Filter
Top Products
Fortinet 181 FortiWeb 5.0 Patch 6 Administration Guide
4. Gauge progress by periodically reviewing the auto-learning report, which is kept up-to-date
during auto-learning (see “Viewing auto-learning reports” on page 182 and “Generating a
profile from auto-learning data” on page 196). If parameters are missing, auto-learning is not
done.
5. If there is an unusual number of attacks, or there are false positives, or if some auto-learning
data is incorrect, you can either:
• fine-tune the auto-learning profile, delete the old-auto-learning data, then return to the
previous step (see “Removing old auto-learning data” on page 200)
• fine-tune the parameters in the auto-learning report before generating protection profiles
(see “Overview tab” on page 186, “Attacks tab” on page 188, “Visits tab” on page 191,
and “Parameters tab” on page 194)
• after the next step, adjust settings in the generated protection profiles
6. Continue with “Generating a profile from auto-learning data” on page 196.
Pausing auto-learning for a URL
Dynamic URLs that you have not configured to be interpreted by a URL replacer will cause:
• reduced performance
• a
tree that contains many URLs that are actually forms of the same URL
• auto-learning data that is split among each observed permutation of the dynamic URL
To solve these problems, stop auto-learning for those URLs (right-click them in the
au
to-lea
rning report and select Stop Learning), then configure a URL replacer. For details, see
“How to adapt auto-learning to dynamic URLs & unusual parameters” on page 151.
If you decide later that the URLs were not, in fact, dynamic, you can resume auto-learning:
right-clic
k the URL in the auto-learning report, then select Start Learning. Otherwise, for
dynamic URLs, you can delete split auto-learning data (see “Removing old auto-learning data”
on page 200).
See also
• Viewing auto-learning reports
• How to adapt auto-learning to dynamic URLs & unusual parameters
• Removing old auto-learning data
Auto-learning consider URLs up to approximately 128 characters long (assuming
single-byte character encoding, after FortiWeb has decoded any nested hexadecimal or
other URL encoding — therefore, the limit is somewhat dynamic). If the URL is greater than
that buffer size, auto-learning will not be able to learn it, and therefore will ignore it. No event
log will be created.
In those cases, you must manually configure FortiWeb protection settings for the URL,
rather than discovering recommended protection settings via auto-learning. However, you
may be able to re-use the settings recommended for other, shorter URLs by auto-learning.
For example, if auto-learning discovers an email address parameter, it probably should have
the same input constraints regardless of which URL uses it.