The administrator can specify banned words and phrases and set a score threshold for their importance. 

Content Evaluation

When the Web Filter detects banned content, it sums up the score threshold of these words and phrases on the page. If the sum is higher than a threshold set in the firewall policy, FortiGate blocks it.

A score threshold can only be configured via CLI. The score can be any value from 0 to 2147483647 (default = <10>). Higher scores indicate more offensive content.

Banned words or phrases are evaluated according to the following rules:

• The score for each word or phrase is counted only once, even if that word or phrase appears many times on the web page.
• The score for any word in a phrase without quotation marks is counted.
• The score for a phrase in quotation marks is counted only if it appears exactly as written.

The following table describes how these rules are applied to the contents of a web page. Consider the following sentence to sum the score added: "The score for each word or phrase is counted only once, even if that word or phrase appears many times on the web page."

Wildcards and Regular Expressions:

Blocked patterns defined as wildcards or regular expressions may have different results.

Wildcards are symbols, such as "*" or "?", to represent one or more characters. For example, as a wildcard expression, forti*.com will match fortinet.com and forticare.com. The "*" represents any character appearing any number of times.

Regular expressions refer to Perl expressions, which use some of the same symbols as wildcard expressions, but for different purposes. The "*" represents the character before the symbol. For example, forti*.com will match fortiii.com but not fortinet.com or fortiice.com. The symbol "*" represents "i" in this case, appearing any number of times.

Perl regular expressions are case-sensitive. The symbols /i are necessary to make the pattern-matching case insensitive.

Perl regular expressions can be combined to create more sophisticated search patterns. See the Common Symbols table for examples.

Common Symbols:

Common Search Expressions:

Adding banned words or phrases

Specify banned words or phrases according to the syntax outlined above via GUI:

1. Go to Security Profiles > Web Filter > Static URL Filter, and then enable "Content Filter".
2. Select the Edit icon.
3. Select Create New.
4. Enter the new banned pattern (word or phrase).
5. Select the Pattern type.
6. Select the Language of the pattern.
7. Set the status Enable and select OK.

Setting the banned word threshold

The Web Filter will block any web pages for which the sum of scores for banned content exceeds the content block threshold.

To set the content block threshold via CLI:

conf webfilter profile
    edit <profile_name>
       conf web

          set bword-table <ID>
          set bword-threshold <value> (default = <10>)
    end
end

Note:

The Web Filter with the 'feature set' in proxy-based mode will be visible when the firewall policy is also in proxy-based mode.

After applying the web filter to the firewall policy, FortiGate scans content for banned words and phrases and blocks inappropriate web pages.