dragonflymr
Jun 29, 2018Cirrostratus
ASM - URL learning from responses
Hi,
Maybe it is obvious for ASM pros but I was a bit surprised that ASM is presenting suggestions based on html content of the response - at least it looks like that from my tests.
What I can't understand is logic used here (tested on 13.1.0.7, Comprehensive, manual learning, wildcard URL in staging defined)
- Request from trusted source send GET /errors/
- There is no default file here so listing of directory content returned to browser.
- In response body all files are specified via . Code for every file is exactly the same.
Results in Traffic Learning:
- Suggestions created for all actual request URL as well as for all file related URLs in response body - except one. There is nothing special in code for this file - so why it is not listed at all? It's not first