Use auto-learning profiles with profiles whose action is alert. If action is alert_deny, the FortiWeb appliance will reset the connection, preventing the auto-learning feature from gathering complete data on the session. |
Alternatively, you could generate an auto-learning profile and its required components, and then modify them. For details, see the FortiWeb Administration Guide. |
Variable | Description | Default |
<auto-learning-profile_name> | Type the name of the auto-learning profile. The maximum length is 35 characters. To display the list of existing profile, type: edit ? | No default. |
data-type-group <data-type-group_name> | Type the name of the data type group for the profile to use. See “config server-policy pattern data-type-group”. The maximum length is 35 characters. To display the list of existing groups, type: set data-type-group ? The auto-learning profile will learn about the names, length, and required presence of these types of parameter inputs as described in the data type group. | No default. |
suspicious-url-rule <suspicious-url-rule-group_name> | Type the name of a suspicious URL rule group to use. See “config server-policy pattern suspicious-url-rule”. The maximum length is 35 characters. To display the list of existing groups, type: set suspicious-url-rule ? The auto-learning profile will learn about attempts to access URLs that are typically used for web server or web application administrator logins, such as admin.php. Requests from clients for these types of URLs are considered to be a possible attempt at either vulnerability scanning or administrative login attacks, and therefore potentially malicious. | No default. |
attack-count-threshold <count_int> | Type the integer representing the threshold over which the auto-learning profile adds the attack to the server protection rules. The valid range is from 1 to 2,147,483,647. | 100 |
attack-percent-range <percent_int> | Type the integer representing the threshold of the percentage of attacks to total hits over which the auto-learning profile adds the attack to the server protection exceptions. The valid range is from 1 to 10,000. | 5 |
application-policy <policy_name> | Type the name of a custom application policy to use. See “config server-policy custom-application application-policy”. The maximum length is 35 characters. To display the list of existing application policies, type: set application-policy ? | No default. |