webfilter profile
Use this command configure web filter profiles.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
config ftgd-wf set options {http-err-detail | ...} next ... |
Removed deprecated option |
set extended-log {enable | disable} set web-extended-all-action-log {enable | disable} |
When extended UTM log is enabled, more HTTP header information will be logged when a UTM event happens. Note that the following HTTP header fields are included in extended-log: http method, client content type, server content type, user agent, referer, and x-forward-for. |
set youtube-channel-status [disable | blacklist | whitelist] config youtube-channel-filter edit <id> set channel-id <url-channel-id> set comment [comment] next ... |
Allow or block certain YouTube channels with new YouTube channel filter options. When defining Note that |
config webfilter profile edit {name} # Configure Web filter profiles. set name {string} Profile name. size[35] set comment {string} Optional comments. size[255] set replacemsg-group {string} Replacement message group. size[35] - datasource(s): system.replacemsg-group.name set inspection-mode {proxy | flow-based} Web filtering inspection mode. proxy Proxy. flow-based Flow based. set options {option} Options. activexfilter ActiveX filter. cookiefilter Cookie filter. javafilter Java applet filter. block-invalid-url Block sessions contained an invalid domain name. jscript Javascript block. js JS block. vbs VB script block. unknown Unknown script block. intrinsic Intrinsic script block. wf-referer Referring block. wf-cookie Cookie block. per-user-bwl Per-user black/white list filter set https-replacemsg {enable | disable} Enable replacement messages for HTTPS. set ovrd-perm {bannedword-override | urlfilter-override | fortiguard-wf-override | contenttype-check-override} Permitted override types. bannedword-override Banned word override. urlfilter-override URL filter override. fortiguard-wf-override FortiGuard Web Filter override. contenttype-check-override Content-type header override. set post-action {normal | block} Action taken for HTTP POST traffic. normal Normal, POST requests are allowed. block POST requests are blocked. config override set ovrd-cookie {allow | deny} Allow/deny browser-based (cookie) overrides. allow Allow browser-based (cookie) override. deny Deny browser-based (cookie) override. set ovrd-scope {option} Override scope. user Override for the user. user-group Override for the user's group. ip Override for the initiating IP. browser Create browser-based (cookie) override. ask Prompt for scope when initiating an override. set profile-type {list | radius} Override profile type. list Profile chosen from list. radius Profile determined by RADIUS server. set ovrd-dur-mode {constant | ask} Override duration mode. constant Constant mode. ask Prompt for duration when initiating an override. set ovrd-dur {string} Override duration. set profile-attribute {option} Profile attribute to retrieve from the RADIUS server. User-Name Use this attribute. NAS-IP-Address Use this attribute. Framed-IP-Address Use this attribute. Framed-IP-Netmask Use this attribute. Filter-Id Use this attribute. Login-IP-Host Use this attribute. Reply-Message Use this attribute. Callback-Number Use this attribute. Callback-Id Use this attribute. Framed-Route Use this attribute. Framed-IPX-Network Use this attribute. Class Use this attribute. Called-Station-Id Use this attribute. Calling-Station-Id Use this attribute. NAS-Identifier Use this attribute. Proxy-State Use this attribute. Login-LAT-Service Use this attribute. Login-LAT-Node Use this attribute. Login-LAT-Group Use this attribute. Framed-AppleTalk-Zone Use this attribute. Acct-Session-Id Use this attribute. Acct-Multi-Session-Id Use this attribute. config ovrd-user-group edit {name} # User groups with permission to use the override. set name {string} User group name. size[64] - datasource(s): user.group.name next config profile edit {name} # Web filter profile with permission to create overrides. set name {string} Web profile. size[64] - datasource(s): webfilter.profile.name next config web set bword-threshold {integer} Banned word score threshold. range[0-2147483647] set bword-table {integer} Banned word table ID. range[0-4294967295] - datasource(s): webfilter.content.id set urlfilter-table {integer} URL filter table ID. range[0-4294967295] - datasource(s): webfilter.urlfilter.id set content-header-list {integer} Content header list. range[0-4294967295] - datasource(s): webfilter.content-header.id set blacklist {enable | disable} Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist. set whitelist {option} FortiGuard whitelist settings. exempt-av Exempt antivirus. exempt-webcontent Exempt web content. exempt-activex-java-cookie Exempt ActiveX-JAVA-Cookie. exempt-dlp Exempt DLP. exempt-rangeblock Exempt RangeBlock. extended-log-others Support extended log. set safe-search {url | header} Safe search type. url Insert safe search string into URL. header Insert safe search header. set youtube-restrict {none | strict | moderate} YouTube EDU filter level. none Full access for YouTube. strict Strict access for YouTube. moderate Moderate access for YouTube. set log-search {enable | disable} Enable/disable logging all search phrases. config keyword-match edit {pattern} # Search keywords to log when match is found. set pattern {string} Pattern/keyword to search for. size[64] next set youtube-channel-status {disable | blacklist | whitelist} YouTube channel filter status. disable Disable YouTube channel filter. blacklist Block matches. whitelist Allow matches. config youtube-channel-filter edit {id} # YouTube channel filter. set id {integer} ID. range[0-4294967295] set channel-id {string} YouTube channel ID to be filtered. size[255] set comment {string} Comment. size[255] next config ftgd-wf set options {error-allow | rate-server-ip | connect-request-bypass | ftgd-disable} Options for FortiGuard Web Filter. error-allow Allow web pages with a rating error to pass through. rate-server-ip Rate the server IP in addition to the domain name. connect-request-bypass Bypass connection which has CONNECT request. ftgd-disable Disable FortiGuard scanning. set exempt-quota {string} Do not stop quota for these categories. set ovrd {string} Allow web filter profile overrides. config filters edit {id} # FortiGuard filters. set id {integer} ID number. range[0-255] set category {integer} Categories and groups the filter examines. range[0-255] set action {block | authenticate | monitor | warning} Action to take for matches. block Block access. authenticate Authenticate user before allowing access. monitor Allow access while logging the action. warning Allow access after warning the user. set warn-duration {string} Duration of warnings. config auth-usr-grp edit {name} # Groups with permission to authenticate. set name {string} User group name. size[64] - datasource(s): user.group.name next set log {enable | disable} Enable/disable logging. set override-replacemsg {string} Override replacement message. size[28] set warning-prompt {per-domain | per-category} Warning prompts in each category or each domain. per-domain Per-domain warnings. per-category Per-category warnings. set warning-duration-type {session | timeout} Re-display warning after closing browser or after a timeout. session After session ends. timeout After timeout occurs. next config quota edit {id} # FortiGuard traffic quota settings. set id {integer} ID number. range[0-4294967295] set category {string} FortiGuard categories to apply quota to (category action must be set to monitor). set type {time | traffic} Quota type. time Use a time-based quota. traffic Use a traffic-based quota. set unit {B | KB | MB | GB} Traffic quota unit of measurement. B Quota in bytes. KB Quota in kilobytes. MB Quota in megabytes. GB Quota in gigabytes. set value {integer} Traffic quota value. range[1-4294967295] set duration {string} Duration of quota. set override-replacemsg {string} Override replacement message. size[28] next set max-quota-timeout {integer} Maximum FortiGuard quota used by single page view in seconds (excludes streams). range[1-86400] set rate-image-urls {disable | enable} Enable/disable rating images by URL. set rate-javascript-urls {disable | enable} Enable/disable rating JavaScript by URL. set rate-css-urls {disable | enable} Enable/disable rating CSS by URL. set rate-crl-urls {disable | enable} Enable/disable rating CRL by URL. set wisp {enable | disable} Enable/disable web proxy WISP. config wisp-servers edit {name} # WISP servers. set name {string} Server name. size[64] - datasource(s): web-proxy.wisp.name next set wisp-algorithm {primary-secondary | round-robin | auto-learning} WISP server selection algorithm. primary-secondary Select the first healthy server in order. round-robin Select the next healthy server. auto-learning Select the lightest loading healthy server. set log-all-url {enable | disable} Enable/disable logging all URLs visited. set web-content-log {enable | disable} Enable/disable logging logging blocked web content. set web-filter-activex-log {enable | disable} Enable/disable logging ActiveX. set web-filter-command-block-log {enable | disable} Enable/disable logging blocked commands. set web-filter-cookie-log {enable | disable} Enable/disable logging cookie filtering. set web-filter-applet-log {enable | disable} Enable/disable logging Java applets. set web-filter-jscript-log {enable | disable} Enable/disable logging JScripts. set web-filter-js-log {enable | disable} Enable/disable logging Java scripts. set web-filter-vbs-log {enable | disable} Enable/disable logging VBS scripts. set web-filter-unknown-log {enable | disable} Enable/disable logging unknown scripts. set web-filter-referer-log {enable | disable} Enable/disable logging referrers. set web-filter-cookie-removal-log {enable | disable} Enable/disable logging blocked cookies. set web-url-log {enable | disable} Enable/disable logging URL filtering. set web-invalid-domain-log {enable | disable} Enable/disable logging invalid domain names. set web-ftgd-err-log {enable | disable} Enable/disable logging rating errors. set web-ftgd-quota-usage {enable | disable} Enable/disable logging daily quota usage. set extended-log {enable | disable} Enable/disable extended logging for web filtering. set web-extended-all-action-log {enable | disable} Enable/disable extended any filter action logging for web filtering. next end