webfilter : profile : config ftgd-wf
 
config ftgd-wf
Configure FortiGuard Web Filtering options.
For the enable, disable, allow, deny, log, ovrd, ftgd-wf-ssl-exempt options, to view a list of available category codes with their descriptions, enter get, then find entries such as g01 Potentially Liable, 1 Drug Abuse, and c06 Spam URL. Separate multiple codes with a space. To delete entries, use the unset command to delete the entire list.
Variable
Description
Default
category‑override <category_str>
Enable local categories to take precedence over FortiGuard Web Filtering categories. Enter category numbers or group numbers separated by spaces.
null
exempt-quota {all | <category_str>}
Do not stop quota for these categories.
null
max-quota-timeout <integer>
Maximum FortiGuard quote used by a single page view in seconds (excludes streams). The range is from 1 to 86400.
300
options {connect‑request‑bypass | error‑allow | ftgd‑disable | http‑err‑detail | rate‑server‑ip | redir‑block}
Select options for FortiGuard web filtering, separating multiple options with a space.
connect-request-bypass — (http only) bypass FortiGuard Web Filtering for HTTP sessions to the same address as bypassed HTTPS connections.
error-allow — allow web pages with a rating error to pass through.
ftgd‑disable — disable FortiGuard.
http-err-detail — display a replacement message for 4xx and 5xx HTTP errors. If error pages are allowed, malicious or objectionable sites could use these common error pages to circumvent web category blocking. This option does not apply to HTTPS.
rate-server-ip — send both the URL and the IP address of the requested site for checking, providing additional security against attempts to bypass the FortiGuard system.
redir-block — block HTTP redirects. Many web sites use HTTP redirects legitimately; however, in some cases, redirects may be designed specifically to circumvent web filtering, as the initial web page could have a different rating than the destination web page of the redirect.
ftgd-disable
ovrd <id>/g<id>
Allow override of the web filter profile.
null
rate-crl-urls
Enable/disable rating CRL by URL.
enable
rate-css-urls
Enable/disable rating CSS by URL.
enable
rate-image-urls
Rate images by URL. Blocked images are replaced with blanks. This option does not apply to HTTPS.
enable
rate-javascript-urls
Enable/disable rating javascripts by URL.
enable
Variables for config filters
<id_str>
Enter the ID number of the filter. Enter a new number to create a new filter. Enter an existing number to edit a filter.
 
action {authenticate | block | monitor | warning}
Enter the action to take for matches.
authenticate permits authenticated users to load the web page.
block prevents the user from loading the web page.
monitor permits the user to load the web page but logs the action.
warning requires that the user acknowledge a warning before they can proceed.
block
auth-usr-group [group1 ...groupn]
Enter the user groups who are permitted to authenticate.
This is available if action is authenticate.
No default.
category {category_int group_str}
Enter the categories and groups the filter will examine.
No default.
log {enable | disable}
Enable or disable logging for this filter.
enable
warn-duration <dur_string>
Set duration (nnhnnmnns, 23h59m59s for example) of warning.
This is available when action is warning or authenticated.
5m