Changing HTTP headers

Changing HTTP headers

You can create explicit web proxy profiles that can add, remove and change HTTP headers. The explicit web proxy profile can be added to a web explicit proxy policy and will be applied to all of the HTTP traffic accepted by that policy.

 

You can change the following HTTP headers:

  • client-ip
  • via header for forwarded requests
  • via header for forwarded responses
  • x-forwarded-for
  • front-end-https

 

For each of these headers you can set the action to:

  • Pass to forward the traffic without changing the header
  • Add to add the header
  • Remove to remove the header

You can also configure how the explicit web proxy handles custom headers. The proxy can add or remove custom headers from requests or responses. If you are adding a header you can specify the content to be included in the added header.

 

Create web proxy profiles from the CLI:

config web-proxy profile edit <name>

set header-client-ip {add | pass | remove} set header-via-request {add | pass | remove} set header-via-response {add | pass | remove}

set header-x-forwarded-for {add | pass | remove}

set header-front-end-https {add | pass | remove}

config headers edit <id>

set action {add-to-request | add-to-response | remove-from-request |

remove-from-response}

set content <string>

set name <name>

end

end

 

Use the following command to add a web proxy profile to an explicit proxy policy:

config firewall explicit-proxy-policy edit <id>

set webproxy-profile <name>

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiGate, FortiOS, FortiOS 5.4 Handbook and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.