In some published web services in the WAF of FortiAppSec Cloud, adding 'www' to the web service's URL it is needed, like 'https://websiteapp.com' to 'https://www.websiteapp.com'. To do it, it is necessary to enable Rewriting Requests first in the Application Delivery settings of the configured application.

To add the Rewriting Requests module, go to WAF -> Application and select the desired application; after that, select WAF in the side navigation bar and then Add Module. Go to Application Delivery and enable the Rewriting Requests feature; to finish, select OK. Feature Application Delivery -> Rewriting Requests should appear in the side navigation bar.

After enabling the Rewriting Requests feature, a URL redirection rule should be created. Select Application Delivery -> Rewriting Requests, then go to URL Rewrite Configuration and select Add Rule:

In Add Rule, configure the following settings:

• Name: Rule name (Write any name, preferably without spaces).
• Action: Redirect Advanced (301 Permanently).

Rewriting Conditions:

• Match Host: ^websiteapp.com$.
• Match URL: ^/(.*)$.
• Match Referer and Protocol Filter: Left both disabled.

Rewriting Behavior:

Rewrite Location: https://www.websiteapp.com/$0.

After that, select OK:

Once the URL redirection rule is created, it is listed in the URL Rewrite rules list:

If other rules were created previously and web traffic is matching with one of them, move the URL redirection rule above or below based on the detected traffic.

Related documents:
Rewriting Requests