Fortinet black logo

Script Reference Guide

Home FortiADC 7.4.2 Script Reference Guide
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.4
7.2.0
6.2.0
5.4.1
5.4.0
5.3.0

PROXY commands

PROXY commands

PROXY:set_auth_key(value) — Customize the crypto key FortiADC used for encrypt/decrypt authentication cookie name "FortiADCauthSI". This will increase your FortiADC's security so that others cannot forge this authentication cookie.

PROXY:clear_auth_key(value) — Clears the customized authentication key that was previously set to use the default key instead.

PROXY:shared_table_create() — Creates a shared table if there is no existing shared table with the specified name.

PROXY:shared_table_destroy() — Destroys the specified shared table and all the data entries if the calling process is the only one attached to the shared table. In case there is more than one process attached to this table, this function will only detach both the data entries and the shared table for the calling process.

PROXY:shared_table_entry_count() — Returns the current count of entries in a shared table. Returns -1 if the table does not exist.

PROXY:shared_table_memory_size() — Returns the current memory usage of a shared table. Returns -1 if the table does not exist.

PROXY:shared_table_insert() — Inserts a pair of <key, value> as an entry into the shared table. If the key already exists in the table or if the table is full, the function will do nothing. The key can be a Lua string or integer while the value can be a Lua string, integer, or table.

PROXY:shared_table_lookup() — Looks up whether a key exists in the shared table. If the key exists, returns the corresponding value.

PROXY:shared_table_delete() — Deletes an entry specified by a key from the shared table. If the key does not exist, the function will do nothing. If there is more than one process attached to the data entry, this function only detaches the calling process.

PROXY:shared_table_dump() — Prints the current contents of the shared table for debugging purposes. This works similar to an iterator for a shared table.

PROXY:set_auth_key(value)

Customize the crypto key FortiADC used for encrypt/decrypt authentication cookie name "FortiADCauthSI". This will increase your FortiADC's security so that others cannot forge this authentication cookie.

Syntax

PROXY:set_auth_key(value);

Arguments
Name Description

value

A string which will be used to encrypt/decrypt the authentication cookie.

Example
when VS_LISTENER_BIND {
AUTH_KEY = “0123456789ABCDEF0123456789ABCDEF”
result = PROXY:set_auth_key(AUTH_KEY)
If result then
Debug(“set auth key succeed\n”)
end
}

FortiADC version: V5.2

Used in events: VS_LISTENER_BIND / TCP_BIND

PROXY:clear_auth_key(value)

Clears the customized authentication key that was previously set to use the default key instead.

Syntax

PROXY:clear_auth_key(value);

Arguments
Name Description

value

A string which will be used to encrypt/decrypt the authentication cookie.

Example
when TCP_BIND {
result = PROXY:clear_auth_key()
}

FortiADC version: V5.2

Used in events: VS_LISTENER_BIND / TCP_BIND

PROXY:shared_table_create()

Creates a shared table if there is no existing shared table with the specified name. Multiple shared tables can be created with different names. Each table operation must specify a table name.

Before creating the table, FortiADC will check whether there is already a table with the same name. If a table with the same name already exists, it will either be attached or will return an error. Typically, the first calling process creates the table, then all the other processes will attach to it with the same API call.

For any table, this API must be called first before other operations can be performed.

Returns Boolean true if successful, otherwise, returns Boolean false.

Syntax

PROXY:shared_table_create(table_name, [entry_size], [memory_limit]);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

entry_size

The maximum number of entries this table can hold. This parameter is optional. The default value is 2048. Must not exceed 2048.

memory_limit

The maximum amount of memory that can be allocated for a shared table and its data entries. This parameter is optional. The default value is 4 G.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	ret = PROXY:shared_table_create(table_name, 2048, 20971520) 
	if ret then 
	   debug("===>>shared_table_create success: [%s]\n", table_name) 
	else 
	   debug("===>>shared_table_create failed: [%s]\n", table_name) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_destroy()

Destroys the specified shared table and all the data entries if the calling process is the only one attached to the shared table. In case there is more than one process attached to this table, this function will only detach both the data entries and the shared table for the calling process.
Returns Boolean true if successful, otherwise, returns Boolean false.

