Protected hostname: In reverse proxy mode, the protected hostname refers to the domain or hostname that FortiWeb will protect. It specifies which hostname FortiWeb is acting as a reverse proxy for, and is required for the server policy configuration.

Virtual server: A virtual server is a logical representation of a web server that FortiWeb handles. It's required to configure how traffic is routed to the protected resources in reverse proxy mode.

Place FortiWeb in front of FortiADC: This configuration change places FortiWeb between the client and FortiADC, so that FortiWeb can directly inspect and protect the incoming traffic before FortiADC applies SNAT (Source Network Address Translation). By placing FortiWeb in front, it will have access to the real client IP addresses, and it will be able to properly identify and handle attack traffic without blocking legitimate client traffic.

Enable and configure the Use X-Forwarded-For setting on FortiWeb: This setting allows FortiWeb to extract the original client IP address from the X-Forwarded-For header in the HTTP request, which is inserted by FortiADC when performing SNAT. With this setting enabled, FortiWeb will be able to block traffic based on the original client IP address rather than the SNATed IP address (192.0.2.1), preserving the accuracy of the security measures.

It does not affect denial-of-service (DoS) protection profile actions to rate limit traffic: Monitor mode allows FortiWeb to monitor traffic without impacting the protection profile actions, including rate limiting in the DoS protection profiles. Traffic will still be subjected to DoS protection actions like rate limiting, but FortiWeb will not block traffic unless a violation occurs.

It overrides all usual profile actions. FortiWeb accepts all requests and generates alert email or log messages only for violations: In monitor mode, FortiWeb will allow all traffic through and generate logs or alerts for any violations, but it will not take active actions like blocking requests or redirecting traffic. This allows you to observe the traffic patterns and potential threats without disrupting normal operations.

Model building: In this stage, you design and develop the ML model, which involves selecting appropriate algorithms and features to detect bot activity.

Model verification: This is where you test and evaluate the model's performance to ensure it can accurately detect bots without false positives or negatives.

Sample collecting: Gathering relevant data samples (e.g., bot and non-bot traffic) to train the machine learning model is crucial to ensure it can learn from various scenarios.