The first layer of the FortiWeb anomaly machine learning (ML) analysis mechanism focuses on analyzing traffic and creating a probability model for parameters and HTTP methods to detect potential anomalies. It also assesses traffic patterns over time to determine whether certain behavior is anomalous. These functions are key to understanding and classifying traffic before further analysis is done.

If a client has been incorrectly blocked due to a period block, the FortiWeb administrator can manually release the IP address from the blocklist. This allows the client to access the application again before the block expires naturally.

Virtual proxy: In virtual proxy mode, FortiWeb acts as an intermediary between clients and the server, and it can modify HTTP packets. It performs various security checks, such as inspecting and filtering HTTP traffic before forwarding it to the web server.

Reverse proxy: In reverse proxy mode, FortiWeb sits between the client and the server, handling incoming requests from clients, modifying or inspecting HTTP packets as needed, and forwarding them to the backend servers.

In the configuration, the command set sample-limit-by-ip 0 disables the sample limit for any specific IP address. This means that during the machine learning (ML) running phase, FortiWeb will not limit the number of samples it accepts from the same IP address. Setting this to 0 effectively removes any restrictions on the number of samples from a given IP address.

When FortiWeb is deployed upstream of a device performing source network address translation (SNAT) or load balancing, the original client IP address may be lost. To preserve the original client IP address, you must enable and configure the Preserve Client IP setting on FortiWeb. This allows FortiWeb to retain and pass the client's original IP address to the backend servers for accurate logging and processing.

To enable debugging for the user tracking feature in FortiWeb, you would use the command diagnose debug application user-tracking 7. This command enables debugging for the user-tracking application and sets the debug level to 7, providing detailed logs for troubleshooting.

Making a secondary HTTPS connection to a server where FortiWeb acts as a client: When FortiWeb needs to connect to an external server via HTTPS (acting as a client), it may use its own certificates for that connection.

An administrator session connecting to the GUI using HTTPS: FortiWeb uses its own certificates to secure the HTTPS connection between the administrator and the FortiWeb GUI. This ensures secure access for management purposes.

In the diagram, FortiWeb is positioned between the client and the server, handling encrypted HTTPS traffic from the client and sending unencrypted HTTP traffic to the server. This indicates that FortiWeb is performing SSL offloading, which means it is decrypting the HTTPS traffic from the client, inspecting it, and then re-encrypting the traffic before forwarding it to the server.

HTTP rewriting is a feature in FortiWeb that allows administrators to modify HTTP requests and responses for various purposes, including security enhancements, user experience improvements, and application functionality. One common use case for HTTP rewriting is to redirect HTTP traffic to HTTPS, ensuring that all communications between clients and the server are encrypted and secure.​

Explanation of Options:

A. To redirect HTTP to HTTPS: This is a valid reason to implement HTTP rewriting. By rewriting incoming HTTP requests to HTTPS, administrators can enforce secure connections, protecting data integrity and confidentiality. FortiWeb supports this functionality, allowing seamless redirection from HTTP to HTTPS.​

B. To implement load balancing: Load balancing is not typically achieved through HTTP rewriting. Instead, it involves distributing network traffic across multiple servers to ensure availability and reliability. FortiWeb provides load balancing features, but these are separate from HTTP rewriting capabilities.​

C. To replace a vulnerable element in a requested URL: While HTTP rewriting can modify URLs, its primary purpose is not to replace vulnerable elements within URLs. Addressing vulnerabilities typically involves input validation, sanitization, and other security measures rather than rewriting URLs.​

D. The original page has moved to a new URL: This is another valid reason to implement HTTP rewriting. When a webpage's URL changes, rewriting rules can redirect requests from the old URL to the new one, ensuring users can still access the content without encountering errors.​

In summary, both options A and D are correct reasons to implement HTTP rewriting. However, in the context of FortiWeb's functionalities, redirecting HTTP to HTTPS (option A) is a common and significant use case, as it enhances security by ensuring encrypted connections.

Machine learning (ML)-based API protection: ML-based API protection helps detect and mitigate abnormal behavior in API traffic, such as bot attacks or abuse, by learning and adapting to normal traffic patterns.

API schema validation: API schema validation ensures that the API requests conform to the defined schema (e.g., checking the structure, fields, and types in the API calls). This helps prevent attacks like XML or JSON injection by ensuring only valid requests are processed.

API user key enforcement: Enforcing API user key authentication requires clients to provide valid API keys, ensuring only authorized users can access the API. This is crucial for controlling access to the API.