Syntax

PROXY:shared_table_destroy(table_name);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	ret = PROXY:shared_table_destroy(table_name) 
	if ret then 
	   debug("===>>shared_table_destroy success: [%s]\n", table_name) 
	else 
	   debug("===>>shared_table_destroy failed: [%s]\n", table_name) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_entry_count()

Returns the current count of entries in a shared table. Returns -1 if the table does not exist.

Syntax

PROXY:shared_table_entry_count(table_name);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	ret = PROXY:shared_table_entry_count(table_name) 
	debug("===>>shared_table_entry_count: [%s]=[%d]\n", table_name, ret) 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_memory_size()

Returns the current memory usage of a shared table. Returns -1 if the table does not exist.

Syntax

PROXY:shared_table_memory_size(table_name);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	ret = PROXY:shared_table_memory_size(table_name) 
	debug("===>>shared_table_memory_size: [%s]=[%d]\n", table_name, ret) 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_insert()

Inserts a pair of <key, value> as an entry into the shared table. If the key already exists in the table or if the table is full, the function will do nothing. The key can be a Lua string or integer while the value can be a Lua string, integer, or table.

This function will fail if the table has not been created yet; it will not trigger the creation of a new table.

Returns Boolean true if successful, otherwise, returns Boolean false.

Syntax

PROXY:shared_table_insert(table_name, key, value);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

key

The key can be a Lua string or integer. This parameter is mandatory.

The maximum length for the string is 255.

value

The value can be a Lua string, integer, or table. The table will be serialized before storing into the shared table. This parameter is mandatory.

The maximum length of any value is 64K.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	key1="keyString101" 
	val1="valString101" 
	ret = RPXOY:shared_table_insert(table_name, key1, val1) 
	if ret then 
	   debug("===>>shared_table_insert success:[Table:%s] [%s]=[%s]\n",table_name, key1, val1) 
	else 
	   debug("===>>shared_table_insert failed:[Table:%s] [%s]=[%s]\n",table_name, key1, val1) 
	end  
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_lookup()

Looks up whether a key exists in the shared table. If the key exists, returns the corresponding value.

This function will fail if the table has not been created yet; it will not trigger the creation of a new table.

Returns the stored value if successful, otherwise, returns Boolean false. The returned value can be an Lua string, integer, or table. The table will be deserialized before returning, so the API will receive a Lua table.

Syntax

PROXY:shared_table_lookup(table_name, key);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

key

The key can be a Lua string or integer. This parameter is mandatory.

The maximum length for the string is 255.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	key1="keyString101" 
	ret = PROXY:shared_table_lookup(table_name,key1) 
	if ret then 
	   debug("===>>shared_table_lookup success: [Table:%s]  [%s]=[%s]\n", table_name, key1, ret) 
	else 
	   debug("===>>shared_table_lookup failed for key: [Table:%s] [%s]\n", table_name, key1) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_delete()

Deletes an entry specified by a key from the shared table. If the key does not exist, the function will do nothing. If there is more than one process attached to the data entry, this function only detaches the calling process.

This function will fail if the table has not been created yet; it will not trigger the creation of a new table.

Returns Boolean true if successful, otherwise, returns Boolean false.

Syntax

PROXY:shared_table_delete(table_name, key);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

key

The key can be a Lua string or integer. This parameter is mandatory.

The maximum length for the string is 255.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	key3 ="keyString103" 
	ret = PROXY:shared_table_delete(table_name,key3) 
	if ret then 
	   debug("===>>shared_table_delete success for key: [Table:%s]  [%d]\n", table_name, key3) 
	else 
	   debug("===>>shared_table_delete failed for key: [Table:%s]  [%d]\n", table_name, key3) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_dump()

Prints the current contents of the shared table for debugging purposes. This works similar to an iterator for a shared table.

