Fortinet black logo

XML Reference Guide

Web Filter

Web Filter

Web Filter XML configurations are contained in the <webfilter></webfilter> tags.

There are two main sections:

  • General options
  • Configuration elements that affect the whole of the web filtering service.

  • Profiles
  • Defines one or more rules that are applied to network traffic.

<forticlient_configuration>

<webfilter>

<enable_filter>1</enable_filter>

<enabled>1</enabled>

<current_profile>0</current_profile>

<partial_match_host>0</partial_match_host>

<disable_when_managed>0</disable_when_managed>

<max_violations>250</max_violations>

<max_violations_age>7</max_violations_age>

<block_malicious_websites>1</block_malicious_websites>

<bypass_private_ip>1</bypass_private_ip>

<browser_read_time_threshold>180</browser_read_time_threshold>

<https_block_method>0</https_block_method>

<profiles>

<profile>

<id>999</id>

<use_exclusion_list>1</use_exclusion_list>

</profile>

<profile>

<id>0</id>

<cate_ver>6</cate_ver>

<description>deny</description>

<name>deny</name>

<temp_whitelist_timeout>300</temp_whitelist_timeout>

<log_all_urls>1</log_all_urls>

<log_user_initiated_traffic>1</log_user_initiated_traffic>

<categories>

<fortiguard>

<enabled>1</enabled>

<url>fgd1.fortigate.com</url>

<rate_ip_addresses>1</rate_ip_addresses>

<action_when_unavailable>deny</action_when_unavailable>

</fortiguard>

<category>

<id>1</id>

<action>deny</action>

</category>

<category>

<id>2</id>

<action>deny</action>

</category>

<category>

<id>3</id>

<action>deny</action>

</category>

<category>

<id>4</id>

<action>deny</action>

</category>

<category>

<id>5</id>

<action>deny</action>

</category>

</categories>

<urls>

<url>

<address>

<![CDATA[www.777.com]]>

</address>

<type>simple</type>

<action>deny</action>

</url>

<url>

<address>

<![CDATA[www.fortinet.com]]>

</address>

<type>simple</type>

<action>allow</action>

</url>

</urls>

<safe_search>

<enabled>0</enabled>

<search_engines>

<enabled>0</enabled>

</search_engines>

<youtube_education_filter>

<enabled>0</enabled>

<filter_id>

<![CDATA[]]>

</filter_id>

</youtube_education_filter>

</safe_search>

</profile>

</profiles>

</webfilter>

</forticlient_configuration>

The following table provides the XML tags for Web Filter, as well as the descriptions and default values where applicable.

XML Tag

Description

Default Value

<enable_filter>

Enable or disable Web Filtering.

Boolean value: [0 | 1]

1

<enabled>

Enable or disable FortiGuard querying service.

Boolean value: [0 | 1]

1

<current_profile>

Currently selected profile ID (optional). The default is 0 when FortiClient is standalone. If using the advanced configuration on the FortiGate (for Endpoint Control), set this to 1000. The value should always match the <profile><id> selected.

<partial_match_host>

A hostname that is a substring of the specified path is treated as a full match.

Boolean value: [0 | 1]

0

<disable_when_managed>

If set to 1 (true), Web Filtering is disabled when FortiClient is connected to a FortiGate using Endpoint Control.

Boolean: [0 | 1]

<max_violations>

Maximum number of violations stored at any one.

A number from 250 to 5000.

5000

<max_violation_age>

Maximum age in days of a violation record before it is culled.

A number from 1 to 90.

90

<block_malicious_websites>

Configure whether to block web sites with security risk categories (group 5). When this setting is 0, do not block web sites with security risk categories. When this setting is 1, block web sites with security risk categories.

Boolean: [0 | 1]

<bypass_private_ip>

Enable or disable bypassing private IP addresses. This feature is enabled by default.

Boolean: [0 | 1]

1

<browser_read_time_threshold>

Configure the threshold in seconds for web browser to be considered idle. When a web browser is idle more than the threshold, the web browser is considered idle, and time is not calculated.

90

<https_block_method>

Control how FortiClient behaves when Web Filtering blocks an HTTPS site:

  • If set to 0, displays in-browser as not reachable/unable >to reach, that your connection is not private, or that the >site is not secure.
  • If set to 1, shows a bubble notification to the user. The connection fails/times out.
  • If set to 2, the connection fails/times out with no notification to the user.

