Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Script Reference Guide

    Home FortiWeb 8.0.0 Script Reference Guide
    8.0.0
    8.0.3
    8.0.0
    7.6.0
    7.0.2

    Decryption and Encryption

    Decryption and Encryption

    rand()

    Generates a random number, returns an integer value between 0 and RAND_MAX(2^31-1).

    Example
    when HTTP_REQUEST {
    local rand_num = rand()
    debug("rand_num=%d\n",rand_num)
}

    time()

    Returns the current time as an integer, in Unix time format.

    Example
    when HTTP_REQUEST {
    local now = time()
    debug("time now = %d\n", now)
}

    time_ms()

    Returns the current time in million seconds, in Unix time format

    Example
    when HTTP_REQUEST {
    local now_ms = time_ms()
    debug("time now in million seconds = %d\n", now_ms)
}

    ctime()

    Returns the current time as a string, For instance Thu Apr 15 09:01:46 2024 CST +0800

    Example
    when HTTP_REQUEST {
    local now_str = ctime()
    debug("time now in string format:  %s\n", now_str)
}

    md5(input_msg)

    Calculates the MD5 hash of a given string input and returns the result as a string.

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
        hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local md5_encrypted = md5_str("123")
    debug("length of md5_encrypted is %d \n", string.len(md5_encrypted))
    debug("encrypted md5 of string 123 is:  %s\n", bytes2hex(md5_encrypted))
}

    md5_hex_str(input_msg)

    Calculates the hex representation of the MD5 of a string, and returns the result as a string.

    Example
    when HTTP_REQUEST {
    local md5_encrypted_hex = md5_hex_str("123")
    debug("encrypted md5 of string 123 in hex representation is:  %s\n", md5_encrypted_hex)
}

    sha1_str(input_msg)

    Calculates the SHA1 of a string input, and returns the result as a string.

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
        hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local sha1_123 = sha1_str("123")
    debug("length of sha1_123 is %d \n", string.len(sha1_123))
    debug("encrypted sha1 of string 123  is:  %s\n", bytes2hex(sha1_123))
}

    sha1_123_hex(input_msg)

    Calculates the hex representation of SHA1 of a string input, and returns the result as a string.

    Example
    when HTTP_REQUEST {
    local sha1_123_hex = sha1_hex_str("123")
    debug("encrypted sha1 of string 123 in hex representation is:  %s\n", sha1_123_hex)
}

    sha256_str(input_msg)

    Calculates the SHA256 of a string input, and returns the result as a string.

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
        hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local sha256_123 = sha256_str("123")
    debug("length of sha256_123 is %d \n", string.len(sha256_123))
    debug("encrypted sha256 of string 123  is:  %s\n", bytes2hex(sha256_123))
}

    sha256_hex_str(input_msg)

    Calculates the hex representation of SHA1 of a string input, and return the result as a string.

    Example
    when HTTP_REQUEST {
    local sha256_123_hex = sha256_hex_str("123")
    debug("encrypted sha256 of string 123 in hex representation is:  %s\n", sha256_123_hex)
}

    sha512_123(input_msg)

    Calculates the SHA512 of a string input, and returns the result as a string.

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
        hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local sha512_123 = sha512_str("123")
    debug("length of sha512_123 is %d \n", string.len(sha512_123))
    debug("encrypted sha512 of string 123  is:  %s\n", bytes2hex(sha512_123))
}

    sha512_123_hex(input_msg)

    Calculates the hex representation of SHA1 of a string input, and returns the result in string representation.

    Example
    when HTTP_REQUEST {
    local sha512_123_hex = sha512_hex_str("123")
    debug("encrypted sha512 of string 123 in hex representation is:  %s\n", sha512_123_hex)
}

    base64_enc(input_msg)

    Encodes a string input in base64 and outputs the results in string format.

    Example
    when HTTP_REQUEST {
    local b64_msg = base64_enc("https://www.base64encode.org/")
    debug("base64 encoded message is:  %s\n", b64_msg)
}

    base64_dec(input_msg)

    Decodes a base64 encoded string input and outputs the results in string format.

    Example
    when HTTP_REQUEST {
    local b64_dec_msg = base64_dec(b64_msg)
    debug("base64 decoded message is:  %s\n", b64_dec_msg)
}

    base32_enc(input_msg)

    Encodes a string input in base32 and outputs the results in string format.

    Example
    when HTTP_REQUEST {
    local b32_msg = base32_enc("https://www.base64encode.org/")
    debug("base32 encoded message is:  %s\n", b32_msg)
}

    base32_dec(input_msg)

    Decodes a base32 encoded string input and outputs the results in string format.

