webfilter profile
Use this command configure web filter profiles.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
| Command | Description |
|---|---|
|
config ftgd-wf set options {http-err-detail | ...} next ... |
Removed deprecated option |
|
set extended-log {enable | disable} set web-extended-all-action-log {enable | disable} |
When extended UTM log is enabled, more HTTP header information will be logged when a UTM event happens. Note that the following HTTP header fields are included in extended-log: http method, client content type, server content type, user agent, referer, and x-forward-for. |
|
set youtube-channel-status [disable | blacklist | whitelist] config youtube-channel-filter edit <id> set channel-id <url-channel-id> set comment [comment] next ... |
Allow or block certain YouTube channels with new YouTube channel filter options. When defining Note that |
config webfilter profile
edit {name}
# Configure Web filter profiles.
set name {string} Profile name. size[35]
set comment {string} Optional comments. size[255]
set replacemsg-group {string} Replacement message group. size[35] - datasource(s): system.replacemsg-group.name
set inspection-mode {proxy | flow-based} Web filtering inspection mode.
proxy Proxy.
flow-based Flow based.
set options {option} Options.
activexfilter ActiveX filter.
cookiefilter Cookie filter.
javafilter Java applet filter.
block-invalid-url Block sessions contained an invalid domain name.
jscript Javascript block.
js JS block.
vbs VB script block.
unknown Unknown script block.
intrinsic Intrinsic script block.
wf-referer Referring block.
wf-cookie Cookie block.
per-user-bwl Per-user black/white list filter
set https-replacemsg {enable | disable} Enable replacement messages for HTTPS.
set ovrd-perm {bannedword-override | urlfilter-override | fortiguard-wf-override | contenttype-check-override} Permitted override types.
bannedword-override Banned word override.
urlfilter-override URL filter override.
fortiguard-wf-override FortiGuard Web Filter override.
contenttype-check-override Content-type header override.
set post-action {normal | block} Action taken for HTTP POST traffic.
normal Normal, POST requests are allowed.
block POST requests are blocked.
config override
set ovrd-cookie {allow | deny} Allow/deny browser-based (cookie) overrides.
allow Allow browser-based (cookie) override.
deny Deny browser-based (cookie) override.
set ovrd-scope {option} Override scope.
user Override for the user.
user-group Override for the user's group.
ip Override for the initiating IP.
browser Create browser-based (cookie) override.
ask Prompt for scope when initiating an override.
set profile-type {list | radius} Override profile type.
list Profile chosen from list.
radius Profile determined by RADIUS server.
set ovrd-dur-mode {constant | ask} Override duration mode.
constant Constant mode.
ask Prompt for duration when initiating an override.
set ovrd-dur {string} Override duration.
set profile-attribute {option} Profile attribute to retrieve from the RADIUS server.
User-Name Use this attribute.
NAS-IP-Address Use this attribute.
Framed-IP-Address Use this attribute.
Framed-IP-Netmask Use this attribute.
Filter-Id Use this attribute.
Login-IP-Host Use this attribute.
Reply-Message Use this attribute.
Callback-Number Use this attribute.
Callback-Id Use this attribute.
Framed-Route Use this attribute.
Framed-IPX-Network Use this attribute.
Class Use this attribute.
Called-Station-Id Use this attribute.
Calling-Station-Id Use this attribute.
NAS-Identifier Use this attribute.
Proxy-State Use this attribute.
Login-LAT-Service Use this attribute.
Login-LAT-Node Use this attribute.
Login-LAT-Group Use this attribute.
Framed-AppleTalk-Zone Use this attribute.
Acct-Session-Id Use this attribute.
Acct-Multi-Session-Id Use this attribute.
config ovrd-user-group
edit {name}
# User groups with permission to use the override.
set name {string} User group name. size[64] - datasource(s): user.group.name
next
config profile
edit {name}
# Web filter profile with permission to create overrides.
set name {string} Web profile. size[64] - datasource(s): webfilter.profile.name
next
config web
set bword-threshold {integer} Banned word score threshold. range[0-2147483647]
set bword-table {integer} Banned word table ID. range[0-4294967295] - datasource(s): webfilter.content.id
set urlfilter-table {integer} URL filter table ID. range[0-4294967295] - datasource(s): webfilter.urlfilter.id
set content-header-list {integer} Content header list. range[0-4294967295] - datasource(s): webfilter.content-header.id
set blacklist {enable | disable} Enable/disable automatic addition of URLs detected by FortiSandbox to blacklist.
set whitelist {option} FortiGuard whitelist settings.
exempt-av Exempt antivirus.
exempt-webcontent Exempt web content.
exempt-activex-java-cookie Exempt ActiveX-JAVA-Cookie.
exempt-dlp Exempt DLP.
exempt-rangeblock Exempt RangeBlock.
extended-log-others Support extended log.
set safe-search {url | header} Safe search type.
url Insert safe search string into URL.
header Insert safe search header.
set youtube-restrict {none | strict | moderate} YouTube EDU filter level.
none Full access for YouTube.
strict Strict access for YouTube.
