Fortinet 5.0 Patch 6

Fortinet 161 FortiWeb 5.0 Patch 6 Administration Guide

In this URL format, there are 3 parameter values (with or without their names) in the URL:

•param1

•param2

•param3

Because each interpreter can only extract a single parameter, you would create 3 URL

interpreters, and group them into a set where they are used sequentially — a chain.

Each interpreter would use the interpreted output of the previous one as its input, until all

parameters had been extracted, at which point the last interpreter would output both the last

parameter and the final interpreted URL. FortiWeb would then append parameters back onto

the interpreted URL in the standard structure before storing them in the auto-learning data set.

Figure 20:Analysis of a request URL into its interpretation by a chain of URL interpreters

GET /index/param1/value1/param2/value2/param3/value3

GET /index?param1=value1&param2=value2&param3=value3

URL interpreter 1

URL interpreter 2

URL interpreter 3

/index/param1/value1/param2/value2

/index/param1/value1

/index

param3=value3

param2=value2

param1=value1

Param. Value: $2

Param. Value: $1

Param. Value: $0

Param. Name: param3

Param. Name: param2

Param. Name: param1

Output URL

Request URL

Interpreted URL

This configuration requires that for every request:

• the web application includes parameters in the same sequential order, and

• all parameters are always present



If parameter order or existence vary, this URL interpreter will not work. Requests will not

match the URL interpreter set if either param2 or param3 come first, or if any of the parameters

are missing. On the opposite end of the spectrum, if the URL interpreter used regular

expression capture groups such as (.*) to match anything in any order, i.e.:



/index/(.*)/(.*)/(.*)/(.*)/(.*)/(.*)/



then the regular expression would be too flexible: auto-learning might mistakenly match and

learn some of param3’s possible values for param2, and so on.