Returns a pair table, which can be traversed with for [k, v]. All keys and values will be converted into strings. Returns NIL if there is any error or the table is empty.

Syntax

PROXY:shared_table_dump(table_name, [index], [count]);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

index

A Lua integer is used as the print index. This will indicate the order of printing for all the items.

This parameter is optional. The default value is 1. The valid range is from 1 to the current entry count of the table. FortiADC will check the validity of this index and report errors for invalid entries.
Note: The item order in the hash table is not important, so there is no need to try to match the index to the item.

count

A Lua integer is used to indicate the number of items to print.

This parameter is optional. The default value is 1000 or the current entry count (whichever is smaller). The valid range is from 1 to the current entry count of the table. FortiADC will check the validity of this count and report errors for invalid entries.

The index is always processed before the count, so if only one parameter exists, then it is assumed as the index.

The actual returned count may be less than the specified value if we run out of items or if there is any error.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	index = 1 
	count = PROXY:shared_table_entry_count(table_name) 
	ret = PROXY:shared_table_dump(table_name, index, count) 
	--Or simply: 
	--ret = PROXY:shared_table_dump(table_name) 
	if ret then 
	   debug("===>>PROXY-shared_table_dump success [Table-%s]\n", table_name) 
	   for k, v in pairs(ret) do 
	      debug("===>>Key: %s Value: %s\n", k, v) 
	   end 
	else 
	   debug("===>>PROXY-shared_table_dump failed [Table-%s]\n", table_name) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

Previous
Next

PROXY commands

PROXY:set_auth_key(value) — Customize the crypto key FortiADC used for encrypt/decrypt authentication cookie name "FortiADCauthSI". This will increase your FortiADC's security so that others cannot forge this authentication cookie.

PROXY:clear_auth_key(value) — Clears the customized authentication key that was previously set to use the default key instead.

PROXY:shared_table_create() — Creates a shared table if there is no existing shared table with the specified name.

PROXY:shared_table_destroy() — Destroys the specified shared table and all the data entries if the calling process is the only one attached to the shared table. In case there is more than one process attached to this table, this function will only detach both the data entries and the shared table for the calling process.

PROXY:shared_table_entry_count() — Returns the current count of entries in a shared table. Returns -1 if the table does not exist.

PROXY:shared_table_memory_size() — Returns the current memory usage of a shared table. Returns -1 if the table does not exist.

PROXY:shared_table_insert() — Inserts a pair of <key, value> as an entry into the shared table. If the key already exists in the table or if the table is full, the function will do nothing. The key can be a Lua string or integer while the value can be a Lua string, integer, or table.

PROXY:shared_table_lookup() — Looks up whether a key exists in the shared table. If the key exists, returns the corresponding value.

PROXY:shared_table_delete() — Deletes an entry specified by a key from the shared table. If the key does not exist, the function will do nothing. If there is more than one process attached to the data entry, this function only detaches the calling process.

PROXY:shared_table_dump() — Prints the current contents of the shared table for debugging purposes. This works similar to an iterator for a shared table.

PROXY:set_auth_key(value)

Customize the crypto key FortiADC used for encrypt/decrypt authentication cookie name "FortiADCauthSI". This will increase your FortiADC's security so that others cannot forge this authentication cookie.

Syntax

PROXY:set_auth_key(value);

Arguments
Name Description

value

A string which will be used to encrypt/decrypt the authentication cookie.

Example
when VS_LISTENER_BIND {
AUTH_KEY = “0123456789ABCDEF0123456789ABCDEF”
result = PROXY:set_auth_key(AUTH_KEY)
If result then
Debug(“set auth key succeed\n”)
end
}

FortiADC version: V5.2

Used in events: VS_LISTENER_BIND / TCP_BIND

PROXY:clear_auth_key(value)

Clears the customized authentication key that was previously set to use the default key instead.

Syntax

PROXY:clear_auth_key(value);

Arguments
Name Description

value

A string which will be used to encrypt/decrypt the authentication cookie.

