Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Welcome 2026 Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: FortiWeb URL rewriting
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiWeb URL rewriting
Dear colleagues,
I need help with URL rewriting (fw 8.0.3 if it's important).
We have a "bad-coded" local site (let it be site.domain.local. suffix is .local, it's important). A lot of pages of this site contain hardcoded absolute URLs for file download (e.g. https://site.domain.local/storage/filename).
Also site has a builtin user authentication form. When user opens https://site.domain.local/ page the site engine checks that user isn's authenticated, calculates special hash and send 302 redirect message with Location: https://site.domain.local/loginform?hash=XXXX header.
Now we need to publish this site to internet via Fortiweb. We use public name site.company.com for publishing.
I created HTTP content routing policy for site.company.com -> site.domain.local. I also created web protection profile with URL rewriting policy. Policy contains 3 rules:
1. Rewrite request Host header site.domain.com -> site.domain.local (action Stop)
2. Rewrite response Location header site.domain.local -> site.domain.com (action Continue)
3. Rewrite response HTTP body - any site.domain.local -> site.domain.com (action Stop)
The problem is that policy works only when 1 & 2 rules are active. When I add rule 3 - policy stops working even for the login page which is about 1062 bytes long (header Location stays wrong)!
I suppose because of:
For a Response rewrite rule and the action is “Rewrite HTTP Body”, ensure there is a “Content-Type” header in the response from the backend server, and the Content-Type (also called Internet or MIME file types) must be supported by FortiWeb.
The first page with 302 redirect message doesn't contain any http body so there is no content-type header. And without the first page (where hash is calculated) we can't login. I tried different action combination for policy rewrite rules (e.g. stop after Location header rewrite), it doesn't help.
Am I right? Any suggestions? Looking forward for your help!
Labels:
- Labels:
-
FortiWeb
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello JV_IT,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Jean-Philippe - Fortinet Community Team
Jean-Philippe - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We are still looking for an answer to your question.
We will come back to you ASAP.
Regards,
Jean-Philippe - Fortinet Community Team
Jean-Philippe - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello again JV_IT,
I found this answer. Can you tell us if it helps, please?
To address the issue with URL rewriting on FortiWeb, especially when dealing with the "Rewrite HTTP Body" action, follow these steps:
-
Content-Type Header Requirement: For the "Rewrite HTTP Body" action to work, the response from the backend server must include a "Content-Type" header. Ensure that the response includes this header and that the Content-Type is one of the supported types by FortiWeb (e.g., text/html, application/json).
-
Rule Execution Order: Ensure that the rules are executed in the correct order. Since the "Rewrite HTTP Body" action requires a Content-Type header, it might be beneficial to adjust the order or conditions under which this rule is applied.
-
Buffer Size Consideration: Check if the response size exceeds the Maximum Body Cache Size. If the response is larger than the buffer size, the rewriting will not work. Increase the buffer size if necessary.
-
Testing and Logs:
- Enable diagnostic logs to gather more information about why the rule might not be working as expected. Use the command:
diagnose debug flow filter module-detail url-rewrite 7 - This will help identify if there are any issues with the rule execution.
- Enable diagnostic logs to gather more information about why the rule might not be working as expected. Use the command:
-
Alternative Approach: If the "Rewrite HTTP Body" action is not feasible due to the lack of a Content-Type header, consider alternative methods such as modifying the backend server to include the necessary headers or using a different approach to handle the URL rewriting.
By ensuring the presence of a Content-Type header and adjusting the buffer size, you should be able to resolve the issue with the URL rewriting policy. If the problem persists, further analysis using diagnostic logs may be required.
Regards,
Jean-Philippe - Fortinet Community Team
Jean-Philippe - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Jean-Philippe,
Thanks for your post, but I also read the Troubleshooting Guide :) And I also wrote about a possible problem with the content header in my post. But what I can't understand is that according to official documents, the rules are followed in order until the first one matches. But what I see is that the general policy is checked for compliance, and the rules are followed only if all necessary conditions are met (the presence of the content-type header in my case). And that's strange for my opinion because this contradicts the documentation.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found this answer for you:
In FortiWeb, URL rewriting rules are generally processed in the order they are configured, and the first matching rule is applied. However, for the "Rewrite HTTP Body" action, the presence of a "Content-Type" header is crucial because it determines how the body content is processed. If the "Content-Type" header is missing or unsupported, the rule may not execute as expected, which can seem like a contradiction to the rule order processing.
Here are some steps to consider:
-
Ensure Content-Type Header: Verify that the backend server includes a "Content-Type" header in its response. This is necessary for the "Rewrite HTTP Body" action to function correctly.
-
Rule Order and Conditions: Double-check the order of your rules and ensure that they are configured correctly. The rules should be processed in the order they appear, but specific conditions like the presence of headers can affect execution.
