("server addr equals to 10.10.10.10")
    end
}

    IP:version()

    Return the IP version of the connection.

    Syntax
    IP:version()
    Arguments

    N/A

    Events

    Applicable in all events, except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local version = IP:version()
    debug("ip version is %s", version)
}

    tostring(ip_class)

    Support use tostring(IP-class) to convert IP address class to IP string.

    Syntax
    tostring(ip_class)
    Arguments

    Name

    Description

    ip_class

    IP class
    Events

    Applicable in all events, except RULE_INIT and RULE_EXIT.

    Example
    when HTTP_REQUEST {
    local ip = tostring(IP:local_addr())
}
    Previous
    Next