Global commands
rand()
Generates a random number, returns an integer value between 0 and RAND_MAX(2^31-1).
Syntax
rand()
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local rand_num = rand()
debug("rand_num=%d\n",rand_num)
}
time()
Returns the current time as an integer, in Unix time format.
Syntax
time()
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local now = time()
debug("time now = %d\n", now)
}
time_ms()
Returns the current time in million seconds, in Unix time format
Syntax
time_ms()
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local now_ms = time_ms()
debug("time now in million seconds = %d\n", now_ms)
}
ctime()
Returns the current time as a string, For instance Thu Apr 15 09:01:46 2024 CST +0800
Syntax
ctime()
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local now_str = ctime()
debug("time now in string format: %s\n", now_str)
}
md5(msg)
Calculates the MD5 hash of a given string input and returns the result as a string.
Syntax
md5(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events
Example
The following is a helper function to convert byte string into hex representation.
function bytes2hex(bytestr)
local hexString = ""
for i = 1, string.len(bytestr) do
hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
end
return hexString
end
when HTTP_REQUEST {
local md5_encrypted = md5_str("123")
debug("length of md5_encrypted is %d \n", string.len(md5_encrypted))
debug("encrypted md5 of string 123 is: %s\n", bytes2hex(md5_encrypted))
}
md5_hex_str(msg)
Calculates the hex representation of the MD5 of a string, and returns the result as a string.
Syntax
md5_hex_str(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events
Example
when HTTP_REQUEST {
local md5_encrypted_hex = md5_hex_str("123")
debug("encrypted md5 of string 123 in hex representation is: %s\n", md5_encrypted_hex)
}
sha1_str(msg)
Calculates the SHA1 of a string input, and returns the result as a string.
Syntax
sha1_str(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events.
Example
The following is a helper function to convert byte string into hex representation.
function bytes2hex(bytestr)
local hexString = ""
for i = 1, string.len(bytestr) do
hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
end
return hexString
end
when HTTP_REQUEST {
local sha1_123 = sha1_str("123")
debug("length of sha1_123 is %d \n", string.len(sha1_123))
debug("encrypted sha1 of string 123 is: %s\n", bytes2hex(sha1_123))
}
sha1_hex_str(msg)
Calculates the hex representation of SHA1 of a string input, and returns the result as a string.
Syntax
sha1_hex_str(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local sha1_123_hex = sha1_hex_str("123")
debug("encrypted sha1 of string 123 in hex representation is: %s\n", sha1_123_hex)
}
sha256_str(msg)
Calculates the SHA256 of a string input, and returns the result as a string.
Syntax
Sha256_str(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events.
Examples
The following is a helper function to convert byte string into hex representation.
function bytes2hex(bytestr)
local hexString = ""
for i = 1, string.len(bytestr) do
hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
end
return hexString
end
when HTTP_REQUEST {
local sha256_123 = sha256_str("123")
debug("length of sha256_123 is %d \n", string.len(sha256_123))
debug("encrypted sha256 of string 123 is: %s\n", bytes2hex(sha256_123))
}
sha256_hex_str(msg)
Calculates the hex representation of SHA256 of a string input, and return the result as a string.
Syntax
Sha256_hex_str(msg);
Arguments
| Name | Description |
|---|---|
|
msg |
String type message |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local sha256_123_hex = sha256_hex_str("123")
debug("encrypted sha256 of string 123 in hex representation is: %s\n", sha256_123_hex)
}
sha512_str(msg)
Calculates the SHA512 of a string input, and returns the result as a string.
Syntax
sha512_str(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message |
Events
Applicable in all events.
Example
The following is a helper function to convert byte string into hex representation.
function bytes2hex(bytestr)
local hexString = ""
for i = 1, string.len(bytestr) do
hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
end
return hexString
end
when HTTP_REQUEST {
local sha512_123 = sha512_str("123")
debug("length of sha512_123 is %d \n", string.len(sha512_123))
debug("encrypted sha512 of string 123 is: %s\n", bytes2hex(sha512_123))
}
sha512_hex_str(msg)
Calculates the hex representation of SHA512 of a string input and returns the result in string representation.
Syntax
sha512_hex_str(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local sha512_123_hex = sha512_hex_str("123")
debug("encrypted sha512 of string 123 in hex representation is: %s\n", sha512_123_hex)
}
base64_enc(msg)
Encodes a string input in base64 and outputs the results in string format.
Syntax
base64_enc(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local b64_msg = base64_enc("https://www.base64encode.org/")
debug("base64 encoded message is: %s\n", b64_msg)
}
base64_dec(msg)
Decodes a base64 encoded string input and outputs the results in string format.
