Fortinet 194 FortiWeb 5.0 Patch 6 Administration Guide
Parameters tab
The Parameters tab provides tabular statistics on the parameters and their values as they
appeared in HTTP requests, as well as any parameters that were extracted from within the URL
by a URL interpreter.
Figure 26:Auto-learning report Parameter tab
This tab appears only for items that are leaf nodes in the navigation tree; that is, they represent
a single complete URL as it appeared in a real HTTP request, and therefore could have had
those exact associated parameters.
Edit URL
Access
(In the Least hit
URL table and
chart section)
Click this button to open a dialog where you can select which pages will be
included in a URL access rule whose Action is Alert & Deny (i.e. block the
request and generate an alert email and/or attack log message). To include
the URL, click and drag it from the column named Available on the right into
the column on the left, named URL Access rules with action 'Alert & Deny'.
Essentially, auto-learning’s assumption in this case is that most page hits are
legitimate, so that URLs that are not frequently hit possibly could be a back
door or other hidden URL, and therefore should not be accessible.
This button appears only when you select the policy in the navigation pane.
Edit URL
Access
(In the
Suspicious URL
table and chart
section)
Click this button to open a dialog where you can select which pages will be
included in a URL access rule whose Action is Alert & Deny (i.e. block the
request and generate an alert email and/or attack log message). To include
the URL, click and drag it from the column named Available on the right into
the column on the left, named URL Access rules with action 'Alert & Deny'.
Essentially, auto-learning’s assumption in this case is that administrative
URLs should not be accessible to the general public on the Internet, so that
requests for these URLs could be a potential attack or scouting attempt, and
should be blocked.
This button appears only when you select the policy in the navigation pane.
Setting name Description