FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
Khidzir_MN
Staff
Staff
Article Id 263120
Description This article describes how to bypass anomaly detection for Machine Learning for a specific URL parameter.
It is necessary to preconfigure other respective server policy and Machine Learning setups and refer to the documentation at the end of this article for more information on configuring the server policy and Machine Learning.
Scope FortiWeb and FortiWeb VM.
Solution

There is a requirement to bypass anomaly detection for Machine Learning for a specific URL parameter.

 

For example, below attack log sample, and the parameter 'username' is detected by Machine Learning (Anomaly in HTTP argument).

 

Note that:

  1. The parameter 'username' is used as an example for this article's purposes.
  2. This guide is focusing on the Machine Learning feature. Other Web Protection feature is not enabled or used for this article's purposes.

 

attack_log_1.png

 

attack_log_2.png

 

  1. Go to Web Protection -> ML Based Anomaly Detection. 'Double-click' or Edit the respective server policy that contains the respective anomaly detection policy.
  2. On the Edit Anomaly Detection Configuration page, 'double-click' the respective domain name.
  3. On the next page, select the Parameter View tab and select the respective parameter, for this article example, it is 'username'. Note that the current HMM Learning Stage for this parameter is Running.

 

hmm_running.png

 

     4. Scroll down until the gear icon. Select the gear icon and select Discard. A slide-in popup will appear for confirmation. Select OK.

 

parameter_view.png

 

     5. The HMM Learning Stage will change to Discarded.

 

hmm_discarded.png


     6. Machine Learning will not use anomaly detection for the parameter when the HMM Learning Stage is Discarded.


     7. The same access will be allowed as per the traffic log example.

 

traffic_log.png

 

Refer to below documentation for more information on configuring server policy:

https://docs.fortinet.com/document/fortiweb/7.2.1/administration-guide/201872/configuring-an-http-se...

 

Refer to below documentation for more information on configuring Machine Learning:

https://docs.fortinet.com/document/fortiweb/7.2.1/administration-guide/94907/ml-based-anomaly-detect...


Refer to below documentation for more information on configuring Machine Learning's parameter view option:

https://docs.fortinet.com/document/fortiweb/7.2.1/administration-guide/441053/parameter-view

Contributors