Events

Events

Event Name	Description	Available Version
RULE_INIT	When initializing the script.	V5.2 and earlier
VS_LISTENER_BIND	When a VS tries to bind. Right now, allows the user to set tcp options, later can be used to config VS. TCP:sockopt() and MGM:set_event(“vs_listener_bind”) are available.	V5.2
TCP_ACCEPTED	When a TCP connection from a client is accepted.	V5.0
TCP_CLOSED	When a TCP connection from a client is to be closed.	V5.0
HTTP_REQUEST	When a HTTP request comes from a client. HTTP: header_get_names, header_get_values, header_get_value, header_remove, header_remove2, header_insert, header_replace, header_replace2, header_exists, header_count, version_get, version_set, redirect_with_cookie, redirect_t, redirect, close, disable_event, enable_event, set_event, set_auto, disable_auto, enable_auto, rand_id, get_session_id, collect, cookie, cookie_list, cookie_crypto, dyn_cache_invalid, cached_check, cache_hits, respond, method_get, method_set, uri_get, uri_set, path_get, path_set, query_get, query_set, cache_disable, exclude_check_disable, dyn_check_disable, dyn_invalid_check_disable, dyn_cache_enable, cache_user_key, persist, client_port, local_port, remote_port, client_addr, local_addr, remote_addr, client_ip_ver PROXY: token_file_open, token_path, lua_sync, tokeng_commit LB: routing, method_assign_server, get_valid_routing, get_current_routing AUTH: result, success, gen_renew_cookie, flags, need_renew_cookie, clear_renew_cookie, on_off, clt_meth, form_based, method, auth_flags, author_type, sso_group, relay_type, sess_timeout, set_timeout, user, pass, realm, usergroup, host, uri, sso_domain, domain_prefix, logoff IP: client_port, local_port, remote_port, client_addr, local_addr, remote_addr, client_ip_ver SSL: renegotiate, cert_request, get_verify_depth, set_verify_depth, client_cert, peer_cert, cert TCP: set_snat_ip, clear_snat_ip, sockopt MGM: rand_id, get_session_id, disable_event, enable_event, set_event, set_auto, disable_auto, enable_auto	V4.3
HTTP_DATA_REQUEST	Allows the user to manipulate http request data.	V4.8 and later
SERVER_BEFORE_CONNECT	When connecting to the backend real server. TCP:sockopt() and management commands are available. IP:client_port()/client_addr()/client_ip_ver() are available.	V5.2
SERVER_CONNECTED	When Httproxy deems that the backend real server is connected. TCP:sockopt() and management commands are available. Server-side IP functions are available.	V5.2
HTTP_RESPONSE	When a HTTP response comes from real server.	V4.3
HTTP_DATA_RESPONSE	Alllows the user to manipulate http response data.	V4.8 and later
SERVER_CLOSED	When Httproxy is going to terminate the backend real server connection.	V5.2
CLIENTSSL_HANDSHAKE	When a client-side SSL handshake is completed.	V5.0
CLIENTSSL_RENEGOTIATE	When a client-side SSL renegotiation is completed. It’s recommended not to use it as it’s not safe	V5.0
SERVERSSL_HANDSHAKE	When a server-side SSL handshake is completed.	V5.0
SERVERSSL_RENEGOTIATE	When a server-side SSL renegotiation is completed. It’s recommended not to use it as it’s not safe.	V5.0
AUTH_RESULT	When authentication(HTML Form / HTTP-basic) is done. If auth event detect, it still trigger the AUTH_RESULT. LB:routing, ip commands, management commands and AUTH:commands can be used in AUTH_RESULT event. The following commands are support in AUTH_RESULT. HTTP:"uri_get path_get method_get query_get" LB:"routing" AUTH:"result success gen_renew_cookie flags need_renew_cookie clear_renew_cookie on_off clt_meth form_based method auth_flags author_type sso_group relay_type sess_timeout set_timeout the user pass realm the usergroup host uri sso_domain domain_prefix logoff" IP:"client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver" MGM:"rand_id get_session_id disable_event enable_event set_event set_auto disable_auto enable_auto"	V5.2
BEFORE_AUTH	The BEFORE_AUTH event triggers right before the authentication is performed to allow the user specified user group to be used instead. The new user group will override the authentication result of the original authentication policy. HTTP: header_get_names header_get_values header_get_value header_remove header_remove2 header_insert header_replace header_replace2 header_exists header_count version_get version_set redirect_with_cookie redirect_t redirect close disable_event enable_event set_event set_auto disable_auto enable_auto rand_id get_session_id cookie cookie_list cookie_crypto respond method_get method_set uri_get uri_set path_get path_set query_get query_set client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver LB: routing get_valid_routing get_current_routing method_assign_server AUTH: set_usergroup realm usergroup host SSL: renegotiate cert_request get_verify_depth set_verify_depth client_cert peer_cert cert IP: client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver MGM: rand_id get_session_id disable_event enable_event set_event set_auto disable_auto enable_auto	V7.2
COOKIE_BAKE	When FortiADC is done baking an authentication cookie.	V5.2

Events

Event Name

Description

Available Version

RULE_INIT

When initializing the script.

