Fortinet 152 FortiWeb 5.0 Patch 6 Administration Guide
For example, the page at:
/app/main
always has that same path. After a person logs in, the page’s URL doesn’t become:
/app/marco/main
or
/app#deepa
For another example, the URL does not dynamically reflect inventory, such as:
/app/sprockets/widget1024894
Some web applications, however, embed parameters within the path structure of the URL, or
use unusual or non-uniform parameter separator characters. If you do not configure URL
replacers for such applications, it can cause your FortiWeb appliance to gather
auto-learning data incorrectly. This can cause the following symptoms:
• Auto-learning reports do not contain a correct URL structure.
• URL or parameter learning is endless.
• When you generate a protection profile from auto-learning, it contains many more URLs than
actually exist, because auto-learning cannot predict that the URL is actually dynamic.
• Parameter data is not complete, despite the fact that the FortiWeb appliance has seen traffic
containing the parameter.
For example, with Microsoft Outlook Web App (OWA), the user’s login name could be
embedded within the path structure of the URL, such as:
/owa/tom/index.html
/owa/mary/index.html
instead of suffixed as a parameter, such as:
/owa/index.html?username=tom
/owa/index.html?username=mary
Auto-learning would continue to create new URLs as new users are added to OWA.
Auto-learning would also expend extra resources learning about URLs and parameters that are
actually the same. Additionally, auto-learning may not be able to fully learn the application
structure, as each user may not request the same URLs.
To solve this, you would create a URL replacer that recognizes the user name within the OWA
URL as if it were a standard, suffixed parameter value so that auto-learning can function
properly.
See also
•Configuring URL interpreters
•Grouping URL interpreters
•Configuring an auto-learning profile
•Regular expression syntax
Configuring URL interpretersWhen using auto-learning, you must define how to interpret dynamic URLs and URLs that
include parameters in non-standard ways, such as with different parameter separators (; or #,
for example) or by embedding the parameter within the URL’s path structure.
In the web UI, these interpreter plug-ins are called “URL replacers.”