Syntax
base64_dec(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local b64_msg = base64_enc("https://www.base64encode.org/")
debug("base64 encoded message is: %s\n", b64_msg)
local b64_dec_msg = base64_dec(b64_msg)
debug("base64 decoded message is: %s\n", b64_dec_msg)
}
base32_enc(msg)
Encodes a string input in base32 and outputs the results in string format.
Syntax
base32_enc(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local b32_msg = base32_enc("https://www.base64encode.org/")
debug("base32 encoded message is: %s\n", b32_msg)
}
base32_dec(msg)
Decodes a base32 encoded string input and outputs the results in string format.
Syntax
base32_dec(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
String type message. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local b32_msg = base32_enc("https://www.base64encode.org/")
debug("base32 encoded message is: %s\n", b32_msg)
local b32_dec_msg = base32_dec(b32_msg)
debug("base32 decoded message is: %s\n", b32_dec_msg)
}
htonl(msg)
Converts a long integer input into network byte order.
Syntax
htonl(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
Long integer. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local network_a = htonl(32)
debug("htonl of 32 is: %s\n", network_a)
}
htons(msg)
Converts a short integer input into network byte order.
Syntax
htons(input_msg)
Arguments
| Name | Description |
|---|---|
|
msg |
Short integer. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local network_a_short = htons(32)
debug("htons of 32 is: %s\n", network_a_short)
}
ntohl(msg)
Converts a long integer input into host byte order. Keep in mind, htonl(ntohl(x)) == x.
Syntax
ntohl(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
Long integer. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local network_a = htonl(32)
debug("htonl of 32 is: %s\n", network_a)
local host_a = ntohl(network_a)
debug("ntohl of network_a is: %s\n", host_a)
}
ntohs(msg)
Converts a short integer input into host byte order.
Syntax
ntohs(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
Short integer message. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local network_a_short = htons(32)
debug("htons of 32 is: %s\n", network_a_short)
local host_a_short = ntohs(network_a_short)
debug("ntohs of network_a_short is: %s\n", host_a_short)
}
to_hex(msg)
Converts a string to its hex representation.
Syntax
to_hex(msg)
Arguments
| Name | Description |
|---|---|
|
msg |
Short integer message. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local hexit = to_hex("it")
debug("hexit is: %s\n", hexit)
}
crc32(input_msg)
Returns the crc32 check value of the string, return value is the crc32 code.
Syntax
crc32(input_msg)Arguments
| Name | Description |
|---|---|
|
input_msg |
Short integer. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local crc32_code = crc32("123456789")
debug("CRC 32 code is: %d\n", crc32_code)
}
key_gen(pass, salt, iter, key_len)
Derives an AES key from a password using a salt and iteration count as specified in RFC 2898 (Password-Based Key Derivation Function 2 with HMAC-SHA256).
Syntax
key_gen(pass, salt, iter, key_len)
Arguments
| Name | Description |
|---|---|
|
pass |
A string type password. |
|
salt |
A string type salt. |
|
iter |
Integer type iteration count. |
|
key_len |
Integer type key length. |
Events
Applicable in all events.
Example
The following is a helper function to convert byte string into hex representation.
function bytes2hex(bytestr)
local hexString = ""
for i = 1, string.len(bytestr) do
hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
end
return hexString
end
when HTTP_REQUEST {
local new_key = key_gen("pass", "salt", 32, 32)
debug("new key is %s\n", bytes2hex(new_key))
}
aes_enc(msg, key, key_size)
Encrypts a string using AES algorithm.
Syntax
aes_enc(msg, key, key_size)
Arguments
| Name | Description |
|---|---|
|
msg |
A string type message. |
|
key |
A string type key. |
|
key_size |
Integer type key size. |
Events
Applicable in all events.
Example
The following is a helper function to convert byte string into hex representation.
when HTTP_REQUEST {
local aes_encrypted = aes_enc("msg", "key", 128)
debug("encrypted in hex is %s, after b64 encoding %s\n", to_hex(aes_encrypted), base64_enc(aes_encrypted))
}
aes_dec(msg, key, key_size)
Decrypt a string using AES algorithm.
Syntax
aes_dec (msg, key, key_size)
Arguments
| Name | Description |
|---|---|
|
msg |
A string type message. |
|
key |
A string type key. |
|
key_size |
Integer type key size. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local aes_decrypted = aes_dec("msg", "key", 128);
debug("decrypted msg is %s\n", aes_decrypted)
}
EVP_Digest(alg, msg)
EVP_Digest for one-shot digest calculation.
Syntax
EVP_Digest(alg, msg)
Arguments
| Name | Description |
|---|---|
|
alg |
A string type algorithm. For example, "MD5". |
|
msg |
A string type message. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local evpd = EVP_Digest("MD5", "msg")
debug("the digest in hex is %s\n", bytes2hex(evpd))
}
HMAC(alg, msg, key)
HMAC message authentication code.