V5.2 and earlier

VS_LISTENER_BIND

When a VS tries to bind.

Right now, allows the user to set tcp options, later can be used to config VS.

TCP:sockopt() and MGM:set_event(“vs_listener_bind”) are available.

V5.2

TCP_ACCEPTED

When a TCP connection from a client is accepted.

V5.0

TCP_CLOSED

When a TCP connection from a client is to be closed.

V5.0

HTTP_REQUEST

When a HTTP request comes from a client.

HTTP: header_get_names, header_get_values, header_get_value, header_remove, header_remove2, header_insert, header_replace, header_replace2, header_exists, header_count, version_get, version_set, redirect_with_cookie, redirect_t, redirect, close, disable_event, enable_event, set_event, set_auto, disable_auto, enable_auto, rand_id, get_session_id, collect, cookie, cookie_list, cookie_crypto, dyn_cache_invalid, cached_check, cache_hits, respond, method_get, method_set, uri_get, uri_set, path_get, path_set, query_get, query_set, cache_disable, exclude_check_disable, dyn_check_disable, dyn_invalid_check_disable, dyn_cache_enable, cache_user_key, persist, client_port, local_port, remote_port, client_addr, local_addr, remote_addr, client_ip_ver

PROXY: token_file_open, token_path, lua_sync, tokeng_commit

LB: routing, method_assign_server, get_valid_routing, get_current_routing

AUTH: result, success, gen_renew_cookie, flags, need_renew_cookie, clear_renew_cookie, on_off, clt_meth, form_based, method, auth_flags, author_type, sso_group, relay_type, sess_timeout, set_timeout, user, pass, realm, usergroup, host, uri, sso_domain, domain_prefix, logoff

IP: client_port, local_port, remote_port, client_addr, local_addr, remote_addr, client_ip_ver

SSL: renegotiate, cert_request, get_verify_depth, set_verify_depth, client_cert, peer_cert, cert

TCP: set_snat_ip, clear_snat_ip, sockopt

MGM: rand_id, get_session_id, disable_event, enable_event, set_event, set_auto, disable_auto, enable_auto

V4.3

HTTP_DATA_REQUEST

Allows the user to manipulate http request data.

V4.8 and later

SERVER_BEFORE_CONNECT

When connecting to the backend real server.

TCP:sockopt() and management commands are available.

IP:client_port()/client_addr()/client_ip_ver() are available.

V5.2

SERVER_CONNECTED

When Httproxy deems that the backend real server is connected.

TCP:sockopt() and management commands are available.

Server-side IP functions are available.

V5.2

HTTP_RESPONSE

When a HTTP response comes from real server.

V4.3

HTTP_DATA_RESPONSE

Alllows the user to manipulate http response data.

V4.8 and later

SERVER_CLOSED

When Httproxy is going to terminate the backend real server connection.

V5.2

CLIENTSSL_HANDSHAKE

When a client-side SSL handshake is completed.

V5.0

CLIENTSSL_RENEGOTIATE

When a client-side SSL renegotiation is completed. It’s recommended not to use it as it’s not safe

V5.0

SERVERSSL_HANDSHAKE

When a server-side SSL handshake is completed.

V5.0

SERVERSSL_RENEGOTIATE

When a server-side SSL renegotiation is completed. It’s recommended not to use it as it’s not safe.

V5.0

AUTH_RESULT

When authentication(HTML Form / HTTP-basic) is done. If auth event detect, it still trigger the AUTH_RESULT.

LB:routing, ip commands, management commands and AUTH:commands can be used in AUTH_RESULT event.

The following commands are support in AUTH_RESULT.

HTTP:"uri_get path_get method_get query_get"

LB:"routing"

AUTH:"result success gen_renew_cookie flags need_renew_cookie clear_renew_cookie on_off clt_meth form_based method auth_flags author_type sso_group relay_type sess_timeout set_timeout the user pass realm the usergroup host uri sso_domain domain_prefix logoff"

IP:"client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver"

MGM:"rand_id get_session_id disable_event enable_event set_event set_auto disable_auto enable_auto"

V5.2

BEFORE_AUTH

The BEFORE_AUTH event triggers right before the authentication is performed to allow the user specified user group to be used instead. The new user group will override the authentication result of the original authentication policy.

HTTP: header_get_names header_get_values header_get_value header_remove header_remove2 header_insert header_replace header_replace2 header_exists header_count version_get version_set redirect_with_cookie redirect_t redirect close disable_event enable_event set_event set_auto disable_auto enable_auto rand_id get_session_id cookie cookie_list cookie_crypto respond method_get method_set uri_get uri_set path_get path_set query_get query_set client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver

LB: routing get_valid_routing get_current_routing method_assign_server

AUTH: set_usergroup realm usergroup host

SSL: renegotiate cert_request get_verify_depth set_verify_depth client_cert peer_cert cert

IP: client_port local_port remote_port client_addr local_addr remote_addr client_ip_ver

MGM: rand_id get_session_id disable_event enable_event set_event set_auto disable_auto enable_auto

V7.2

COOKIE_BAKE

When FortiADC is done baking an authentication cookie.

V5.2

Script Reference Guide

Events

Events