    Example
    when HTTP_REQUEST {
    local b32_dec_msg = base32_dec(b32_msg)
    debug("base32 decoded message is:  %s\n", b32_dec_msg)
}

    htonl(input_msg)

    Converts a long integer input into network byte order.

    Example
    when HTTP_REQUEST {
    local network_a  = htonl(32)
    debug("htonl of 32 is:  %s\n", network_a)
}

    htons(input_msg)

    Converts a short integer input into network byte order.

    Example
    when HTTP_REQUEST {
local network_a_short  = htons(32)
debug("htons of 32 is:  %s\n", network_a_short)
}

    htons(input_msg)

    Converts a long integer input into host byte order. Keep in mind, htonl(ntohl(x)) == x.

    Example
    when HTTP_REQUEST {
    local host_a = ntohl(network_a)
    debug("ntohl of network_a is:  %s\n", host_a)
}

    host_a_short(input_msg)

    Converts a short integer input into host byte order.

    Example
    when HTTP_REQUEST {
    local host_a_short = ntohs(network_a_short)
    debug("ntohs of network_a_short is:  %s\n", host_a_short)
}

    to_hex(input_msg)

    Converts a string to its hex representation.

    Example
    when HTTP_REQUEST {
    local hexit = to_hex("it")
    debug("hexit is:  %s\n", hexit)
}

    crc32(input_msg)

    Returns the crc32 check value of the string, return value is the crc32 code.

    Example
    when HTTP_REQUEST {
    local crc32_code = crc32("123456789")
    debug("CRC 32 code is:  %d\n", crc32_code)
}

    key_gen(pass, salt, iter, key_len)

    Derives an AES key from a password using a salt and iteration count as specified in RFC 2898 (Password-Based Key Derivation Function 2 with HMAC-SHA256).

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
       hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local new_key = key_gen("pass", "salt", 32, 32)
    debug("new key is %s\n", bytes2hex(new_key))
}

    aes_enc("your message", "paste your key here", Key Size)

    Encrypts a string using AES algorithm.

    Example

    The following is a helper function to convert byte string into hex representation.

    when HTTP_REQUEST {
    local aes_encrypted = aes_enc("your message", "paste your key here", 128)
    debug("encrypted in hex is %s, after b64 encoding %s\n", to_hex(aes_encrypted), base64_enc(aes_encrypted))
}

    aes_decrypted("your message", "paste your key here", Key Size)

    Decrypt a string using AES algorithm.

    Example
    when HTTP_REQUEST {
    local aes_decrypted = aes_dec(aes_encrypted, "paste your key here", 128);
    debug("decrypted msg is %s\n", aes_decrypted)
}

    EVP_Digest(alg, str)

    EVP_Digest(alg, str) EVP_Digest for one-shot digest calculation.

    Example
    when HTTP_REQUEST {
    local evpd = EVP_Digest("MD5", "your data")
    debug("the digest in hex is %s\n", bytes2hex(evpd))
}

    HMAC(alg, "your data", "paste your key here")

    HMAC message authentication code.

    Example
    when HTTP_REQUEST {
    local hm = HMAC("SHA256", "your data", "paste your key here")
    debug("the HMAC in hex is %s\n", bytes2hex(hm))
}

    HMAC_verify(alg, msg, key, verify)

    Checks if the signature is same as the current digest.

    Example
    when HTTP_REQUEST {
    local is_same = HMAC_verify("SHA256", "your data", "paste your key here", hm)
    if is_same then
        debug("HMAC verified\n")
    else
        debug("HMAC not verified\n")
    end
}

    rand_hex(input)

    Generates a random number in HEX.

    Example
    when HTTP_REQUEST {
    local rand_h = rand_hex(16);
    debug("the random hex number  is %s\n", rand_h);
}

    rand_alphanum(input)

    Generates a random alphabet+number sequence.

    Example
    when HTTP_REQUEST {
    local alphanumber = rand_alphanum(16);
    debug("the alphabet+number sequence  is %s\n", alphanumber);
}

    rand_seq(input)

    Generates a random number sequence.

    Example
    when HTTP_REQUEST {
    local randseq = rand_seq(16);
    debug("the random sequence is %s\n", to_hex(randseq));
}

    url_encode(input)

    Encodes the target URL (Converts URL into a valid ASCII format, will not replace space by "+" sign).

    Example
    when HTTP_REQUEST {
    local encoded_url = url_encode("https://docs.fortinet.com/product/fortiweb/7.4");
    debug("the encoded url is %s\n", encoded_url);
}

    url_decode(input)

    Decodes the encoding-URL into its original URL.

    Example
    when HTTP_REQUEST {
    local decoded_url = url_decode(encoded_url);
    debug("the decoded url is %s\n", decoded_url);
}
    Previous
    Next

    Decryption and Encryption

    Decryption and Encryption

    rand()

    Generates a random number, returns an integer value between 0 and RAND_MAX(2^31-1).

