firewall : profile-protocol-options : config http
config http
Configure HTTP protocol options.
ports <port_number_list>
Enter a space-separated list of port numbers to scan for HTTP content.
inspect-all {enable | disable}
Enable to monitor all ports for the HTTP protocol. If you enable this option you can’t select a port.
options {chunkedbypass | clientcomfort | no‑content‑summary | oversize | servercomfort}
Select one or more options apply to HTTP sessions. To select more than one, enter the option names separated by a space.
chunkedbypass — allow web sites that use chunked encoding for HTTP to bypass the firewall. Chunked encoding means the HTTP message body is altered to allow it to be transferred in a series of chunks. Use of this feature is a risk. Malicious content could enter the network if web content is allowed to bypass the firewall.
clientcomfort — apply client comforting and prevent client timeout.
no-content-summary — do not add content information from the dashboard.
oversize — block files that are over the file size limit.
servercomfort — apply server comforting and prevent server timeout.
block-page-status-code <integer>
Set a return code for HTTP replacement pages.
This field is only for the HTTP service.
comfort-interval <interval_int>
Enter the time in seconds to wait before client comforting starts after a download has begun. It is also the interval between subsequent client comforting sends. The range is 1 to 900 seconds.
comfort-amount <amount_int>
Enter the number of bytes client comforting sends each interval to show that an HTTP download is progressing. The range is 1 to 10240 bytes.
fortinet-bar {enable | disable}
Enable or disable Fortinet Bar on HTML pages.
fortinet-bar-port <port_int>
Specify port for Fortinet Bar.
post-lang <charset1> [<charset2>... <charset5>]
For HTTPS post pages, because character sets are not always accurately indicated in HTTPS posts, you can use this option to specify up to five character set encodings. The FortiGate unit performs a forced conversion of HTTPS post pages to UTF-8 for each specified character set. After each conversion the FortiGate unit applies web content filtering and DLP scanning to the content of the converted page.
Specifying multiple character sets reduces web filtering and DLP performance.
oversize-limit <size_int>
Enter the maximum in-memory file size that will be scanned, in megabytes. If the file is larger than the oversize-limit, the file is passed or blocked, depending on whether oversize is a selected HTTP option. The maximum file size for scanning in memory is 10% of the FortiGate unit’s RAM.
retry-count <retry_int>
Enter the number of times to retry establishing an HTTP connection when the connection fails on the first try. The range is 0 to 100.
This allows the web server proxy to repeat the connection attempt on behalf of the browser if the server refuses the connection the first time. This works well and reduces the number of hang-ups or page not found errors for busy web servers.
Entering zero (0) effectively disables this feature.
scan-bzip2 {enable | disable}
Enable to allow the antivirus engine to scan the contents of bzip2 compressed files. Requires antivirus engine 1.90 for full functionality. Bzip2 scanning is extemely CPU intensive. Unless this feature is required, leave scan-bzip2 disabled.
status {enable | disable}
Enable or disable HTTP protocol inspection.
streaming-content-bypass {enable | disable}
Enable to allow streaming content to be bypassed rather than buffered.
switching-protocols {block | bypass}
Choose whether when the protocol switches, the new protocol is blocked or bypassed from scanning.
uncompnestlimit <depth_int>
Set the maximum number of archives in depth the AV engine will scan with nested archives. The limit is from 2 to 100. The supported compression formats are arj, bzip2, cab, gzip, lha, lzh, msc, rar, tar, and zip. Bzip2 support is disabled by default.
uncompsizelimit <MB_int>
Set the maximum uncompressed file size that can be buffered to memory for virus scanning. Enter a value in megabytes between 1 and the maximum oversize threshold. Enter “?” to display the range for your FortiGate unit. Enter 0 for no limit (not recommended).