allowed url
4 TopicsASM same URL variants
Hi, I wonder why (13.1.0.7, Comprehensive, Automatic Learning, Always for URLs) for some URLs two entries (Explicit) are created, for example: / /. I never saw request containing URL /. so why those are added by policy building process? Above examples are not alone, there are other URLs added like that but not all - can't see logic here. After policy is stabilized all URLs with . at the end remains in staging and counterparts without . are no longer in staging. Piotr373Views0likes3CommentsASM - URL learning from responses
Hi, Maybe it is obvious for ASM pros but I was a bit surprised that ASM is presenting suggestions based on html content of the response - at least it looks like that from my tests. What I can't understand is logic used here (tested on 13.1.0.7, Comprehensive, manual learning, wildcard URL in staging defined) Request from trusted source send GET /errors/ There is no default file here so listing of directory content returned to browser. In response body all files are specified via . Code for every file is exactly the same. Results in Traffic Learning: Suggestions created for all actual request URL as well as for all file related URLs in response body - except one. There is nothing special in code for this file - so why it is not listed at all? It's not first364Views0likes0CommentsASM same URL variants
Hi, I wonder why (13.1.0.7, Comprehensive, Automatic Learning, Always for URLs) for some URLs two entries (Explicit) are created, for example: / /. I never saw request containing URL /. so why those are added by policy building process? Above examples are not alone, there are other URLs added like that but not all - can't see logic here. After policy is stabilized all URLs with . at the end remains in staging and counterparts without . are no longer in staging. Piotr255Views0likes0CommentsASM - URL learning from responses
Hi, Maybe it is obvious for ASM pros but I was a bit surprised that ASM is presenting suggestions based on html content of the response - at least it looks like that from my tests. What I can't understand is logic used here (tested on 13.1.0.7, Comprehensive, manual learning, wildcard URL in staging defined) Request from trusted source send GET /errors/ There is no default file here so listing of directory content returned to browser. In response body all files are specified via . Code for every file is exactly the same. Results in Traffic Learning: Suggestions created for all actual request URL as well as for all file related URLs in response body - except one. There is nothing special in code for this file - so why it is not listed at all? It's not first206Views0likes0Comments