0

<fortiguard> elements

<url>

IP address or FQDN of the FortiGuard server.

fgd1.fortigate.com

<enabled>

Enable or disable use of FortiGuard servers.

Boolean value: [0 | 1]

1

<rate_ip_addresses>

Rate IP addresses.

Boolean value: [0 | 1]

1

<action_when_unavailable>

Configure the action to take with all websites when FortiGuard is temporarily unavailable. FortiClient takes the configured action until contact is reestablished with FortiGuard. Available options are:

  • allow: Allow full, unfiltered access to all websites
  • deny: Deny access to any website
  • warn: Display in-browser warning to user, with an option to proceed to the website
  • monitor: Monitor site access

deny

<profiles><profile><safe_search> element

<enabled>

Enable or disable SafeSearch.

Boolean value: [0 | 1]

<profiles><profile><safe_search><search_engines><engine> element

<enabled>

Enable or disable SafeSearch for the predefined search engines.

Boolean value: [0 | 1]

The <profiles> XML element may have one or more profiles, defined in the <profile> tag. Each <profile>, in turn, has one or more <category>, <url> and <safe_search> tags, along with other elements.

The following table provides profile XML tags, the description, and the default value (where applicable).

XML Tag

Description

Default Value

<profile> elements

<id>

Unique ID. A number to define the profile.

<cate_ver>

FortiGuard category version used in this profile. A number.

6

<description>

Summary describing this profile.

<name>

A descriptive name for the profile.

<temp_whitelist_timeout>

The duration, in seconds, of a bypass that is applied to a page that generated a warning, but for which the user selected continue.

300

<log_all_urls>

Configure whether to log all URLs. When this setting is 0, only URLS are logged as specified by per-category or per-URL settings. When this setting is 1, all URLs are logged.

Boolean value: [0 | 1]

<log_user_initiated_traffic>

Configure what traffic to record. When this setting is 0, record all traffic. When this setting is 1, record only traffic initiated by the user.

Boolean value: [0 | 1]

<profile><categories><category> elements

<id>

Unique ID. A number.

The valid set of category IDs is predefined, and is listed in exported configuration files.

<action>

Action to perform on matching network traffic. Select one of the following:

  • allow
  • deny
  • warn
  • monitor

<profile><urls><url> elements

<address>

The web address in which <action> (allow or deny) is performed. This should be wrapped in a CDATA tag. For example:

<![CDATA[www.777.com]]>

<action>

Action to perform on matching network traffic.

Select either: [allow | deny]

The <safe_search> element has two main components:

  • Search engines <search_engines>
  • Users may define safe search parameters for each of the popular search engines: Bing and Yandex. Subsequent use of the engines for web searches have SafeSearch enabled.

  • YouTube education filter <youtube_education_filter>
  • Educational institutions with valid YouTube education ID can provide this in the <youtube_education_filter> element to restrict YouTube contents appropriately.

The following table provides profile XML tags and the description. See the <safe_search> listing in the previous pages for examples of each tag.

XML Tag

Description

Default Value

<profiles><profile><safe_search><search_engines><engine> elements

<name>

Name of the SafeSearch profile.

<host>

The FQDN of the search engine. FortiClient monitors attempts to visit this address.

<url>

The URL substring to match or monitor, along with the FQDN.

<query>

The query string appended to the URL.

<safe_search_string>

The correct safe search string appended to the URL for the specified engine.

<cookie_name>

The name of the cookie to send the search engine.

<cookie_value>

The cookie value to send the search engine.

<profiles><profile><safe_search><youtube_education_filter> elements

<enabled>

Enable YouTube education filter.

Boolean value: [0 | 1]

<filter_id>

The institutions education identifier.

Other than the <name> and <enabled> elements, the values for each of the elements in the previous table should be wrapped in <![CDATA[]]> XML tags. Here is an example for a <host> element taken from the <safe_search> listing.

<host><![CDATA[yandex\..*]]></host>

See Manage your YouTube settings for more information on YouTube for schools and the education filter.

