Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Jun 29, 2018

ASM - URL learning from responses

Hi,

 

Maybe it is obvious for ASM pros but I was a bit surprised that ASM is presenting suggestions based on html content of the response - at least it looks like that from my tests.

 

What I can't understand is logic used here (tested on 13.1.0.7, Comprehensive, manual learning, wildcard URL in staging defined)

 

  • Request from trusted source send GET /errors/
  • There is no default file here so listing of directory content returned to browser.
  • In response body all files are specified via . Code for every file is exactly the same.

Results in Traffic Learning:

 

  • Suggestions created for all actual request URL as well as for all file related URLs in response body - except one. There is nothing special in code for this file - so why it is not listed at all? It's not first
allowed url
ASM Advanced WAF
learn new entity
policy building
response
security
No RepliesBe the first to reply