Predefined HTTP scripts
FortiADC provides system predefined scripts for HTTP Scripting.
Scripts and predefined commands highlights the functions of these scripts and commands and shows how to use them.
- UTILITY_FUNCTIONS_DEMO and CLASS_SEARCH_n_MATCH provide various utility commands.
- MULTIPLE_SCRIPT_CONTROL_DEMO_1 and MULTIPLE_SCRIPT_CONTROL_DEMO_2 show how to use multiple-script support.
- HTTP_DATA_FIND_REMOVE_REPLACE_DEMO and HTTP_DATA_FETCH_SET_DEMO show how to manipulate HTTP data.
- SPECIAL_CHARACTERS_HANDLING_DEMO shows how to handle certain special characters.
- INSERT_RANDOM_MESSAGE_ID_DEMO shows how to generate random message IDs.
- OPTIONAL_CLIENT_AUTHENTICATION shows how to perform optional client authentication based on a request URL.
- COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO shows how to perform IP address match.
- USE_REQUEST_HEADERS_in_OTHER_EVENTS shows how to share information across events.
- Many more predefined scripts are provided for load balance content routing, HTTP redirection, and HTTP content rewriting.
The following table lists the FortiADC predefined scripts available for users to apply and customize.
| Predefined script | Usage |
|---|---|
|
AES_DIGEST_SIGN_2F_COMMANDS |
Demonstrate how to use AES to encryption/decryption data and some tools to generate the digest. |
|
AUTH_COOKIE_BAKE |
Allows you to retrieve the baked cookie and edit the cookie content. |
|
AUTH_EVENTS_n_COMMANDS |
Used to get the information from authentication process. |
| CLASS_SEARCH_n_MATCH | Demonstrates how to use the class_match and class_search utility function. |
| COMPARE_IP_ADDR_2_ADDR_GROUP_DEMO |
Compares an IP address to an address group to determine if the IP address is included in the specified IP group. For example ,192.168.1.2 is included in 192.168.1.0/24. Note: Do NOT use this script "as is". Instead, copy it and customize the IP address and the IP address group. |
| CONTENT_ROUTING_by_URI | Routes to a pool member based on URI string matches. You should not use this script as is. Instead, copy it and customize the URI string matches and pool member names. |
| CONTENT_ROUTING_by_X_FORWARDED_FOR | Routes to a pool member based on IP address in the X-Forwarded-For header. You should not use this script as is. Instead, copy it and customize the X-Fowarded-For header values and pool member names. |
|
COOKIE_COMMANDS |
Demonstrate the cookie command to get the whole cookie in a table and how to remove/insert/set the cookie attribute. |
|
COOKIE_COMMANDS_USAGE |
Demonstrate the sub-function to handle the cookie attribute "SameSite" and others. |
|
COOKIE_CRYPTO_COMMANDS |
Used to perform cookie encryption/decryption on behalf of the real server. |
|
CUSTOMIZE_AUTH_KEY |
Demonstrate how to customize the crypto key for authentication cookie. |
| GENERAL_REDIRECT_DEMO |
Redirects requests to a URL with user-defined code and cookie. Note: Do NOT use this script "as is". Instead, copy and customize the code, URL, and cookie. |
|
GEOIP_UTILITY |
Used to fetch the GEO information country and possible province name of an IP address. |
| HTTP_2_HTTPS_REDIRECTION | Redirects requests to the HTTPS site. You can use this script without changes. |
| HTTP_2_HTTPS_REDIRECTION_FULL_URL |
Redirects requests to the specified HTTPS URL. Note: This script can be used directly, without making any change. |
| HTTP_DATA_FETCH_SET_DEMO |
Collects data in HTTP request body or HTTP response body. In Note: Do NOT use this script "as is". Instead, copy it and manipulate the collected data. |
| HTTP_DATA_FIND_REMOVE_REPLACE_DEMO |
Finds a specified string, removes a specified string, or replaces a specified string to new content in HTTP data. Note: Do NOT use this script "as is". Instead, copy it and manipulate the collected data. |
| INSERT_RANDOM_MESSAGE_ID_DEMO |
Inserts a 32-bit hex string into the HTTP header with a parameter “Message-ID”. Note: You can use the script directly, without making any change. |
|
IP_COMMANDS |
Used to get various types IP Address and port number between client and server side. |
|
MANAGEMENT_COMMANDS |
Allow you to disable/enable rest of the events from executing. |
| MULTIPLE_SCRIPT_CONTROL_DEMO_1 |
Uses Note: You could enable or disable other events. Do NOT use this script "as is". Instead, copy it and customize the operation. |
| MULTIPLE_SCRIPT_CONTROL_DEMO_2 |
Uses Note: You could enable or disable other events. Do NOT use this script "as is". Instead, copy it and customize the operation. |
| OPTIONAL_CLIENT_AUTHENTICATION |
Performs optional client authentication. Note: Before using this script, you must have the following four parameters configured in the client-ssl-profile:
|
|
PERSIST_COMMANDS |
