Access Map

Access Map

"Access Map" its heart of W.A.F. Its shows site-map like tree of URL-segments with additional data.

Understanding language of tree:

Software listens web-site trafic in "Learning Mode" and shows segments by static value in red color (not approved). User can approve it like "static" value or change to be "automatic rule" (via size and content).

1. - "statical" segment. All new collected segment - come statical. In "{3,BF}" - you see information about connected variables count (the number) , and if brute-force mode is "on" (BF).

2. The Automatic Rules look as "()[]" mask, inside the "()" you see "contains" data - (ld_) - there:

l - letter character from a-z

d - number from 0-9

and after that any additional characters.

Inside the "[]" - can read size-limit, 0 - its unlimited.

3. New , not approved segments coming with "not approved" status (red color). Approved showed in gray color, and then elements selected for edition its "lime".

Actions:

Pointing cursor on segment - shows popup with information about variables (if segment contains variables).

Double Click on "segment" - shows variables form there possible set rules on "variables".

The edition of segments possible by mark them with "select" tool and double clicking on empty space on map. Single click on empty-space closing the opened segments form.

Bottom of Access Map page you have form for filter segments:

How select segments for edition - Cursor tools menu:

Right-click on the map screen - rotate the tool ("select", "unselect", "default").

- "select tool" make your cursor selectable , so you can choice segments by pointing cursor.

- "unselect tool"- give opportunity to disable selection.

Selected segments change color to lime.

Then you finish to select segments - double click on screen for open Segment Form for selected elements.

Segments Form

For fast open Segment Form , select segments and double click on empty map or click on icon in right side.

If you want using exactly path leave Original Path (in example static php files not changing so I can set Original Path).

If you know that possible make automatic-filter on type - switch to AutoType.

You have to set static part of word before or after you automatic type. Maximum size of value, and in Contains you set that can be approved in your filter, letters, numbers and Special chars - anything that you need additional for approve segment.
Set Approved - on - its make filter active in Guard Mode, BF - if you want set BruteForce detection in some script.

Segments Examples:

articles -> article-4546.html : articles - static segment, can be approved and using in test with original value.
But article-4546.html - dynamic page, lets create automatic type: set in Part before=article- in Part after=.html and check digital in Contains Size - you maximum integer size, I think 10 its enough for long time. Check Approved and save.


album -> Nepal - 2012. album - static segment. Nepal - 2012. - here is no part before or after that we can extract. Check Digital and Letters in Contains and in Special chart set all else: "-."

Variables Form

For open Segment Variables list - double click on segment:

Same cursor tools interface for select variables.

We have select size, and Contains before approve.

Exception option - disable comparing for specified variable. The option created to solve all unexpected situation - please don't abuse with that too much.

Make Global - special checkbox, its make variable shared for all segments. After saving global variables moving to Global Variables Menu

Backup and Restore segments and variables.

Global Vars - open Global variables, its variables that can be send to any approved segment.
Export - displayed tree (segments and variables via search form filters) to JSON file . For get full export switch all filters to "All" value, press ok , and after click "Export".

Import - save export json file to map, recommend before delete all map data. Another can be situation with 2 parallel trees. W.A.F. get first one and ignore secord.

Erase Map - delete displayed tree (segments and variables via search form filters).