Fortinet black logo

Handbook

Predefined scripts

Predefined scripts

Predefined scripts provides the syntax, usage, and examples of the predefined commands that are useful for writing scripts.

Predefined scripts

Predefined script Description
INSERT_RANDOM_MESSAGE_ID_DEMO

Inserts a 32-bit hex string into the HTTP header with a parameter "Message-ID".

Note: You can use the script directly, without making any changes.

GENERAL_REDIRECT_DEMO FortiADC redirects HTTP requests to a set location.
USE_REQUEST_HEADERS_in_OTHER_EVENTS FortiADC uses a session ID to obtain data from that session.
COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO FortiADC tries to find the client IP address in an internal list and returns the result.
HTTP_2_HTTPS_REDIRECTION_FULL_URL FortiADC redirects an HTTP request.
REWRITE_HTTP_2_HTTPS_in_LOCATION FortiADC changes an HTTP location given in an HTTP response with an HTTPS location.
REWRITE_HTTPS_2_HTTP_in_LOCATION FortiADC changes an HTTPS location given in an HTTP response with an HTTP location.
REWRITE_HTTP_2_HTTPS_in_REFERER FortiADC changes a HTTP referer given in an HTTP response with an HTTPS referer.
REWRITE_HTTPS_2_HTTP_in_REFERER FortiADC changes a HTTPS referer given in an HTTP response with an HTTP referer.
HTTP_DATA_FETCH_SET_DEMO FortiADC reads the body of every HTTP request, and can manipulate the data depending on settings.
HTTP_DATA_FIND_REMOVE_REPLACE_DEMO FortiADC reads the body of every HTTP request and will find and replace data in the body.
MULTIPLE_SCRIPT_CONTROL_DEMO_1 When multiple scripts are running, this will determine the priority of each script.
MULTIPLE_SCRIPT_CONTROL_DEMO_2 When multiple scripts are running, this will determine the priority of each script.
HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server.
AES_DIGEST_SIGN_2F_COMMANDS Demonstrates how to use AES to encryption/decryption data and some tools to generate the digest.
AUTH_COOKIE_BAKE Allows you to retrieve the baked cookie and edit the cookie content.
AUTH_EVENTS_n_COMMANDS Used to get the information from authentication process.
CLASS_SEARCH_n_MATCH Demonstrates how to use the class_match and class_search utility function.
CONTENT_ROUTING_by_URI Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.
CONTENT_ROUTING_by_X_FORWARDED_FOR Routes to a pool member based on IP address in the X-Forwarded-For header. You should not use this script as is. Instead, copy it and customize the X-Fowarded-For header values and pool member names.
COOKIE_COMMANDS Demonstrate the cookie command to get the whole cookie in a table and how to remove/insert/set the cookie attribute.
COOKIE_COMMANDS_USAGE Demonstrate the sub-function to handle the cookie attribute "SameSite" and others.
COOKIE_CRYPTO_COMMANDS Used to perform cookie encryption/decryption on behalf of the real server.
CUSTOMIZE_AUTH_KEY Demonstrate how to customize the crypto key for authentication cookie.
GEOIP_UTILITY Used to fetch the GEO information country and possible province name of an IP address.
HTTP_2_HTTPS_REDIRECTION Redirects requests to the HTTPS site. You can use this script without changes
HTTP_DATA_FETCH_SET_DEMO "Collects data in HTTP request body or HTTP response body. In HTTP_REQUEST or HTTP_RESPONSE, you could collect specified size data with “size” in collect().In HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE. You could print the data use “content”, calculate data length with “size”, and rewrite the data with “set”. Note: Do NOT use this script ""as is"". Instead, copy it and manipulate the collected data."
IP_COMMANDS Used to get various types IP Address and port number between client and server side.
MANAGEMENT_COMMANDS Allow you to disable/enable rest of the events from executing.
OPTIONAL_CLIENT_AUTHENTICATION

Performs optional client authentication.

