Support User Manuals

Fortinet 5.0 Patch 6 Microscope & Magnifier User Manual

Open as PDF

of 705

Fortinet 151 FortiWeb 5.0 Patch 6 Administration Guide

Auto-learning

Protection settings can be configured manually or with assistance from auto-learning.

Auto-learning can teach you a great deal about the threats your web assets face. It also helps

you to

understand your web applications’ structures, and how end-users use them. Most

importantly, though, auto-learning can help you to quickly tailor FortiWeb’s configuration to suit

your web applications.

Auto-learning discovers the URLs and other characteristics of HTTP and/or HTTPS sessions by

obser

ving traffic that is passing to your web servers. It:

• compares the request to attack signatures

• obser

ves inputs such as cookies and URL parameters

• tracks your web servers’ response to each request, such as 401 Unauthorized or

500 Internal Server Error

to learn about whether the request is legitimate or a potential attack attempt. By learning from

y

our tr

affic, the FortiWeb appliance can suggest appropriate configurations, and help you to

quickly generate profiles designed specifically for your unique traffic.

How to adapt auto-learning to dynamic URLs & unusual parameters

When web applications have dynamic URLs or unusual parameter styles, you must adapt

auto-learning to recognize them.

By default, auto-learning assumes that your web applications use the most common URL

struct

ure:

• All parameters follow after a question mark ( ? ). They do not follow a hash ( # ) or other

separator character.

• If there are multiple name-value pairs, each pair is separated by an ampersand ( & ). They

are not separated by a semi-colon ( ; ) or other separator character.

• All paths before the question mark ( ? ) are static — they do not change based upon input,

blending the path with parameters (sometimes called a dynamic URL).

For data centers, colocation centers, and complex web applications, auto-learning-assisted

configuration can save significant amounts of time compared to purely manual configuration.

However, auto-learning is also resource-intensive and can decrease performance while

gathering data. For strategies on minimizing the impact to your network, see

“Running

auto-learning” on page 180 and “Regular expression performance tips” on page 615.

/static/path/to/application?username=user1&password=P4s5w0rd1

Path

Path/

Variable

Name

Variable

Name

Parameter

Separator

Variable

Value

Variable

Value

Parameter

Separator

previous next