Fortinet black logo

Handbook

Home FortiADC 7.4.3 Handbook

Events and actions

7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.6
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1.0
6.0.1
6.0.0
5.4.3
5.4.2
5.4.1
5.4.0
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.1
5.3.0
5.2.7
Copy Link
Copy Doc ID 452adf09-f14a-11ee-8c42-fa163e15d75b:740070
Download PDF

Events and actions

Scripts are associated with a particular virtual server, and they are event-driven. A script is triggered when the associated virtual server receives an HTTP request or response. Then, it does the programmed action.

You can set different script priorities when you run multiple scripts at once. See Prioritize scripts for more information.

Script events and actions provides the syntax, usage, and examples of the predefined commands that are useful for writing scripts.

Script events and actions
Event/Action Description
Event
HTTP_REQUEST The virtual server receives a complete HTTP request header.
HTTP_RESPONSE The virtual server receives a complete HTTP response header.
RULE_INIT The event is used to initialize global or static variables used within a script. It is triggered when a script is added or modified, or when the device starts up, or when the software is restarted.
VS_LISTENER_BIND The virtual server tries to bind.
SERVER_BEFORE_CONNECT The virtual server is going to connect to the backend real server.
SERVER_CONNECTED The HTTP proxy deems that the backend real server is connected.
AUTH_RESULT The authentication (HTML Form / HTTP-basic) is done.
HTTP_RESPONSE_CONTINUE Triggered immediately when the system receives a 100 continue response from the server.
HTTP_DATA_REQUEST Triggered whenever an HTTP:collect command finishes processing, after collecting the requested amount of data.
HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server.
HTTP_DATA_RESPONSE

Triggered when an HTTP:collect command finishes processing on the server side of a connection.
CLIENTSSL_HANDSHAKE The virtual server receives a complete HTTPS handshake on the client side.
SERVERSSL_HANDSHAKE FortiADC receives a complete HTTPS handshake on the server side.
CLIENTSSL_RENEGOTIATE The virtual server receives a re-connection request from a peer.
SERVERSSL_RENEGOTIATE FortiADC sends a re-connection request to a peer.
TCP_ACCEPTED The virtual server receives a complete TCP connection.
TCP_CLOSED The virtual server close a TCP connection.

PERSISTENCE

Event hook inside process_sticking_rules() in httproxy.

POST_PERSIST

Event hook after LB is done and assigns real server according to ADC method.

WAF_REQUEST_BEFORE_SCAN

Event hook before the WAF_SCAN_STAGE_REQ_HEADER starts. If WAF function is not enabled on VS, then this will not be triggered.

WAF_RESPONSE_BEFORE_SCAN

Event hook before the WAF_SCAN_STAGE_RES_HEADER starts. If WAF function is not enabled on VS, then this will not be triggered.

WAF_REQUEST_ATTACK_DETECTED

Event hook after all request stages when there are attacks detected (violation). If WAF function is not enabled on VS, then this will not be triggered. If WAF module does not detect any violations, then this will not be triggered.

WAF_RESPONSE_ATTACK_DETECTED

Event hook after all response stages when there are attacks detected (violation). If WAF function is not enabled on VS, then this will not be triggered. If WAF module does not detect any violations, then this will not be triggered.

SERVER_CLOSED

When Httproxy is going to terminate the backend real server connection.

COOKIE_BAKE

When FortiADC is done baking an authentication cookie.

Allows PROXY commands, MGM commands and AUTH:get_baked_cookie/set_baked_cookie.

The COOKIE_BAKE event can occur after AUTH_RESULT, HTTP_REQUEST, or HTTP_RESPONSE events.

BEFORE_AUTH

The BEFORE_AUTH event triggers right before the authentication is performed to allow the user specified user group to be used instead. The new user group will override the authentication result of the original authentication policy.

HTTP: header_get_names header_get_values header_get_value header_remove header_remove2 header_insert header_replace header_replace2 header_exists header_count version_get version_set redirect_with_cookie redirect_t redirect close disable_event enable_event set_event set_auto disable_auto enable_auto rand_id get_session_id cookie cookie_list cookie_crypto respond method_get method_set uri_get uri_set path_get path_set query_get query_set client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver

LB: routing get_valid_routing get_current_routing method_assign_server

AUTH: set_usergroup realm usergroup host

SSL: renegotiate cert_request get_verify_depth set_verify_depth client_cert peer_cert cert

IP: client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver

MGM: rand_id get_session_id disable_event enable_event set_event set_auto disable_auto enable_auto
Action
in Lua mode An action defined by a Lua script that uses predefined commands and variables to manipulate the HTTP request/response or select a content route.
Previous
Next

Events and actions

Scripts are associated with a particular virtual server, and they are event-driven. A script is triggered when the associated virtual server receives an HTTP request or response. Then, it does the programmed action.

