Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Script Reference Guide

    Home FortiWeb 8.0.3 Script Reference Guide
    8.0.3
    8.0.3
    8.0.0
    7.6.0
    7.0.2

    HTTP Data

    HTTP Data

    HTTP:collect()/HTTP:collect(size)

    Instructs FortiWeb to buffer and make available the HTTP request or response body for inspection in subsequent script events. Specifying a partial size can help reduce latency or processing overhead when only a small portion of the body is needed to make decisions. When partial collection is used, the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event is triggered as soon as the specified number of bytes is available.

    Syntax
    HTTP:collect/HTTP:collect(size)
    Arguments

    Name

    Description
    size 
    The number of bytes to collect from the HTTP body.

    • If omitted or set to -1, FortiWeb will collect up to the full length of the body, or until the maximum cached length is reached.

    • If a positive integer is specified, FortiWeb will collect that many bytes before triggering the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event.

    • This enables partial body inspection and early triggering of body processing logic.
    Events

    Applicable in HTTP_REQUEST, HTTP_RESPONSE.

    Examples

    Full Body Collection

    when HTTP_REQUEST {
    if HTTP:header(“content-type”) == text/css
        HTTP::collect()
    end
}
when HTTP_DATA_REQUEST {
    local body_str = HTTP:body()
    debug("body = %s", body_str)
}

    Partial Body Collection

    when HTTP_REQUEST {
    HTTP:collect(32)  -- collect first 32 bytes of the body
}

when HTTP_DATA_REQUEST {
    local body_sample = HTTP:body(0, 32)
    if body_sample then 
        debug("partial collect body information, partial body = %s", body sample)
    end
}

    • Specifying a partial size can help reduce latency or processing overhead when only a small portion of the body is needed to make decisions.

    • When partial collection is used, the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event is triggered as soon as the specified number of bytes is available.

    • This function is often used in conjunction with:

      • HTTP:body(offset, size)

      • debug() logging

    HTTP:body(offset, size)

    The HTTP body will be returned.

    Syntax

    HTTP:body(offset, size)

    Arguments

    Name

    Description

    offset

    Optional; if offset is missing, it will be set as zero.
    size 
    The number of bytes to collect from the HTTP body.

    • If omitted or set to -1, FortiWeb will collect up to the full length of the body, or until the maximum cached length is reached.

    • If a positive integer is specified, FortiWeb will collect that many bytes before triggering the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event.

    • This enables partial body inspection and early triggering of body processing logic.
    Events

    Applicable in HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE.

    Example
    when HTTP_REQUEST {
    HTTP:collect()
}
--This function will change "username:test" to "username:Test"
function username_first_char_uppercase(str)
    local str1 = str:sub(1, 9)
    local str2 = str:sub(10, 10)
    str2 = str2:upper()
    local str3 = str:sub(11, -1)
    return str1..str2..str3
end

when HTTP_DATA_REQUEST {
    local body_str = HTTP:body(0, 16)
    local body_new = body_str:gsub("username:[A-Za-z][A-Za-z0-9_]+", username_first_char_uppercase)
    debug("body old = %s, body new = %s\n", body_str, body_new)
    HTTP:set_body(body_new, 0, 16)
}

    HTTP:set_body(body, offset, size)

    Set body at target place, return true/false based on the result

    Syntax
    HTTP:set_body(body, offset, size)
    Arguments

    Name

    Description

    body

    String type HTTP body.

    offset

    Optional; if offset is missing, it will be set as zero.
    size 
    The number of bytes to collect from the HTTP body.

    • If omitted or set to -1, FortiWeb will collect up to the full length of the body, or until the maximum cached length is reached.

    • If a positive integer is specified, FortiWeb will collect that many bytes before triggering the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event.

    • This enables partial body inspection and early triggering of body processing logic.
    Events

    Applicable in HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE.

    Example
    when HTTP_REQUEST {
    HTTP:collect()
}
--This function will change "username:test" to "username:Test"
function username_first_char_uppercase(str)
    local str1 = str:sub(1, 9)
    local str2 = str:sub(10, 10)
    str2 = str2:upper()
    local str3 = str:sub(11, -1)
    return str1..str2..str3
end

when HTTP_DATA_REQUEST {
    local body_str = HTTP:body(0, 16)
    local body_new = body_str:gsub("username:[A-Za-z][A-Za-z0-9_]+", username_first_char_uppercase)
    debug("body old = %s, body new = %s\n", body_str, body_new) 
    HTTP:set_body(body_new, 0, 16)
}
    Previous
    Next

    HTTP Data

    HTTP Data

    HTTP:collect()/HTTP:collect(size)

    Instructs FortiWeb to buffer and make available the HTTP request or response body for inspection in subsequent script events. Specifying a partial size can help reduce latency or processing overhead when only a small portion of the body is needed to make decisions. When partial collection is used, the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event is triggered as soon as the specified number of bytes is available.

