Changes are Made Regularly on the Application Server. How Can This be Adapted on the TR7 WAF Side? Can Automatic Learning be Done?

Step > 1

First, open the WAF Management screen of the relevant vService. To do this, follow "Monitor Mode > Related vService > WAF Management". On the opened screen, click the pencil icon next to "Automatic Learning".

Step > 2

The features "Collective Learning" and "Teacher" are displayed. These two features work independently from each other.

"Collective Learning" is used to enable automatic learning while WAF is in blocking or monitor mode. If a new path or parameter that has not been previously learned by WAF is added to the application, and if it meets the specified criteria, those requests are automatically learned based on the period selected under the "Collective learning frequency" section. Filters can be applied such as allowing requests only from specific countries, only via browsers, using valid domain names, excluding blacklisted IP addresses, setting minimum request counts, client counts, and more.

Similarly, by enabling the "Teacher" feature, automatic learning can be configured based on Teacher IP, cookies, or header information. In the "Most used IPs" section, IP addresses or ranges can be added. The "Teaching Frequency" determines how long after a request is received it will be automatically learned. Requests from clients defined as Teachers are never blocked.

This mechanism helps minimize false positives that might arise due to changes on the application server, without requiring manual intervention on the WAF side.

Details related to the learning process can be monitored through the "Logs" tab.