You can set different script priorities when you run multiple scripts at once. See Prioritize scripts for more information.

Script events and actions provides the syntax, usage, and examples of the predefined commands that are useful for writing scripts.

Script events and actions
Event/Action Description
Event
HTTP_REQUEST The virtual server receives a complete HTTP request header.
HTTP_RESPONSE The virtual server receives a complete HTTP response header.
RULE_INIT The event is used to initialize global or static variables used within a script. It is triggered when a script is added or modified, or when the device starts up, or when the software is restarted.
VS_LISTENER_BIND The virtual server tries to bind.
SERVER_BEFORE_CONNECT The virtual server is going to connect to the backend real server.
SERVER_CONNECTED The HTTP proxy deems that the backend real server is connected.
AUTH_RESULT The authentication (HTML Form / HTTP-basic) is done.
HTTP_RESPONSE_CONTINUE Triggered immediately when the system receives a 100 continue response from the server.
HTTP_DATA_REQUEST Triggered whenever an HTTP:collect command finishes processing, after collecting the requested amount of data.
HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server.
HTTP_DATA_RESPONSE

Triggered when an HTTP:collect command finishes processing on the server side of a connection.
CLIENTSSL_HANDSHAKE The virtual server receives a complete HTTPS handshake on the client side.
SERVERSSL_HANDSHAKE FortiADC receives a complete HTTPS handshake on the server side.
CLIENTSSL_RENEGOTIATE The virtual server receives a re-connection request from a peer.
SERVERSSL_RENEGOTIATE FortiADC sends a re-connection request to a peer.
TCP_ACCEPTED The virtual server receives a complete TCP connection.
TCP_CLOSED The virtual server close a TCP connection.

PERSISTENCE

Event hook inside process_sticking_rules() in httproxy.

POST_PERSIST

Event hook after LB is done and assigns real server according to ADC method.

WAF_REQUEST_BEFORE_SCAN

Event hook before the WAF_SCAN_STAGE_REQ_HEADER starts. If WAF function is not enabled on VS, then this will not be triggered.

WAF_RESPONSE_BEFORE_SCAN

Event hook before the WAF_SCAN_STAGE_RES_HEADER starts. If WAF function is not enabled on VS, then this will not be triggered.

WAF_REQUEST_ATTACK_DETECTED

Event hook after all request stages when there are attacks detected (violation). If WAF function is not enabled on VS, then this will not be triggered. If WAF module does not detect any violations, then this will not be triggered.

WAF_RESPONSE_ATTACK_DETECTED

Event hook after all response stages when there are attacks detected (violation). If WAF function is not enabled on VS, then this will not be triggered. If WAF module does not detect any violations, then this will not be triggered.

SERVER_CLOSED

When Httproxy is going to terminate the backend real server connection.

COOKIE_BAKE

When FortiADC is done baking an authentication cookie.

Allows PROXY commands, MGM commands and AUTH:get_baked_cookie/set_baked_cookie.

The COOKIE_BAKE event can occur after AUTH_RESULT, HTTP_REQUEST, or HTTP_RESPONSE events.

BEFORE_AUTH

The BEFORE_AUTH event triggers right before the authentication is performed to allow the user specified user group to be used instead. The new user group will override the authentication result of the original authentication policy.

HTTP: header_get_names header_get_values header_get_value header_remove header_remove2 header_insert header_replace header_replace2 header_exists header_count version_get version_set redirect_with_cookie redirect_t redirect close disable_event enable_event set_event set_auto disable_auto enable_auto rand_id get_session_id cookie cookie_list cookie_crypto respond method_get method_set uri_get uri_set path_get path_set query_get query_set client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver

LB: routing get_valid_routing get_current_routing method_assign_server

AUTH: set_usergroup realm usergroup host

SSL: renegotiate cert_request get_verify_depth set_verify_depth client_cert peer_cert cert

IP: client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver

MGM: rand_id get_session_id disable_event enable_event set_event set_auto disable_auto enable_auto
Action
in Lua mode An action defined by a Lua script that uses predefined commands and variables to manipulate the HTTP request/response or select a content route.
Previous
Next