How to set up your FortiWeb : Auto-learning : Recognizing suspicious requests : Grouping custom suspicious request URLs
 
Grouping custom suspicious request URLs
Before you can use them, you must first group custom and predefined suspicious URLs.
To configure a custom suspicious URL policy
1. Before you can create a custom suspicious URL rule, you must first define one or more custom suspicious URLs (see “Configuring custom suspicious request URLs”).
2. Go to Auto Learn > Custom Pattern > Suspicious URL Policy.
To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Server Policy Configuration category. For details, see “Permissions”.
3. Click Create New.
A dialog appears.
4. In Name, type a unique name that can be referenced by other parts of the configuration. Do not use spaces or special characters. The maximum length is 35 characters.
5. Click OK.
6. Click Create New to add an entry to the set.
A dialog appears.
7. From Suspicious URL Name, select the name of a custom suspicious URL rule.
8. Click OK.
9. Repeat the previous steps for each custom suspicious URL rule you want added to the policy.
10. Group custom and predefined suspicious URL groups together (see “Grouping all suspicious request URLs”).
11. Select the supergroup when configuring an auto-learning profile (see “Configuring an auto-learning profile”).
See also
Configuring custom suspicious request URLs
Grouping all suspicious request URLs
Recognizing suspicious requests