Demonstrates how to use persist commands and event. Event PERSISTENCE is triggered when FADC receive the HTTP REQ and ready to dispatch to real server. You can set the entry in PERSISTENCE, then look up it in POST_PERSIST. FADC will dispatch to dedicate server according to your entry set in PERSISTENCE if this session haven't assign real server before. |
|
RAM_CACHING_COMMANDS |
Demonstrate how to use script to do RAM caching. FADC script allows user to control RAM caching behaviors and check the caching status. Note: make sure RAM caching configuration is selected in HTTP or HTTPS profile. |
|
RAM_CACHING_DYNAMIC |
Demonstrate how to use script to do dynamic RAM caching. Note: Dynamic caching is identified by a configured ID. Make sure RAM caching configuration is selected in HTTP or HTTPS profile. |
|
RAM_CACHING_GROUPING |
Demonstrate how to create multiple variations based on client IP address. The sort of grouping applies to both regular caching and dynamic caching. Note: make sure RAM caching configuration is selected in HTTP or HTTPS profile. |
| REDIRECTION_by_STATUS_CODE |
Redirects requests based on the status code of server HTTP response (for example, a redirect to the mobile version of a site). Do NOT use this script "as is". Instead, copy it and customize the condition in the server HTTP response status code and the URL values. |
| REDIRECTION_by_USER_AGENT | Redirects requests based on User Agent (for example, a redirect to the mobile version of a site). You should not use this script as is. Instead, copy it and customize the User Agent and URL values. |
| REWRITE_HOST_n_PATH | Rewrites the host and path in the HTTP request, for example, if the site is reorganized. You should not use this script as is. Instead, copy it and customize the "old" and "new" hostnames and paths. |
| REWRITE_HTTP_2_HTTPS_in_LOCATION |
Rewrites HTTP location to HTTPS, for example, Note: You can use the script directly, without making any change. |
| REWRITE_HTTP_2_HTTPS_in_REFERER |
Rewrites HTTP referer to HTTPS, for example, Note: You can use the script directly, without making any change. |
| REWRITE_HTTPS_2_HTTP_in_LOCATION |
Rewrites HTTPS location to HTTP, for example, Note: You can use the script directly, without making any change. |
| REWRITE_HTTPS_2_HTTP_in_REFERER |
Rewrites HTTPS referer to HTTP, for example, Note: You can use the script directly, without making any change. |
|
SNAT_COMMANDS |
Allows you to overwrite client source address to a specific IP for certain clients, also support IPv4toIPv6 or IPv6toIPv4 type. Note: Make sure the flag SOURCE ADDRESS is selected in the HTTP or HTTPS type of profile. |
|
SOCKOPT_COMMAND_USAGE |
Allows user to customize the TCP_send buffer and TCP_receive buffer size. |
| SPECIAL_CHARACTERS_HANDLING_DEMO | Shows how to use those "magic characters" which have special meanings when used in a certain pattern. The magic characters are ( ) . % + - * ? [ ] ^ $ |
|
SSL_EVENTS_n_COMMANDS |
Demonstrate how to fetch the SSL certificate information and some of the SSL connection parameters between server and client side. |
|
TCP_EVENTS_n_COMMANDS |
Demonstrate how to reject a TCP connection from a client in TCP_ACCEPTED event. |
|
TWO_STEP_VERIFICATION |
Demonstrate how to perform 2-Step Verification using FortiToken. One needs have authentication policy configured and selected in a virtual-server. |
|
TWO_STEP_VERIFICATION_2_NEW |
Demonstrate how to perform 2-Step Verification using FortiToken for the second authentication group. |
|
TWO_STEP_VERIFICATION_2_SAME |
Demonstrate how to perform 2-Step Verification for the second authentication group using the same token group. |
|
TWO_STEP_VERIFICATION_CHANGE_KEY |
Demonstrate how to change the AES key and its size for stored token group. |
|
URL_UTILITY_COMMANDS |
Demonstrate how to use those url tools to encode/decode/parser/compare. |
| USE_REQUEST_HEADERS_in_OTHER_EVENTS |
Stores a request header value in an event and uses it in other events. For example, you can store a URL in a request event, and use it in a response event. Note: Do NOT use this script "as is". Instead, copy it and customize the content you want to store, use |
| UTILITY_FUNCTIONS_DEMO |
Demonstrates how to use the basic string operations and random number/alphabet, time, MD5, SHA1, SHA2, BASE64, BASE32, table to string conversion, network to host conversion utility function |
| Commands | |
|
AUTH_EVENTS_n_COMMANDS |
Lists the auth event and commands |
| COOKIE_COMMANDS | Lists the two cookie commands and shows how to use them. |
| IP_COMMANDS | Lists the IP commands and shows how to use them. |
| MANAGEMENT_COMMANDS | Lists the management commands and shows how to use them. |
|
PERSIST_COMMANDS |
Lists the persist event and commands |
|
RAM_CACHING_COMMANDS |
Lists the RAM caching event and commands |
| SSL_EVENTS_n_COMMANDS | Lists the SSL events and commands. |
| TCP_EVENTS_n_COMMANDS | Lists the TCP events and commands. |