The following is a list of all Web Filter categories including the category <id> and category name:

0 ==> Unrated

1 ==> Drug Abuse

2 ==> Alternative Beliefs

3 ==> Hacking

4 ==> Illegal or Unethical

5 ==> Discrimination

6 ==> Explicit Violence

7 ==> Abortion

8 ==> Other Adult Materials

9 ==> Advocacy Organizations

11 ==> Gambling

12 ==> Extremist Groups

13 ==> Nudity and Risque

14 ==> Pornography

15 ==> Dating

16 ==> Weapons (Sales)

17 ==> Advertising

18 ==> Brokerage and Trading

19 ==> Freeware and Software Downloads

20 ==> Games

23 ==> Web-based Email

24 ==> File Sharing and Storage

25 ==> Streaming Media and Download

26 ==> Malicious Websites

28 ==> Entertainment

29 ==> Arts and Culture

30 ==> Education

31 ==> Finance and Banking

33 ==> Health and Wellness

34 ==> Job Search

35 ==> Medicine

36 ==> News and Media

37 ==> Social Networking

38 ==> Political Organizations

39 ==> Reference

40 ==> Global Religion

41 ==> Search Engines and Portals

42 ==> Shopping

43 ==> General Organizations

44 ==> Society and Lifestyles

46 ==> Sports

47 ==> Travel

48 ==> Personal Vehicles

49 ==> Business

50 ==> Information and Computer Security

51 ==> Government and Legal Organizations

52 ==> Information Technology

53 ==> Armed Forces

54 ==> Dynamic Content

55 ==> Meaningless Content

56 ==> Web Hosting

57 ==> Marijuana

58 ==> Folklore

59 ==> Proxy Avoidance

61 ==> Phishing

62 ==> Plagiarism

63 ==> Sex Education

64 ==> Alcohol

65 ==> Tobacco

66 ==> Lingerie and Swimsuit

67 ==> Sports Hunting and War Games

68 ==> Web Chat

69 ==> Instant Messaging

70 ==> Newsgroups and Message Boards

71 ==> Digital Postcards

72 ==> Peer-to-peer File Sharing

75 ==> Internet Radio and TV

76 ==> Internet Telephony

77 ==> Child Education

78 ==> Real Estate

79 ==> Restaurant and Dining

80 ==> Personal Websites and Blogs

81 ==> Secure Websites

82 ==> Content Servers

83 ==> Child Abuse

84 ==> Web-based Applications

85 ==> Domain Parking

86 ==> Spam URLs

88 ==> Dynamic DNS

89 ==> Auction

90 ==> Newly Observed Domain

91 ==> Newly Registered Domain

92 ==> Charitable Organizations

93 ==> Remote Access

94 ==> Web Analytics

95 ==> Online Meeting

Web Filter

Web Filter XML configurations are contained in the <webfilter></webfilter> tags.

There are two main sections:

  • General options
  • Configuration elements that affect the whole of the web filtering service.

  • Profiles
  • Defines one or more rules that are applied to network traffic.

<forticlient_configuration>

<webfilter>

<enable_filter>1</enable_filter>

<enabled>1</enabled>

<current_profile>0</current_profile>

<partial_match_host>0</partial_match_host>

<disable_when_managed>0</disable_when_managed>

<max_violations>250</max_violations>

<max_violations_age>7</max_violations_age>

<block_malicious_websites>1</block_malicious_websites>

<bypass_private_ip>1</bypass_private_ip>

<browser_read_time_threshold>180</browser_read_time_threshold>

<https_block_method>0</https_block_method>

<profiles>

<profile>

<id>999</id>

<use_exclusion_list>1</use_exclusion_list>

</profile>

<profile>

<id>0</id>

<cate_ver>6</cate_ver>

<description>deny</description>

<name>deny</name>

<temp_whitelist_timeout>300</temp_whitelist_timeout>

<log_all_urls>1</log_all_urls>

<log_user_initiated_traffic>1</log_user_initiated_traffic>

<categories>

<fortiguard>

<enabled>1</enabled>

<url>fgd1.fortigate.com</url>

<rate_ip_addresses>1</rate_ip_addresses>

<action_when_unavailable>deny</action_when_unavailable>

</fortiguard>

<category>

<id>1</id>

<action>deny</action>

</category>

<category>

<id>2</id>

<action>deny</action>

</category>

<category>

<id>3</id>

<action>deny</action>

</category>

<category>

<id>4</id>

<action>deny</action>

</category>

<category>

<id>5</id>

<action>deny</action>

</category>

</categories>

<urls>

<url>

<address>

<![CDATA[www.777.com]]>

</address>

<type>simple</type>

<action>deny</action>

</url>

<url>

<address>

<![CDATA[www.fortinet.com]]>

</address>

<type>simple</type>

<action>allow</action>

</url>

</urls>

<safe_search>

<enabled>0</enabled>

<search_engines>

<enabled>0</enabled>

</search_engines>

<youtube_education_filter>

<enabled>0</enabled>

<filter_id>

<![CDATA[]]>

</filter_id>

</youtube_education_filter>

</safe_search>

</profile>

</profiles>

</webfilter>

</forticlient_configuration>

The following table provides the XML tags for Web Filter, as well as the descriptions and default values where applicable.