    Example
    when HTTP_REQUEST {
    local rand_num = rand()
    debug("rand_num=%d\n",rand_num)
}

    time()

    Returns the current time as an integer, in Unix time format.

    Example
    when HTTP_REQUEST {
    local now = time()
    debug("time now = %d\n", now)
}

    time_ms()

    Returns the current time in million seconds, in Unix time format

    Example
    when HTTP_REQUEST {
    local now_ms = time_ms()
    debug("time now in million seconds = %d\n", now_ms)
}

    ctime()

    Returns the current time as a string, For instance Thu Apr 15 09:01:46 2024 CST +0800

    Example
    when HTTP_REQUEST {
    local now_str = ctime()
    debug("time now in string format:  %s\n", now_str)
}

    md5(input_msg)

    Calculates the MD5 hash of a given string input and returns the result as a string.

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
        hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local md5_encrypted = md5_str("123")
    debug("length of md5_encrypted is %d \n", string.len(md5_encrypted))
    debug("encrypted md5 of string 123 is:  %s\n", bytes2hex(md5_encrypted))
}

    md5_hex_str(input_msg)

    Calculates the hex representation of the MD5 of a string, and returns the result as a string.

    Example
    when HTTP_REQUEST {
    local md5_encrypted_hex = md5_hex_str("123")
    debug("encrypted md5 of string 123 in hex representation is:  %s\n", md5_encrypted_hex)
}

    sha1_str(input_msg)

    Calculates the SHA1 of a string input, and returns the result as a string.

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
        hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local sha1_123 = sha1_str("123")
    debug("length of sha1_123 is %d \n", string.len(sha1_123))
    debug("encrypted sha1 of string 123  is:  %s\n", bytes2hex(sha1_123))
}

    sha1_123_hex(input_msg)

    Calculates the hex representation of SHA1 of a string input, and returns the result as a string.

    Example
    when HTTP_REQUEST {
    local sha1_123_hex = sha1_hex_str("123")
    debug("encrypted sha1 of string 123 in hex representation is:  %s\n", sha1_123_hex)
}

    sha256_str(input_msg)

    Calculates the SHA256 of a string input, and returns the result as a string.

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
        hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local sha256_123 = sha256_str("123")
    debug("length of sha256_123 is %d \n", string.len(sha256_123))
    debug("encrypted sha256 of string 123  is:  %s\n", bytes2hex(sha256_123))
}

    sha256_hex_str(input_msg)

    Calculates the hex representation of SHA1 of a string input, and return the result as a string.

    Example
    when HTTP_REQUEST {
    local sha256_123_hex = sha256_hex_str("123")
    debug("encrypted sha256 of string 123 in hex representation is:  %s\n", sha256_123_hex)
}

    sha512_123(input_msg)

    Calculates the SHA512 of a string input, and returns the result as a string.

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
        hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local sha512_123 = sha512_str("123")
    debug("length of sha512_123 is %d \n", string.len(sha512_123))
    debug("encrypted sha512 of string 123  is:  %s\n", bytes2hex(sha512_123))
}

    sha512_123_hex(input_msg)

    Calculates the hex representation of SHA1 of a string input, and returns the result in string representation.

    Example
    when HTTP_REQUEST {
    local sha512_123_hex = sha512_hex_str("123")
    debug("encrypted sha512 of string 123 in hex representation is:  %s\n", sha512_123_hex)
}

    base64_enc(input_msg)

    Encodes a string input in base64 and outputs the results in string format.

    Example
    when HTTP_REQUEST {
    local b64_msg = base64_enc("https://www.base64encode.org/")
    debug("base64 encoded message is:  %s\n", b64_msg)
}

    base64_dec(input_msg)

    Decodes a base64 encoded string input and outputs the results in string format.

    Example
    when HTTP_REQUEST {
    local b64_dec_msg = base64_dec(b64_msg)
    debug("base64 decoded message is:  %s\n", b64_dec_msg)
}

    base32_enc(input_msg)

    Encodes a string input in base32 and outputs the results in string format.

    Example
    when HTTP_REQUEST {
    local b32_msg = base32_enc("https://www.base64encode.org/")
    debug("base32 encoded message is:  %s\n", b32_msg)
}

    base32_dec(input_msg)

    Decodes a base32 encoded string input and outputs the results in string format.

    Example
    when HTTP_REQUEST {
    local b32_dec_msg = base32_dec(b32_msg)
    debug("base32 decoded message is:  %s\n", b32_dec_msg)
}

    htonl(input_msg)

    Converts a long integer input into network byte order.

