Fortinet 171 FortiWeb 5.0 Patch 6 Administration Guide
For example, if you include the Email data type in the data type group, auto-learning profiles
that use the data type group might discover that your web applications use a parameter named
username whose value is an email address.
The predefined data type group, named predefine-data-type-group, cannot be edited or
deleted.
To configure a predefined data type group
1. Go to Auto Learn > Predefined Pattern > Data Type Group.
To access this part of the web UI, your administrator’s account access profile must have
Read and Write permission to items in the Server Policy Configuration category. For details,
see “Permissions” on page 47.
2. Click Create New.
A dialog appears.
3. In Name, type a unique name that can be referenced by other parts of the configuration. Do
not use spaces or special characters. The maximum length is 35 characters.
4. In Type, ma rk the check box of each predefined data type that you want to include in the set,
such as Email or Canadian Social Insurance Number.
To examine the regular expressions for each data type, see “Predefined data types” on
page 166.
5. Click OK.
6. To use a data type group, select it when configuring either an auto-learning profile (see
“Configuring an auto-learning profile” on page 177) or input rule (see “Validating parameters
(“input rules”)” on page 421).
See also
Predefined data types
Configuring an auto-learning profile
Validating parameters (“input rules”)
Recognizing data types
Recognizing suspicious requests
FortiWeb appliances can recognize known attacks by comparing each request to a signature.
How, then, does it recognize requests that aren’t known to be an attack, or aren’t always an
attack, but might be?
FortiWeb uses several methods for this:
HTTP protocol constraints (“HTTP/HTTPS protocol constraints” on page 440)
application parameter sanitizers & constraints (“Preventing zero-day attacks” on page 421)
exploit signatures (“Blocking known attacks & data leaks” on page 387)
DoS/DDoS sensors (“DoS prevention” on page 338)
access control lists (“Access control” on page 321)
If you know that your network’s HTTP sessions do not include a specific data type, omit it
from the data type group to improve performance. The FortiWeb appliance will not expend
resources scanning traffic for that data type.