XML Tag

Description

Default Value

<enable_filter>

Enable or disable Web Filtering.

Boolean value: [0 | 1]

1

<enabled>

Enable or disable FortiGuard querying service.

Boolean value: [0 | 1]

1

<current_profile>

Currently selected profile ID (optional). The default is 0 when FortiClient is standalone. If using the advanced configuration on the FortiGate (for Endpoint Control), set this to 1000. The value should always match the <profile><id> selected.

<partial_match_host>

A hostname that is a substring of the specified path is treated as a full match.

Boolean value: [0 | 1]

0

<disable_when_managed>

If set to 1 (true), Web Filtering is disabled when FortiClient is connected to a FortiGate using Endpoint Control.

Boolean: [0 | 1]

<max_violations>

Maximum number of violations stored at any one.

A number from 250 to 5000.

5000

<max_violation_age>

Maximum age in days of a violation record before it is culled.

A number from 1 to 90.

90

<block_malicious_websites>

Configure whether to block web sites with security risk categories (group 5). When this setting is 0, do not block web sites with security risk categories. When this setting is 1, block web sites with security risk categories.

Boolean: [0 | 1]

<bypass_private_ip>

Enable or disable bypassing private IP addresses. This feature is enabled by default.

Boolean: [0 | 1]

1

<browser_read_time_threshold>

Configure the threshold in seconds for web browser to be considered idle. When a web browser is idle more than the threshold, the web browser is considered idle, and time is not calculated.

90

<https_block_method>

Control how FortiClient behaves when Web Filtering blocks an HTTPS site:

  • If set to 0, displays in-browser as not reachable/unable >to reach, that your connection is not private, or that the >site is not secure.
  • If set to 1, shows a bubble notification to the user. The connection fails/times out.
  • If set to 2, the connection fails/times out with no notification to the user.

0

<fortiguard> elements

<url>

IP address or FQDN of the FortiGuard server.

fgd1.fortigate.com

<enabled>

Enable or disable use of FortiGuard servers.

Boolean value: [0 | 1]

1

<rate_ip_addresses>

Rate IP addresses.

Boolean value: [0 | 1]

1

<action_when_unavailable>

Configure the action to take with all websites when FortiGuard is temporarily unavailable. FortiClient takes the configured action until contact is reestablished with FortiGuard. Available options are:

  • allow: Allow full, unfiltered access to all websites
  • deny: Deny access to any website
  • warn: Display in-browser warning to user, with an option to proceed to the website
  • monitor: Monitor site access

deny

<profiles><profile><safe_search> element

<enabled>

Enable or disable SafeSearch.

Boolean value: [0 | 1]

<profiles><profile><safe_search><search_engines><engine> element

<enabled>

Enable or disable SafeSearch for the predefined search engines.

Boolean value: [0 | 1]

The <profiles> XML element may have one or more profiles, defined in the <profile> tag. Each <profile>, in turn, has one or more <category>, <url> and <safe_search> tags, along with other elements.

The following table provides profile XML tags, the description, and the default value (where applicable).

XML Tag

Description

Default Value

<profile> elements

<id>

Unique ID. A number to define the profile.

<cate_ver>

FortiGuard category version used in this profile. A number.

6

<description>

Summary describing this profile.

<name>

A descriptive name for the profile.

<temp_whitelist_timeout>

The duration, in seconds, of a bypass that is applied to a page that generated a warning, but for which the user selected continue.

300

<log_all_urls>

Configure whether to log all URLs. When this setting is 0, only URLS are logged as specified by per-category or per-URL settings. When this setting is 1, all URLs are logged.

Boolean value: [0 | 1]

<log_user_initiated_traffic>

Configure what traffic to record. When this setting is 0, record all traffic. When this setting is 1, record only traffic initiated by the user.

Boolean value: [0 | 1]

<profile><categories><category> elements

<id>

Unique ID. A number.

The valid set of category IDs is predefined, and is listed in exported configuration files.

<action>

Action to perform on matching network traffic. Select one of the following:

  • allow
  • deny
  • warn
  • monitor

<profile><urls><url> elements

<address>

The web address in which <action> (allow or deny) is performed. This should be wrapped in a CDATA tag. For example:

<![CDATA[www.777.com]]>

<action>

Action to perform on matching network traffic.