Example
when TCP_BIND {
result = PROXY:clear_auth_key()
}

FortiADC version: V5.2

Used in events: VS_LISTENER_BIND / TCP_BIND

PROXY:shared_table_create()

Creates a shared table if there is no existing shared table with the specified name. Multiple shared tables can be created with different names. Each table operation must specify a table name.

Before creating the table, FortiADC will check whether there is already a table with the same name. If a table with the same name already exists, it will either be attached or will return an error. Typically, the first calling process creates the table, then all the other processes will attach to it with the same API call.

For any table, this API must be called first before other operations can be performed.

Returns Boolean true if successful, otherwise, returns Boolean false.

Syntax

PROXY:shared_table_create(table_name, [entry_size], [memory_limit]);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

entry_size

The maximum number of entries this table can hold. This parameter is optional. The default value is 2048. Must not exceed 2048.

memory_limit

The maximum amount of memory that can be allocated for a shared table and its data entries. This parameter is optional. The default value is 4 G.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	ret = PROXY:shared_table_create(table_name, 2048, 20971520) 
	if ret then 
	   debug("===>>shared_table_create success: [%s]\n", table_name) 
	else 
	   debug("===>>shared_table_create failed: [%s]\n", table_name) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_destroy()

Destroys the specified shared table and all the data entries if the calling process is the only one attached to the shared table. In case there is more than one process attached to this table, this function will only detach both the data entries and the shared table for the calling process.
Returns Boolean true if successful, otherwise, returns Boolean false.

Syntax

PROXY:shared_table_destroy(table_name);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	ret = PROXY:shared_table_destroy(table_name) 
	if ret then 
	   debug("===>>shared_table_destroy success: [%s]\n", table_name) 
	else 
	   debug("===>>shared_table_destroy failed: [%s]\n", table_name) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_entry_count()

Returns the current count of entries in a shared table. Returns -1 if the table does not exist.

Syntax

PROXY:shared_table_entry_count(table_name);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	ret = PROXY:shared_table_entry_count(table_name) 
	debug("===>>shared_table_entry_count: [%s]=[%d]\n", table_name, ret) 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_memory_size()

Returns the current memory usage of a shared table. Returns -1 if the table does not exist.

Syntax

PROXY:shared_table_memory_size(table_name);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	ret = PROXY:shared_table_memory_size(table_name) 
	debug("===>>shared_table_memory_size: [%s]=[%d]\n", table_name, ret) 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_insert()

Inserts a pair of <key, value> as an entry into the shared table. If the key already exists in the table or if the table is full, the function will do nothing. The key can be a Lua string or integer while the value can be a Lua string, integer, or table.

This function will fail if the table has not been created yet; it will not trigger the creation of a new table.

Returns Boolean true if successful, otherwise, returns Boolean false.

Syntax

PROXY:shared_table_insert(table_name, key, value);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

key

The key can be a Lua string or integer. This parameter is mandatory.

The maximum length for the string is 255.

value

The value can be a Lua string, integer, or table. The table will be serialized before storing into the shared table. This parameter is mandatory.

The maximum length of any value is 64K.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	key1="keyString101" 
	val1="valString101" 
	ret = RPXOY:shared_table_insert(table_name, key1, val1) 
	if ret then 
	   debug("===>>shared_table_insert success:[Table:%s] [%s]=[%s]\n",table_name, key1, val1) 
	else 
	   debug("===>>shared_table_insert failed:[Table:%s] [%s]=[%s]\n",table_name, key1, val1) 
	end  
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_lookup()

Looks up whether a key exists in the shared table. If the key exists, returns the corresponding value.

This function will fail if the table has not been created yet; it will not trigger the creation of a new table.

Returns the stored value if successful, otherwise, returns Boolean false. The returned value can be an Lua string, integer, or table. The table will be deserialized before returning, so the API will receive a Lua table.

Syntax

PROXY:shared_table_lookup(table_name, key);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

key

The key can be a Lua string or integer. This parameter is mandatory.