Note: Before using this script, you must have the following four parameters configured in the client-ssl-profile:

  • client-certificate-verify—Set to the verify you'd like to use to verify the client certificate.
  • client-certificate-verify-option—Set to optional
  • ssl-session-cache-flag—Disable.
  • use-tls-tickets—Disable. "
REDIRECTION_by_STATUS_CODE Redirects requests based on the status code of server HTTP response (for example, a redirect to the mobile version of a site). Do NOT use this script "as is". Instead, copy it and customize the condition in the server HTTP response status code and the URL values.
REDIRECTION_by_USER_AGENT Redirects requests based on User Agent (for example, a redirect to the mobile version of a site). You should not use this script as is. Instead, copy it and customize the User Agent and URL values
REWRITE_HOST_n_PATH Rewrites the host and path in the HTTP request, for example, if the site is reorganized. You should not use this script as is. Instead, copy
SNAT_COMMANDS

Allows you to overwrite client source address to a specific IP for certain clients, also support IPv4toIPv6 or IPv6toIPv4 type.

Note: Make sure the flag SOURCE ADDRESS is selected in the HTTP or HTTPS type of profile.

SOCKOPT_COMMAND_USAGE Allows user to customize the TCP_send buffer and TCP_receive buffer size.
SPECIAL_CHARACTERS_HANDLING_DEMO Shows how to use those "magic characters" which have special meanings when used in a certain pattern. The magic characters are ( ) . % + - * ? [ ] ^ $
SSL_EVENTS_n_COMMANDS Demonstrate how to fetch the SSL certificate information and some of the SSL connection parameters between server and client side.
TCP_EVENTS_n_COMMANDS Demonstrate how to reject a TCP connection from a client in TCP_ACCEPTED event.
URL_UTILITY_COMMANDS Demonstrate how to use those url tools to encode/decode/parser/compare .
UTILITY_FUNCTIONS_DEMO Demonstrates how to use the basic string operations and random number/alphabet, time, MD5, SHA1, SHA2, BASE64, BASE32, table to string conversion, network to host conversion utility function.

Predefined scripts

Predefined scripts provides the syntax, usage, and examples of the predefined commands that are useful for writing scripts.

Predefined scripts

Predefined script Description
INSERT_RANDOM_MESSAGE_ID_DEMO

Inserts a 32-bit hex string into the HTTP header with a parameter "Message-ID".

Note: You can use the script directly, without making any changes.

