Changing HTTP headers
You can create explicit web proxy profiles that can add, remove and change HTTP headers. The explicit web proxy profile can be added to a web explicit proxy policy and will be applied to all of the HTTP traffic accepted by that policy.
You can change the following HTTP headers:
- client-ip
- via header for forwarded requests
- via header for forwarded responses
- x-forwarded-for
- front-end-https
For each of these headers you can set the action to:
- Pass to forward the traffic without changing the header
- Add to add the header
- Remove to remove the header
You can also configure how the explicit web proxy handles custom headers. The proxy can add or remove custom headers from requests or responses. If you are adding a header you can specify the content to be included in the added header.
Create web proxy profiles from the CLI:
config web-proxy profile edit <name>
set header-client-ip {add | pass | remove} set header-via-request {add | pass | remove} set header-via-response {add | pass | remove}
set header-x-forwarded-for {add | pass | remove}
set header-front-end-https {add | pass | remove}
config headers edit <id>
set action {add-to-request | add-to-response | remove-from-request |
remove-from-response}
set content <string>
set name <name>
end
end
Use the following command to add a web proxy profile to an explicit proxy policy:
config firewall explicit-proxy-policy edit <id>
set webproxy-profile <name>
end
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!