Select either: [allow | deny]

The <safe_search> element has two main components:

  • Search engines <search_engines>
  • Users may define safe search parameters for each of the popular search engines: Bing and Yandex. Subsequent use of the engines for web searches have SafeSearch enabled.

  • YouTube education filter <youtube_education_filter>
  • Educational institutions with valid YouTube education ID can provide this in the <youtube_education_filter> element to restrict YouTube contents appropriately.

The following table provides profile XML tags and the description. See the <safe_search> listing in the previous pages for examples of each tag.

XML Tag

Description

Default Value

<profiles><profile><safe_search><search_engines><engine> elements

<name>

Name of the SafeSearch profile.

<host>

The FQDN of the search engine. FortiClient monitors attempts to visit this address.

<url>

The URL substring to match or monitor, along with the FQDN.

<query>

The query string appended to the URL.

<safe_search_string>

The correct safe search string appended to the URL for the specified engine.

<cookie_name>

The name of the cookie to send the search engine.

<cookie_value>

The cookie value to send the search engine.

<profiles><profile><safe_search><youtube_education_filter> elements

<enabled>

Enable YouTube education filter.

Boolean value: [0 | 1]

<filter_id>

The institutions education identifier.

Other than the <name> and <enabled> elements, the values for each of the elements in the previous table should be wrapped in <![CDATA[]]> XML tags. Here is an example for a <host> element taken from the <safe_search> listing.

<host><![CDATA[yandex\..*]]></host>

See Manage your YouTube settings for more information on YouTube for schools and the education filter.

The following is a list of all Web Filter categories including the category <id> and category name:

0 ==> Unrated

1 ==> Drug Abuse

2 ==> Alternative Beliefs

3 ==> Hacking

4 ==> Illegal or Unethical

5 ==> Discrimination

6 ==> Explicit Violence

7 ==> Abortion

8 ==> Other Adult Materials

9 ==> Advocacy Organizations

11 ==> Gambling

12 ==> Extremist Groups

13 ==> Nudity and Risque

14 ==> Pornography

15 ==> Dating

16 ==> Weapons (Sales)

17 ==> Advertising

18 ==> Brokerage and Trading

19 ==> Freeware and Software Downloads

20 ==> Games

23 ==> Web-based Email

24 ==> File Sharing and Storage

25 ==> Streaming Media and Download

26 ==> Malicious Websites

28 ==> Entertainment

29 ==> Arts and Culture

30 ==> Education

31 ==> Finance and Banking

33 ==> Health and Wellness

34 ==> Job Search

35 ==> Medicine

36 ==> News and Media

37 ==> Social Networking

38 ==> Political Organizations

39 ==> Reference

40 ==> Global Religion

41 ==> Search Engines and Portals

42 ==> Shopping

43 ==> General Organizations

44 ==> Society and Lifestyles

46 ==> Sports

47 ==> Travel

48 ==> Personal Vehicles

49 ==> Business

50 ==> Information and Computer Security

51 ==> Government and Legal Organizations

52 ==> Information Technology

53 ==> Armed Forces

54 ==> Dynamic Content

55 ==> Meaningless Content

56 ==> Web Hosting

57 ==> Marijuana

58 ==> Folklore

59 ==> Proxy Avoidance

61 ==> Phishing

62 ==> Plagiarism

63 ==> Sex Education

64 ==> Alcohol

65 ==> Tobacco

66 ==> Lingerie and Swimsuit

67 ==> Sports Hunting and War Games

68 ==> Web Chat

69 ==> Instant Messaging

70 ==> Newsgroups and Message Boards

71 ==> Digital Postcards

72 ==> Peer-to-peer File Sharing

75 ==> Internet Radio and TV

76 ==> Internet Telephony

77 ==> Child Education

78 ==> Real Estate

79 ==> Restaurant and Dining

80 ==> Personal Websites and Blogs

81 ==> Secure Websites

82 ==> Content Servers

83 ==> Child Abuse

84 ==> Web-based Applications

85 ==> Domain Parking

86 ==> Spam URLs

88 ==> Dynamic DNS

89 ==> Auction

90 ==> Newly Observed Domain

91 ==> Newly Registered Domain

92 ==> Charitable Organizations

93 ==> Remote Access

94 ==> Web Analytics

95 ==> Online Meeting