Technical Tip: How to redirect request when specified cookies are not present using a LUA script

shafiq23 · ‎10-20-2025

Description

This article describes how to configure request redirection when a specified cookie is not present in an HTTP request using a LUA script.

Scope

FortiWeb.

Solution

Requirement:
To redirect the client’s request to a landing or login page when a specific cookie is not present in the initial HTTP request.

Create Scripting: Go under Application Delivery -> Scripting -> Create New, define a name, input a Lua script statement. and select OK.

when HTTP_REQUEST {
local path = HTTP:path()
if path == "/index.php" then
local cookie_tbl = HTTP:header("Cookie")
local has_cookie = false
if cookie_tbl then
for _, v in pairs(cookie_tbl) do
if string.find(v, "PHPSESSID=", 1, true) then
has_cookie = true
break
end
end
else
end

if not has_cookie then
return HTTP:redirect("https://%s/login.php", HTTP:host())
else
end
else
end
}

Details and comments for the Lua script used in this article:

Assign the server policy with the created script under Policy -> Server Policy > edit respective server policy, enable Scripting and select the created script.

Demonstration:

Request a non-existing URL.
Expect the script to redirect to the new Location.

Related document:

HTTP Commands - FortiWeb 7.6.0 documentation

Script Guide - FortiWeb documentation

Technical Tip: How to redirect request when specified cookies are not present using a LUA script

You are leaving our website