-
Diagnostic Logs: Use diagnostic logs to gain insights into how the rules are being processed. This can help identify if the absence of the "Content-Type" header is causing the issue.
-
Documentation Review: Revisit the official FortiWeb documentation to ensure that all configurations align with the recommended practices.
If the issue persists, consider reaching out to Fortinet support for further assistance, as they can provide more detailed guidance based on your specific configuration and environment.
Regards,
Jean-Philippe - Fortinet Community Team
Jean-Philippe - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want people to always land on the login page, why not let the Webserver serve the the people login page as default page? Sure you can achieve all of that on fortiweb, but I don't get why in this case tbh
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As I mentioned already this site bad-coded and we are not in charge of it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is possible that your backend has a redirect too. Probably FortiWeb is receiving the request for the client in https and passing it to the backend in http, which return a 301 to https site.
In that case, I would disable it in the backend.
Labels
-
FortiGate
11,213 -
FortiClient
2,308 -
FortiManager
939 -
FortiAnalyzer
709 -
5.2
687 -
5.4
638 -
FortiClient EMS
621 -
FortiSwitch
619 -
FortiAP
586 -
IPsec
491 -
SSL-VPN
421 -
6.0
416 -
FortiMail
393 -
5.6
362 -
FortiNAC
327 -
FortiWeb
274 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
220 -
FortiAuthenticator
199 -
FortiGuard
169 -
FortiGate-VM
168 -
Firewall policy
155 -
5.0
152 -
6.4
128 -
FortiCloud Products
122 -
FortiSIEM
121 -
FortiToken
118 -
FortiGateCloud
113 -
Wireless Controller
99 -
High Availability
99 -
Customer Service
91 -
SAML
88 -
Routing
85 -
ZTNA
85 -
FortiProxy
81 -
Authentication
81 -
FortiADC
78 -
BGP
76 -
VLAN
76 -
Certificate
76 -
DNS
75 -
FortiEDR
74 -
Fortivoice
73 -
LDAP
71 -
RADIUS
69 -
FortiLink
65 -
SSO
63 -
NAT
59 -
FortiSandbox
58 -
Interface
57 -
Application control
55 -
FortiExtender
54 -
VDOM
53 -
4.0MR3
49 -
Virtual IP
49 -
Logging
45 -
FortiDNS
43 -
FortiPAM
42 -
SSL SSH inspection
42 -
Web profile
39 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
Automation
37 -
FortiConnect
36 -
FortiConverter
33 -
FortiWAN
32 -
API
32 -
Traffic shaping
29 -
FortiGate v5.2
28 -
FortiGate Cloud
28 -
Static route
28 -
SSID
27 -
SNMP
26 -
System settings
25 -
OSPF
24 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
WAN optimization
23 -
Web application firewall profile
23 -
FortiMonitor
21 -
Security profile
21 -
IP address management - IPAM
21 -
Web rating
20 -
FortiSOAR
19 -
FortiAP profile
18 -
Explicit proxy
17 -
Admin
17 -
Intrusion prevention
17 -
FortiGate v5.0
16 -
FortiDDoS
16 -
IPS signature
16 -
FortiManager v4.0
15 -
NAC policy
15 -
Users
15 -
Traffic shaping policy
15 -
Proxy policy
15 -
FortiManager v5.0
14 -
FortiCASB
14 -
DNS filter
13 -
FortiDeceptor
12 -
Fabric connector
12 -
Port policy
12 -
FortiWeb v5.0
11 -
FortiBridge
11 -
trunk
11 -
Traffic shaping profile
11 -
Authentication rule and scheme
11 -
FortiAnalyzer v5.0
10 -
FortiRecorder
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
Application signature
9 -
FortiCache
8 -
FortiToken Cloud
8 -
Packet capture
8 -
Vulnerability Management
8 -
4.0
7 -
4.0MR2
7 -
FortiNDR
7 -
VoIP profile
7 -
FortiScan
6 -
FortiTester
6 -
DoS policy
6 -
FortiCarrier
5 -
DLP profile
5 -
DLP sensor
5 -
Email filter profile
5 -
Protocol option
5 -
TACACS
5 -
Service
5 -
Cloud Management Security
5 -
3.6
4 -
FortiHypervisor
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
Replacement messages
4 -
SDN connector
4 -
Multicast routing
4 -
FortiDB
3 -
FortiAI
3 -
Kerberos
3 -
Video Filter
3 -
File filter
3 -
Multicast policy
3 -
Zone
3 -
FortiEdge Cloud
3 -
FortiInsight
2 -
Schedule
2 -
ICAP profile
2 -
Virtual wire pair
2 -
Lacework
2 -
FortiGuest
2 -
FortiEdge
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
FortiPresence
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2930 | |
| 1459 | |
| 869 | |
| 826 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2026 Fortinet, Inc. All Rights Reserved.