    Example
    when HTTP_REQUEST {
    local network_a  = htonl(32)
    debug("htonl of 32 is:  %s\n", network_a)
}

    htons(input_msg)

    Converts a short integer input into network byte order.

    Example
    when HTTP_REQUEST {
local network_a_short  = htons(32)
debug("htons of 32 is:  %s\n", network_a_short)
}

    htons(input_msg)

    Converts a long integer input into host byte order. Keep in mind, htonl(ntohl(x)) == x.

    Example
    when HTTP_REQUEST {
    local host_a = ntohl(network_a)
    debug("ntohl of network_a is:  %s\n", host_a)
}

    host_a_short(input_msg)

    Converts a short integer input into host byte order.

    Example
    when HTTP_REQUEST {
    local host_a_short = ntohs(network_a_short)
    debug("ntohs of network_a_short is:  %s\n", host_a_short)
}

    to_hex(input_msg)

    Converts a string to its hex representation.

    Example
    when HTTP_REQUEST {
    local hexit = to_hex("it")
    debug("hexit is:  %s\n", hexit)
}

    crc32(input_msg)

    Returns the crc32 check value of the string, return value is the crc32 code.

    Example
    when HTTP_REQUEST {
    local crc32_code = crc32("123456789")
    debug("CRC 32 code is:  %d\n", crc32_code)
}

    key_gen(pass, salt, iter, key_len)

    Derives an AES key from a password using a salt and iteration count as specified in RFC 2898 (Password-Based Key Derivation Function 2 with HMAC-SHA256).

    Example

    The following is a helper function to convert byte string into hex representation.

    function bytes2hex(bytestr)
    local hexString = ""
    for i = 1, string.len(bytestr) do
       hexString = hexString .. string.format("%02x", string.byte(bytestr, i))
    end
    return hexString
end
when HTTP_REQUEST {
    local new_key = key_gen("pass", "salt", 32, 32)
    debug("new key is %s\n", bytes2hex(new_key))
}

    aes_enc("your message", "paste your key here", Key Size)

    Encrypts a string using AES algorithm.

    Example

    The following is a helper function to convert byte string into hex representation.

    when HTTP_REQUEST {
    local aes_encrypted = aes_enc("your message", "paste your key here", 128)
    debug("encrypted in hex is %s, after b64 encoding %s\n", to_hex(aes_encrypted), base64_enc(aes_encrypted))
}

    aes_decrypted("your message", "paste your key here", Key Size)

    Decrypt a string using AES algorithm.

    Example
    when HTTP_REQUEST {
    local aes_decrypted = aes_dec(aes_encrypted, "paste your key here", 128);
    debug("decrypted msg is %s\n", aes_decrypted)
}

    EVP_Digest(alg, str)

    EVP_Digest(alg, str) EVP_Digest for one-shot digest calculation.

    Example
    when HTTP_REQUEST {
    local evpd = EVP_Digest("MD5", "your data")
    debug("the digest in hex is %s\n", bytes2hex(evpd))
}

    HMAC(alg, "your data", "paste your key here")

    HMAC message authentication code.

    Example
    when HTTP_REQUEST {
    local hm = HMAC("SHA256", "your data", "paste your key here")
    debug("the HMAC in hex is %s\n", bytes2hex(hm))
}

    HMAC_verify(alg, msg, key, verify)

    Checks if the signature is same as the current digest.

    Example
    when HTTP_REQUEST {
    local is_same = HMAC_verify("SHA256", "your data", "paste your key here", hm)
    if is_same then
        debug("HMAC verified\n")
    else
        debug("HMAC not verified\n")
    end
}

    rand_hex(input)

    Generates a random number in HEX.

    Example
    when HTTP_REQUEST {
    local rand_h = rand_hex(16);
    debug("the random hex number  is %s\n", rand_h);
}

    rand_alphanum(input)

    Generates a random alphabet+number sequence.

    Example
    when HTTP_REQUEST {
    local alphanumber = rand_alphanum(16);
    debug("the alphabet+number sequence  is %s\n", alphanumber);
}

    rand_seq(input)

    Generates a random number sequence.

    Example
    when HTTP_REQUEST {
    local randseq = rand_seq(16);
    debug("the random sequence is %s\n", to_hex(randseq));
}

    url_encode(input)

    Encodes the target URL (Converts URL into a valid ASCII format, will not replace space by "+" sign).

    Example
    when HTTP_REQUEST {
    local encoded_url = url_encode("https://docs.fortinet.com/product/fortiweb/7.4");
    debug("the encoded url is %s\n", encoded_url);
}

    url_decode(input)

    Decodes the encoding-URL into its original URL.

    Example
    when HTTP_REQUEST {
    local decoded_url = url_decode(encoded_url);
    debug("the decoded url is %s\n", decoded_url);
}
    Previous
    Next