How to set up your FortiWeb : Auto-learning : Recognizing suspicious requests : Configuring custom suspicious request URLs
 
Configuring custom suspicious request URLs
To augment FortiWeb’s predefined list of suspicious request URLs, you can configure your own.
To create a custom suspicious request URL pattern
1. Go to Auto Learn > Custom Pattern > Suspicious URL Rule.
To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Server Policy Configuration category. For details, see “Permissions”.
2. Click Create New.
A dialog appears.
3. In Name, type a unique name that can be referenced by other parts of the configuration. Do not use spaces or special characters. The maximum length is 35 characters.
4. In URL Expression, enter a regular expression that defines this suspicious URL, such as ^/my_admin_panel.jsp.
To test the regular expression against sample text, click the >> (test) icon. This opens the Regular Expression Validator window where you can fine-tune the expression (see “Regular expression syntax” and “Cookbook regular expressions”).
5. Click OK.
6. Group custom suspicious URL patterns (see “Grouping custom suspicious request URLs”).
7. Group custom and predefined suspicious URL groups together (see “Grouping all suspicious request URLs”).
8. Select the supergroup when configuring an auto-learning profile (see “Configuring an auto-learning profile”).
See also
Grouping custom suspicious request URLs
Recognizing suspicious requests