Fortinet 151 FortiWeb 5.0 Patch 6 Administration Guide
Auto-learning
Protection settings can be configured manually or with assistance from auto-learning.
Auto-learning can teach you a great deal about the threats your web assets face. It also helps
you to
understand your web applications’ structures, and how end-users use them. Most
importantly, though, auto-learning can help you to quickly tailor FortiWeb’s configuration to suit
your web applications.
Auto-learning discovers the URLs and other characteristics of HTTP and/or HTTPS sessions by
obser
ving traffic that is passing to your web servers. It:
• compares the request to attack signatures
• obser
ves inputs such as cookies and URL parameters
• tracks your web servers’ response to each request, such as 401 Unauthorized or
500 Internal Server Error
to learn about whether the request is legitimate or a potential attack attempt. By learning from
y
our tr
affic, the FortiWeb appliance can suggest appropriate configurations, and help you to
quickly generate profiles designed specifically for your unique traffic.
How to adapt auto-learning to dynamic URLs & unusual parameters
When web applications have dynamic URLs or unusual parameter styles, you must adapt
auto-learning to recognize them.
By default, auto-learning assumes that your web applications use the most common URL
struct
ure:
• All parameters follow after a question mark ( ? ). They do not follow a hash ( # ) or other
separator character.
• If there are multiple name-value pairs, each pair is separated by an ampersand ( & ). They
are not separated by a semi-colon ( ; ) or other separator character.
• All paths before the question mark ( ? ) are static — they do not change based upon input,
blending the path with parameters (sometimes called a dynamic URL).
For data centers, colocation centers, and complex web applications, auto-learning-assisted
configuration can save significant amounts of time compared to purely manual configuration.
However, auto-learning is also resource-intensive and can decrease performance while
gathering data. For strategies on minimizing the impact to your network, see
“Running
auto-learning” on page 180 and “Regular expression performance tips” on page 615.
/static/path/to/application?username=user1&password=P4s5w0rd1
Path
Path/
Variable
Name
Variable
Name
Parameter
Separator
Variable
Value
Variable
Value
Parameter
Separator