Rewrites/redirects are not supported in all modes. See the FortiWeb Administration Guide. |
Variable | Description | Default |
<url-rewrite-rule_name> | Type the name of a new or existing rule. The maximum length is 35 characters. To display the list of existing rules, type: edit ? | No default. |
action {403‑forbidden | redirect | redirect‑301 | http‑body‑rewrite | http-header‑rewrite | location-rewrite} | Select either: • 403-forbidden — Send a 403 (Forbidden) response to the client. • redirect — Send a 302 (Moved Temporarily) response to the client, with a new Location: field in the HTTP header. • redirect-301 — Send a 301 (Moved Permanently) response to the client, with a new Location: field in the HTTP header. • http-body-rewrite — Replace the specific HTTP content in the body of responses. • http-header-rewrite — Rewrite the host, referer and request URL fields in HTTP header. • location-rewrite — Rewrite the location string in a 302 redirect. | http-header-rewrite |
host {<server_fqdn> | <server_ipv4> | <host_pattern>} | Type the FQDN of the host, such as store.example.com, to which the request will be redirected. The maximum length is 255 characters. This option is available only when host-status is enabled and action is http-header‑rewrite. This field supports back references such as $0 to the parts of the original request that matched any capture groups that you entered in reg-exp <object_pattern> for each object in the condition table. (A capture group is a regular expression, or part of one, surrounded in parentheses.) Use $n (0 <= n <= 9) to invoke a substring, where n is the order of appearance of the regular expression, from left to right, from outside to inside, then from top to bottom. For example, regular expressions in the condition table in this order: (a)(b)(c(d))(e) (f) would result in invokable variables with the following values: • $0 — a • $1 — b • $2 — cd • $3 — d • $4 — e • $5 — f | No default. |
host-status {enable | disable} | Enable to rewrite the Host: field or host name part of the Referer: field. When disabled, the FortiWeb appliance preserves the value from the client’s request when rewriting it. This option is available only when action is http-header‑rewrite. | disable |
host-use-pserver {enable | disable} | Enable this when you have a server farm for server balance or content routing. In this case you do not know which server in the server farm the FortiWeb appliance will use. When FortiWeb processes the request, it sets the value for the actual host. This option is available only when host-status is enabled and action is http-header‑rewrite. Any setting you make for host is ignored. | disable |
url <replacement-url_str> | Type the string, such as /catalog/item1, that will replace the request URL. The maximum length is 255 characters. This option is available only when url-status is enabled and action is http-header‑rewrite. Do not include the name of the web host, such as www.example.com, nor the protocol, which are configured separately in host {<server_fqdn> | <server_ipv4> | <host_pattern>}. Like host, this field supports back references such as $0 to the parts reg-exp <object_pattern> for each object in the condition table. For an example, see the FortiWeb Administration Guide. | No default. |
url-status {enable | disable} | Enable to rewrite the URL part of the request URL. If you disable this option, the FortiWeb appliance preserves the value from the client’s request when it rewrites it. This option is available only when action is http-header‑rewrite. | disable |
location <location_str> | Enter the replacement value for the Location: field in the HTTP header for the 302 response. The maximum length is 255 characters. This option is available only when action is redirect. | No default. |
location_replace <location_str> | Type the URL string that provides a location for use in a 302 HTTP redirect response from a web server connected to FortiWeb. The maximum length is 255 characters. This option is available only when action is location-rewrite. | No default. |
referer-status {enable | disable} | Enable to rewrite the Referer: field in the HTML header. Also configure referer <referer-url_str> and referer-use-pserver {enable | disable}. | disable |
referer <referer-url_str> | Type the replacement value for the Referer: field in the HTML header. The maximum length is 255 characters. This option is available only when referer-status is enabled. | No default. |
referer-use-pserver {enable | disable} | Enable this when you have a server farm for server balance or content routing. In this case you do not know which server in the server farm the FortiWeb appliance will use. When FortiWeb processes the request, it sets the value for the actual referer. This option is available only when referer-status is enabled and action is http-header‑rewrite. Any setting you make for referer is ignored. | disable |
body_replace <replacement_str> | Type the value that will replace matching HTTP content in the body of responses. The maximum is 255 characters. For an example, see the FortiWeb Administration Guide. This option is available only when action is http-body-rewrite. | No default. |
<entry_index> | Type the index number of the individual entry in the table. The valid range is from 1 to 9,999,999,999,999,999,999. | No default. |
content-filter {enable | disable} | Enable if you want to match this condition only for specific HTTP content types (also called Internet or MIME file types) such as text/html, as indicated in the Content-Type: HTTP header. Also configure content-type-set {text/html text/plain text/javascript application/xml(or)text/xml application/javascript application/soap+xml application/x-javascript}. | disable |
content-type-set {text/html text/plain text/javascript application/xml(or)text/xml application/javascript application/soap+xml application/x-javascript} | Type the HTTP content types that you want to match in a space-delimited list, such as: set content-type-set text/html text/plain | No default. |
HTTP-protocol {http | https} | Select which protocol will match this condition, either HTTP or HTTPS. This option is applicable only if protocol-filter is set to enable. | http |
is-essential {yes | no} | Select what to do if there is no Referer: field, either: • no — Meet this condition. • yes — Do not meet this condition. Requests can lack a Referer: field for several reasons, such as if the user manually types the URL, and the request does not result from a hyperlink from another web site, or if the URL resulted from an HTTPS connection. (See the RFC 2616 section on the Referer: field.) In those cases, the field cannot be tested for a matching value. This option appears only if object is http-reference. | yes |
object {http-host | http-reference | http-url} | Select which part of the HTTP request to test for a match: • http-host • http-url • http-reference (the Referer: field) If the request must match multiple conditions (for example, it must contain both a matching Host: field and a matching URL), add each object match condition to the condition table separately. | http-host |
protocol-filter {enable | disable} | Enable if you want to match this condition only for either HTTP or HTTPS. Also configure HTTP-protocol {http | https}. For example, you could redirect clients that accidentally request the login page by HTTP to a more secure HTTPS channel — but the redirect is not necessary for HTTPS requests. As another example, if URLs in HTTPS requests should be exempt from rewriting, you could configure the rewriting rule to apply only to HTTP requests. | disable |
reg-exp <object_pattern> | Depending on your selection in object {http-host | http-reference | http-url} and reverse-match {yes | no}, type a regular expression that defines either all matching or all non-matching Host: fields, URLs, or Referer: fields. Then, also configure reverse-match {yes | no}. For example, for the URL rewriting rule to match all URLs that begin with /wordpress, you could enter ^/wordpress, then, in reverse-match {yes | no}, select no. The pattern is not required to begin with a slash ( / ). The maximum length is 255 characters. Note: Regular expressions beginning with an exclamation point ( ! ) are not supported. Instead, use reverse-match {yes | no}. | No default. |
reverse-match {yes | no} | Indicate how to use reg-exp <object_pattern> when determining whether or not this URL rewriting condition has been met. • no — If the regular expression does match the request object, the condition is met. • yes — If the regular expression does not match the request object, the condition is met. The effect is equivalent to preceding a regular expression with an exclamation point ( ! ). If all conditions are met, the FortiWeb appliance will do your selected action. | no |