Syntax
HMAC(alg, msg, key)
Arguments
| Name | Description |
|---|---|
|
alg |
A string type algorithm. For example, "SHA256". |
|
msg |
A string type message. |
|
key |
A string type key. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local hm = HMAC("SHA256", "msg", "key")
debug("the HMAC in hex is %s\n", bytes2hex(hm))
}
HMAC_verify(alg, data, key, digest)
Checks if the signature is same as the current digest.
Syntax
HMAC_verify(alg, data, key, digest)
Arguments
| Name | Description |
|---|---|
|
alg |
A string type algorithm. For example, "SHA256". |
|
data |
A string type data. |
|
key |
A string type key. |
|
digest |
A string type digest. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local hm = HMAC("SHA256", "msg", "key")
local is_same = HMAC_verify("SHA256", "msg", "key", hm)
if is_same then
debug("HMAC verified\n")
else
debug("HMAC not verified\n")
end
}
rand_hex(input)
Generates a random number in HEX.
Syntax
rand_hex (input)
Arguments
|
Name |
Description |
|---|---|
|
input |
an integer type |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local rand_h = rand_hex(16);
debug("the random hex number is %s\n", rand_h);
}
rand_alphanum(input)
Generates a random alphabet+number sequence.
Syntax
rand_alphanum(input)
Arguments
|
Name |
Description |
|---|---|
|
input |
an integer type |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local alphanumber = rand_alphanum(16);
debug("the alphabet+number sequence is %s\n", alphanumber);
}
rand_seq(input)
Generates a random number sequence.
Syntax
rand_seq(input)
Arguments
|
Name |
Description |
|---|---|
|
input |
an integer type |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local randseq = rand_seq(16);
debug("the random sequence is %s\n", to_hex(randseq));
}
url_encode(input)
Encodes the target URL (Converts URL into a valid ASCII format, will not replace space by "+" sign).
Syntax
url_encode(input)
Arguments
|
Name |
Description |
|---|---|
|
input |
A string type URL. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local encoded_url = url_encode("https://docs.fortinet.com/product/fortiweb/7.4");
debug("the encoded url is %s\n", encoded_url);
}
url_decode(input)
Decodes the encoding-URL into its original URL.
Syntax
url_decode(input)
Arguments
|
Name |
Description |
|---|---|
|
input |
A string type URL. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local decoded_url = url_decode(encoded_url);
debug("the decoded url is %s\n", decoded_url);
}
debug(fmt, ..)
The string will be printed to debug log with level 1.
Syntax
debug(fmt, ..)
Arguments
|
Name |
Description |
|---|---|
|
fmt |
A string type input format. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
debug("This HTTP Request method is %s.\n", HTTP:method())
}
_id
This is the id of the proxyd worker running the lua stack.
Syntax
_id
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
debug("id of the proxyd worker running the lua stack is %s.\n", _id)
}
_name
This is the name of the policy running the lua stack.
Syntax
_name
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
debug("name of the proxyd worker running the lua stack is %s.\n", _name)
}
Return the string of the policy name.
Syntax
policy.name()
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
debug("policy name is %s.\n", policy.name()
}
policy.http_ports()
Return a lua array with all HTTP ports. Port value is integer.
{ 80, 8080 }
Syntax
policy.http_ports()
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
for k,v in pairs(policy.http_ports()) do
debug("http port %s port is %s.\n", k, v)
end
}
policy.https_ports()
Return a lua array with all HTTPS port. Port value is integer.
{ 443, 8443 }
Syntax
policy.https_ports()
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
for k,v in pairs(policy.https_ports()) do
debug("https port %s port is %s.\n", k, v)
end
}
policy.crs()
Return lua array with all content routing names.
{ "cr1", "cr2", "cr3" }
Syntax
policy.crs()
Arguments
N/A
Events
Applicable in all events.
Example
when HTTP_REQUEST {
for k,v in pairs(policy.crs()) do
debug("content routing name %s is %s.\n", k, v)
end
}
policy.servers() / policy.servers("cr-name")
Return lua array with all servers. If the policy has content routing, the caller should pass the "cr-name" argument to fetch the servers of the specific content routing.
Syntax
policy.servers() / policy.servers("cr-name")
Arguments
|
Name |
Description |
|---|---|
|
cr-name |
Optional, string type CR name. If cr-name is missing, all servers will be returned. |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
for k,v in pairs(policy.servers()) do
debug("server %s details are %s.\n", k, v)
end
}
core.debug(level, fmt, ..)
Similar to debug() but allows you to specify the debug log level.
Syntax
core.debug(level, fmt, ..)
Arguments
|
Name |
Description |
|---|---|
|
level |
Debug log level |
|
fmt |
String type input format |
Events
Applicable in all events.
Example
when HTTP_REQUEST {
local host = HTTP:host()
core.debug(6, "host = %s", host)
}