moderate Moderate access for YouTube.
set log-search {enable | disable} Enable/disable logging all search phrases.
config keyword-match
edit {pattern}
# Search keywords to log when match is found.
set pattern {string} Pattern/keyword to search for. size[64]
next
set youtube-channel-status {disable | blacklist | whitelist} YouTube channel filter status.
disable Disable YouTube channel filter.
blacklist Block matches.
whitelist Allow matches.
config youtube-channel-filter
edit {id}
# YouTube channel filter.
set id {integer} ID. range[0-4294967295]
set channel-id {string} YouTube channel ID to be filtered. size[255]
set comment {string} Comment. size[255]
next
config ftgd-wf
set options {error-allow | rate-server-ip | connect-request-bypass | ftgd-disable} Options for FortiGuard Web Filter.
error-allow Allow web pages with a rating error to pass through.
rate-server-ip Rate the server IP in addition to the domain name.
connect-request-bypass Bypass connection which has CONNECT request.
ftgd-disable Disable FortiGuard scanning.
set exempt-quota {string} Do not stop quota for these categories.
set ovrd {string} Allow web filter profile overrides.
config filters
edit {id}
# FortiGuard filters.
set id {integer} ID number. range[0-255]
set category {integer} Categories and groups the filter examines. range[0-255]
set action {block | authenticate | monitor | warning} Action to take for matches.
block Block access.
authenticate Authenticate user before allowing access.
monitor Allow access while logging the action.
warning Allow access after warning the user.
set warn-duration {string} Duration of warnings.
config auth-usr-grp
edit {name}
# Groups with permission to authenticate.
set name {string} User group name. size[64] - datasource(s): user.group.name
next
set log {enable | disable} Enable/disable logging.
set override-replacemsg {string} Override replacement message. size[28]
set warning-prompt {per-domain | per-category} Warning prompts in each category or each domain.
per-domain Per-domain warnings.
per-category Per-category warnings.
set warning-duration-type {session | timeout} Re-display warning after closing browser or after a timeout.
session After session ends.
timeout After timeout occurs.
next
config quota
edit {id}
# FortiGuard traffic quota settings.
set id {integer} ID number. range[0-4294967295]
set category {string} FortiGuard categories to apply quota to (category action must be set to monitor).
set type {time | traffic} Quota type.
time Use a time-based quota.
traffic Use a traffic-based quota.
set unit {B | KB | MB | GB} Traffic quota unit of measurement.
B Quota in bytes.
KB Quota in kilobytes.
MB Quota in megabytes.
GB Quota in gigabytes.
set value {integer} Traffic quota value. range[1-4294967295]
set duration {string} Duration of quota.
set override-replacemsg {string} Override replacement message. size[28]
next
set max-quota-timeout {integer} Maximum FortiGuard quota used by single page view in seconds (excludes streams). range[1-86400]
set rate-image-urls {disable | enable} Enable/disable rating images by URL.
set rate-javascript-urls {disable | enable} Enable/disable rating JavaScript by URL.
set rate-css-urls {disable | enable} Enable/disable rating CSS by URL.
set rate-crl-urls {disable | enable} Enable/disable rating CRL by URL.
set wisp {enable | disable} Enable/disable web proxy WISP.
config wisp-servers
edit {name}
# WISP servers.
set name {string} Server name. size[64] - datasource(s): web-proxy.wisp.name
next
set wisp-algorithm {primary-secondary | round-robin | auto-learning} WISP server selection algorithm.
primary-secondary Select the first healthy server in order.
round-robin Select the next healthy server.
auto-learning Select the lightest loading healthy server.
set log-all-url {enable | disable} Enable/disable logging all URLs visited.
set web-content-log {enable | disable} Enable/disable logging logging blocked web content.
set web-filter-activex-log {enable | disable} Enable/disable logging ActiveX.
set web-filter-command-block-log {enable | disable} Enable/disable logging blocked commands.
set web-filter-cookie-log {enable | disable} Enable/disable logging cookie filtering.
set web-filter-applet-log {enable | disable} Enable/disable logging Java applets.
set web-filter-jscript-log {enable | disable} Enable/disable logging JScripts.
set web-filter-js-log {enable | disable} Enable/disable logging Java scripts.
set web-filter-vbs-log {enable | disable} Enable/disable logging VBS scripts.
set web-filter-unknown-log {enable | disable} Enable/disable logging unknown scripts.
set web-filter-referer-log {enable | disable} Enable/disable logging referrers.
set web-filter-cookie-removal-log {enable | disable} Enable/disable logging blocked cookies.
set web-url-log {enable | disable} Enable/disable logging URL filtering.
set web-invalid-domain-log {enable | disable} Enable/disable logging invalid domain names.
set web-ftgd-err-log {enable | disable} Enable/disable logging rating errors.
set web-ftgd-quota-usage {enable | disable} Enable/disable logging daily quota usage.
set extended-log {enable | disable} Enable/disable extended logging for web filtering.
set web-extended-all-action-log {enable | disable} Enable/disable extended any filter action logging for web filtering.
next
end