GENERAL_REDIRECT_DEMO FortiADC redirects HTTP requests to a set location.
USE_REQUEST_HEADERS_in_OTHER_EVENTS FortiADC uses a session ID to obtain data from that session.
COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO FortiADC tries to find the client IP address in an internal list and returns the result.
HTTP_2_HTTPS_REDIRECTION_FULL_URL FortiADC redirects an HTTP request.
REWRITE_HTTP_2_HTTPS_in_LOCATION FortiADC changes an HTTP location given in an HTTP response with an HTTPS location.
REWRITE_HTTPS_2_HTTP_in_LOCATION FortiADC changes an HTTPS location given in an HTTP response with an HTTP location.
REWRITE_HTTP_2_HTTPS_in_REFERER FortiADC changes a HTTP referer given in an HTTP response with an HTTPS referer.
REWRITE_HTTPS_2_HTTP_in_REFERER FortiADC changes a HTTPS referer given in an HTTP response with an HTTP referer.
HTTP_DATA_FETCH_SET_DEMO FortiADC reads the body of every HTTP request, and can manipulate the data depending on settings.
HTTP_DATA_FIND_REMOVE_REPLACE_DEMO FortiADC reads the body of every HTTP request and will find and replace data in the body.
MULTIPLE_SCRIPT_CONTROL_DEMO_1 When multiple scripts are running, this will determine the priority of each script.
MULTIPLE_SCRIPT_CONTROL_DEMO_2 When multiple scripts are running, this will determine the priority of each script.
HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server.
AES_DIGEST_SIGN_2F_COMMANDS Demonstrates how to use AES to encryption/decryption data and some tools to generate the digest.
AUTH_COOKIE_BAKE Allows you to retrieve the baked cookie and edit the cookie content.
AUTH_EVENTS_n_COMMANDS Used to get the information from authentication process.
CLASS_SEARCH_n_MATCH Demonstrates how to use the class_match and class_search utility function.
CONTENT_ROUTING_by_URI Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names.
CONTENT_ROUTING_by_X_FORWARDED_FOR Routes to a pool member based on IP address in the X-Forwarded-For header. You should not use this script as is. Instead, copy it and customize the X-Fowarded-For header values and pool member names.
COOKIE_COMMANDS Demonstrate the cookie command to get the whole cookie in a table and how to remove/insert/set the cookie attribute.
COOKIE_COMMANDS_USAGE Demonstrate the sub-function to handle the cookie attribute "SameSite" and others.
COOKIE_CRYPTO_COMMANDS Used to perform cookie encryption/decryption on behalf of the real server.
CUSTOMIZE_AUTH_KEY Demonstrate how to customize the crypto key for authentication cookie.
GEOIP_UTILITY Used to fetch the GEO information country and possible province name of an IP address.
HTTP_2_HTTPS_REDIRECTION Redirects requests to the HTTPS site. You can use this script without changes
HTTP_DATA_FETCH_SET_DEMO "Collects data in HTTP request body or HTTP response body. In HTTP_REQUEST or HTTP_RESPONSE, you could collect specified size data with “size” in collect().In HTTP_DATA_REQUEST or HTTP_DATA_RESPONSE. You could print the data use “content”, calculate data length with “size”, and rewrite the data with “set”. Note: Do NOT use this script ""as is"". Instead, copy it and manipulate the collected data."
IP_COMMANDS Used to get various types IP Address and port number between client and server side.
MANAGEMENT_COMMANDS Allow you to disable/enable rest of the events from executing.
OPTIONAL_CLIENT_AUTHENTICATION

Performs optional client authentication.

Note: Before using this script, you must have the following four parameters configured in the client-ssl-profile:

  • client-certificate-verify—Set to the verify you'd like to use to verify the client certificate.
  • client-certificate-verify-option—Set to optional
  • ssl-session-cache-flag—Disable.
  • use-tls-tickets—Disable. "
REDIRECTION_by_STATUS_CODE Redirects requests based on the status code of server HTTP response (for example, a redirect to the mobile version of a site). Do NOT use this script "as is". Instead, copy it and customize the condition in the server HTTP response status code and the URL values.
REDIRECTION_by_USER_AGENT Redirects requests based on User Agent (for example, a redirect to the mobile version of a site). You should not use this script as is. Instead, copy it and customize the User Agent and URL values
REWRITE_HOST_n_PATH Rewrites the host and path in the HTTP request, for example, if the site is reorganized. You should not use this script as is. Instead, copy
SNAT_COMMANDS

Allows you to overwrite client source address to a specific IP for certain clients, also support IPv4toIPv6 or IPv6toIPv4 type.

Note: Make sure the flag SOURCE ADDRESS is selected in the HTTP or HTTPS type of profile.

SOCKOPT_COMMAND_USAGE Allows user to customize the TCP_send buffer and TCP_receive buffer size.
SPECIAL_CHARACTERS_HANDLING_DEMO Shows how to use those "magic characters" which have special meanings when used in a certain pattern. The magic characters are ( ) . % + - * ? [ ] ^ $
SSL_EVENTS_n_COMMANDS Demonstrate how to fetch the SSL certificate information and some of the SSL connection parameters between server and client side.
TCP_EVENTS_n_COMMANDS Demonstrate how to reject a TCP connection from a client in TCP_ACCEPTED event.
URL_UTILITY_COMMANDS Demonstrate how to use those url tools to encode/decode/parser/compare .
UTILITY_FUNCTIONS_DEMO Demonstrates how to use the basic string operations and random number/alphabet, time, MD5, SHA1, SHA2, BASE64, BASE32, table to string conversion, network to host conversion utility function.