Skip to content

What is the Learning Policy from WAF Logs When TR7 WAF is in Blocking or Monitoring Mode?

Interface

Learning Policy from WAF Logs

Step > 1

First, follow the steps "Monitor Mode > Related vService > Logs > WAF Logs". The blocked requests by WAF are displayed on the opened screen.

Step > 2

When the captured "Learning Suggestions" of the attack are selected and the "Learn Attack" button is clicked, the attacks are taught according to the setting selected in the WAF Advanced Settings.

The selected setting can be checked by following "WAF Management > Advanced Settings > Rule creation policy".

  • Page Independent: Learning is performed on the Any paths rule.
  • Data Based: If the requested path contains a variable, a path-based rule is created for learning. If there is no variable in the path, learning is done on the Any paths rule.
  • Comprehensive: Regardless of whether the path contains a variable or not, path-based rules are created for each path during the learning process.