wanopt : webcache
Use this command to change how the WAN optimization web cache operates. In most cases the default settings are acceptable. However you may want to change these settings to improve performance or optimize the cache for your configuration.
config wanopt webcache
set always-revalidate {enable | disable}
set always-revalidate {enable | disable}
set cache-cookie {enable | disable}
set cache-expired {enable | disable}
set default-ttl <expiry_time>
set fresh-factor <fresh_percent>
set ignore-conditional {enable | disable}
set ignore-ie-reload {enable | disable}
set ignore-ims {enable | disable}
set ignore-pnc {enable | disable}
set max-object-size <object_size>
set max-ttl <expiry_time>
set min-ttl <expiry_time>
set neg-resp-time <response_time>
set reval-pnc {enable | disable}
always-revalidate {enable | disable}
Enable to always to revalidate the requested cached object with content on the server before serving it to the client.
cache-cookie {enable | disable}
Enable caching of cookies. Typically a HTTP response with a cookie contains data for a specific user, so cookie caching is best not done.
cache-expired {enable | disable}
Applies only to type-1 objects. When this setting is enabled, type-1 objects that are already expired at the time of acquisition are cached (if all other conditions make the object cachable). When this setting is disabled, already expired type-1 objects become non-cachable at the time of acquisition.
default-ttl <expiry_time>
The default expiry time for objects that do not have an expiry time set by the web server. The default expiry time is 1440 minutes (24 hours).
fresh-factor <fresh_percent>
Set the fresh factor as a percentage. The default is 100, and the range is 1 to 100. For cached objects that don’t have an expiry time, the web cache periodically checks the server to see if the object has expired. The higher the fresh factor the less often the checks occur.
ignore-conditional {enable | disable}
Enable or disable controlling the behavior of cache-control header values. HTTP 1.1 provides additional controls to the client over the behavior of caches concerning the staleness of the object. Depending on various Cache-Control headers, the FortiGate unit can be forced to consult the OCS before serving the object from the cache. For more information about the behavior of cache-control header values, see RFC 2616.
ignore-ie-reload {enable | disable}
Some versions of Internet Explorer issue Accept / header instead of Pragma nocache header when you select Refresh. When an Accept header has only the / value, the FortiGate unit treats it as a PNC header if it is a type-N object.
When this option is enabled, the FortiGate unit ignores the PNC interpretation of the Accept: / header.
ignore-ims {enable | disable}
Be default, the time specified by the if-modified-since (IMS) header in the client's conditional request is greater than the last modified time of the object in the cache, it is a strong indication that the copy in the cache is stale. If so, HTTP does a conditional GET to the Overlay Caching Scheme (OCS), based on the last modified time of the cached object. Enable ignore-ims to override this behavior.
ignore-pnc {enable | disable}
Typically, if a client sends an HTTP GET request with a pragma no-cache (PNC) or cache-control nocache header, a cache must consult the OCS before serving the content. This means that the FortiGate unit always re-fetches the entire object from the OCS, even if the cached copy of the object is fresh.
Because of this, PNC requests can degrade performance and increase server-side bandwidth utilization. However, if ignore-pmc is enabled, then the PNC header from the client request is ignored. The FortiGate unit treats the request as if the PNC header is not present at all.
max-object-size <object_size>
Set the maximum object size to cache. The default size is 512000 kbytes (512 Mbytes). This object size determines the maximum object size to store in the web cache. All objects retrieved that are larger than the maximum size are delivered to the client but are not stored in the web cache. Range: 1 to 2 147 483 kBytes.
max-ttl <expiry_time>
The maximum amount of time an object can stay in the web cache without checking to see if it has expired on the server. The default is 7200 minutes (120 hours or 5 days).
min-ttl <expiry_time>
The minimum amount of time an object can stay in the web cache before checking to see if it has expired on the server. The default is 5 minutes.
neg-resp-time <response_time>
Set how long in minutes to cache negative responses. The default is 0, meaning negative responses are not cached. The content server might send a client error code (4xx HTTP response) or a server error code (5xx HTTP response) as a response to some requests. If the web cache is configured to cache these negative responses, it returns that response in subsequent requests for that page or image for the specified number of minutes.
reval-pnc {enable | disable}
The pragma-no-cache (PNC) header in a client's request can affect the efficiency of the FortiGate unit from a bandwidth gain perspective. If you do not want to completely ignore PNC in client requests (which you can do by using the ignore PNC option configuration), you can lower the impact of the PNC by enabling reval-pnc. When the reval-pnc is enabled, a client's non-conditional PNC-GET request results in a conditional GET request sent to the OCS if the object is already in the cache. This gives the OCS a chance to return the 304 Not Modified response, consuming less server-side bandwidth, because it has not been forced to return full content even though the contents have not actually changed. By default, the revalidate PNC configuration is disabled and is not affected by changes in the top-level profile. When the Substitute Get for PNC configuration is enabled, the revalidate PNC configuration has no effect.
Most download managers make byte-range requests with a PNC header. To serve such requests from the cache, the reval-pnc option should be enabled along with byte-range support.