    Syntax
    HTTP:collect/HTTP:collect(size)
    Arguments

    Name

    Description
    size 
    The number of bytes to collect from the HTTP body.

    • If omitted or set to -1, FortiWeb will collect up to the full length of the body, or until the maximum cached length is reached.

    • If a positive integer is specified, FortiWeb will collect that many bytes before triggering the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event.

    • This enables partial body inspection and early triggering of body processing logic.
    Events

    Applicable in HTTP_REQUEST, HTTP_RESPONSE.

    Examples

    Full Body Collection

    when HTTP_REQUEST {
    if HTTP:header(“content-type”) == text/css
        HTTP::collect()
    end
}
when HTTP_DATA_REQUEST {
    local body_str = HTTP:body()
    debug("body = %s", body_str)
}

    Partial Body Collection

    when HTTP_REQUEST {
    HTTP:collect(32)  -- collect first 32 bytes of the body
}

when HTTP_DATA_REQUEST {
    local body_sample = HTTP:body(0, 32)
    if body_sample then 
        debug("partial collect body information, partial body = %s", body sample)
    end
}

    • Specifying a partial size can help reduce latency or processing overhead when only a small portion of the body is needed to make decisions.

    • When partial collection is used, the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event is triggered as soon as the specified number of bytes is available.

    • This function is often used in conjunction with:

      • HTTP:body(offset, size)

      • debug() logging

    HTTP:body(offset, size)

    The HTTP body will be returned.

    Syntax

    HTTP:body(offset, size)

    Arguments

    Name

    Description

    offset

    Optional; if offset is missing, it will be set as zero.
    size 
    The number of bytes to collect from the HTTP body.

    • If omitted or set to -1, FortiWeb will collect up to the full length of the body, or until the maximum cached length is reached.

    • If a positive integer is specified, FortiWeb will collect that many bytes before triggering the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event.

    • This enables partial body inspection and early triggering of body processing logic.
    Events

    Applicable in HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE.

    Example
    when HTTP_REQUEST {
    HTTP:collect()
}
--This function will change "username:test" to "username:Test"
function username_first_char_uppercase(str)
    local str1 = str:sub(1, 9)
    local str2 = str:sub(10, 10)
    str2 = str2:upper()
    local str3 = str:sub(11, -1)
    return str1..str2..str3
end

when HTTP_DATA_REQUEST {
    local body_str = HTTP:body(0, 16)
    local body_new = body_str:gsub("username:[A-Za-z][A-Za-z0-9_]+", username_first_char_uppercase)
    debug("body old = %s, body new = %s\n", body_str, body_new)
    HTTP:set_body(body_new, 0, 16)
}

    HTTP:set_body(body, offset, size)

    Set body at target place, return true/false based on the result

    Syntax
    HTTP:set_body(body, offset, size)
    Arguments

    Name

    Description

    body

    String type HTTP body.

    offset

    Optional; if offset is missing, it will be set as zero.
    size 
    The number of bytes to collect from the HTTP body.

    • If omitted or set to -1, FortiWeb will collect up to the full length of the body, or until the maximum cached length is reached.

    • If a positive integer is specified, FortiWeb will collect that many bytes before triggering the HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE event.

    • This enables partial body inspection and early triggering of body processing logic.
    Events

    Applicable in HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE.

    Example
    when HTTP_REQUEST {
    HTTP:collect()
}
--This function will change "username:test" to "username:Test"
function username_first_char_uppercase(str)
    local str1 = str:sub(1, 9)
    local str2 = str:sub(10, 10)
    str2 = str2:upper()
    local str3 = str:sub(11, -1)
    return str1..str2..str3
end

when HTTP_DATA_REQUEST {
    local body_str = HTTP:body(0, 16)
    local body_new = body_str:gsub("username:[A-Za-z][A-Za-z0-9_]+", username_first_char_uppercase)
    debug("body old = %s, body new = %s\n", body_str, body_new) 
    HTTP:set_body(body_new, 0, 16)
}
    Previous
    Next