The maximum length for the string is 255.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	key1="keyString101" 
	ret = PROXY:shared_table_lookup(table_name,key1) 
	if ret then 
	   debug("===>>shared_table_lookup success: [Table:%s]  [%s]=[%s]\n", table_name, key1, ret) 
	else 
	   debug("===>>shared_table_lookup failed for key: [Table:%s] [%s]\n", table_name, key1) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_delete()

Deletes an entry specified by a key from the shared table. If the key does not exist, the function will do nothing. If there is more than one process attached to the data entry, this function only detaches the calling process.

This function will fail if the table has not been created yet; it will not trigger the creation of a new table.

Returns Boolean true if successful, otherwise, returns Boolean false.

Syntax

PROXY:shared_table_delete(table_name, key);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

key

The key can be a Lua string or integer. This parameter is mandatory.

The maximum length for the string is 255.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	key3 ="keyString103" 
	ret = PROXY:shared_table_delete(table_name,key3) 
	if ret then 
	   debug("===>>shared_table_delete success for key: [Table:%s]  [%d]\n", table_name, key3) 
	else 
	   debug("===>>shared_table_delete failed for key: [Table:%s]  [%d]\n", table_name, key3) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

PROXY:shared_table_dump()

Prints the current contents of the shared table for debugging purposes. This works similar to an iterator for a shared table.

Returns a pair table, which can be traversed with for [k, v]. All keys and values will be converted into strings. Returns NIL if there is any error or the table is empty.

Syntax

PROXY:shared_table_dump(table_name, [index], [count]);

Arguments
Name Description
table_name

A Lua string as the name of the shared table. This is the unique identification of a shared table. This parameter is mandatory.

The maximum length of this table name is 255.

index

A Lua integer is used as the print index. This will indicate the order of printing for all the items.

This parameter is optional. The default value is 1. The valid range is from 1 to the current entry count of the table. FortiADC will check the validity of this index and report errors for invalid entries.
Note: The item order in the hash table is not important, so there is no need to try to match the index to the item.

count

A Lua integer is used to indicate the number of items to print.

This parameter is optional. The default value is 1000 or the current entry count (whichever is smaller). The valid range is from 1 to the current entry count of the table. FortiADC will check the validity of this count and report errors for invalid entries.

The index is always processed before the count, so if only one parameter exists, then it is assumed as the index.

The actual returned count may be less than the specified value if we run out of items or if there is any error.
Example
when HTTP_REQUEST { 
	table_name = "TableDemo1" 
	index = 1 
	count = PROXY:shared_table_entry_count(table_name) 
	ret = PROXY:shared_table_dump(table_name, index, count) 
	--Or simply: 
	--ret = PROXY:shared_table_dump(table_name) 
	if ret then 
	   debug("===>>PROXY-shared_table_dump success [Table-%s]\n", table_name) 
	   for k, v in pairs(ret) do 
	      debug("===>>Key: %s Value: %s\n", k, v) 
	   end 
	else 
	   debug("===>>PROXY-shared_table_dump failed [Table-%s]\n", table_name) 
	end 
}

FortiADC version: V7.4.2

Used in events:

  • RULE_INIT

  • HTTP events: HTTP_REQUEST, HTTP_RESPONSE, HTTP_DATA_REQUEST, HTTP_DATA_RESPONSE, BEFORE_AUTH, AUTH_RESULT, COOKIE_BAKE

  • SSL events: CLIENTSSL_HANDSHAKE, SERVERSSL_HANDSHAKE, CLIENTSSL_RENEGOTIATE, SERVERSSL_RENEGOTIATE

  • TCP events: TCP_ACCEPTED, TCP_CLOSED, SERVER_CONNECTED, SERVER_CLOSED, VS_LISTENER_BIND, SERVER_BEFORE_CONNECT

  • WAF events: WAF_REQUEST_BEFORE_SCAN, WAF_RESPONSE_BEFORE_SCAN, WAF_REQUEST_ATTACK_DETECTED, WAF_RESPONSE_ATTACK_DETECTED

Previous
Next