FortiWeb ML (Machine-Learning) Based API Protection supports JSON request body.

It is possible to troubleshoot using debug command lines if FortiWeb is not collecting any API path samples for the ML-based API Protection.

1. Make sure the Server Policy has been created for the ML-Based API Protection policy.

2. Check out the ML-Based API Protection page to view the domain overview and status.

3. Run the commands below in SSH shell access to start debugging the Machine-Learning Based API Protection module:

diagnose debug reset
diagnose system redis status
diagnose debug flow filter module-detail machine-learning-api 7
diagnose debug flow filter flow-detail 0
diagnose debug flow trace start
diagnose debug enable

4. A few samples of the API URL learning status can be referred to as below. a. URL request content type is not JSON type, not added to learning path.

HTTP Return code is not 200 or 302. In the sample, the return code is 404, not added to the learning path.

URL content type is JSON, and the return code is '200 OK', URL added to learning path:

5. Check out the ML-Based API Protection page again for the latest domain overview and status.

6. There will be a page to check the ML-Based API Protection domain overview, the API URL path list, view the URL in Tree View or API View, and the Event log of the domain’s ML-Based API Protection.

• Overview:

• API URL Path list:

• API URL Path in Tree View:

• Event Logs of the domain ML-Based API Protection:

Related document: