How to set up your FortiWeb : Auto-learning : How to adapt auto-learning to dynamic URLs & unusual parameters
 
How to adapt auto-learning to dynamic URLs & unusual parameters
When web applications have dynamic URLs or unusual parameter styles, you must adapt auto-learning to recognize them.
By default, auto-learning assumes that your web applications use the most common URL structure:
All parameters follow after a question mark? ). They do not follow a hash ( # ) or other separator character.
If there are multiple name-value pairs, each pair is separated by an ampersand ( & ). They are not separated by a semi-colon ( ; ) or other separator character.
All paths before the question mark ( ? ) are static — they do not change based upon input, blending the path with parameters (sometimes called a dynamic URL).
For example, the page at:
/app/main
always has that same path. After a person logs in, the page’s URL doesn’t become:
/app/marco/main
or
/app#deepa
For another example, the URL does not dynamically reflect inventory, such as:
/app/sprockets/widget1024894
Some web applications, however, embed parameters within the path structure of the URL, or use unusual or non-uniform parameter separator characters. If you do not configure URL replacers for such applications, it can cause your FortiWeb appliance to gather auto-learning data incorrectly. This can cause the following symptoms:
Auto-learning reports do not contain a correct URL structure.
URL or parameter learning is endless.
When you generate a protection profile from auto-learning, it contains many more URLs than actually exist, because auto-learning cannot predict that the URL is actually dynamic.
Parameter data is not complete, despite the fact that the FortiWeb appliance has seen traffic containing the parameter.
For example, with Microsoft Outlook Web App (OWA), the user’s login name could be embedded within the path structure of the URL, such as:
/owa/tom/index.html
/owa/mary/index.html
instead of suffixed as a parameter, such as:
/owa/index.html?username=tom
/owa/index.html?username=mary
Auto-learning would continue to create new URLs as new users are added to OWA. Auto-learning would also expend extra resources learning about URLs and parameters that are actually the same. Additionally, auto-learning may not be able to fully learn the application structure, as each user may not request the same URLs.
To solve this, you would create a URL replacer that recognizes the user name within the OWA URL as if it were a standard, suffixed parameter value so that auto-learning can function properly.
See also
Configuring URL interpreters
Grouping URL interpreters
Configuring an auto-learning profile
Regular expression syntax