Parameters

Example of a query string parameter

Consider the following URLs returned by your web server:

• www.example.com/browse.asp?userid=2WMW609S5M
• www.example.com/browse.asp?userid=9ZBG609S5F

In these URLs, the userid=2WMW609S5M and userid=9ZBG609S5F portions must be excluded during the scan or the scan job will include both URLs in its analysis, thinking that they are different. In fact, the content on both URLs is identical. To fix this problem, enter userid= or userid as the parameter. When you run a scan, userid=2WMW609S5M and userid=9ZBG609S5F will be removed from the URLs, as will all other strings that begin with userid= and end with "&" (the default). Each time www.example.com/browse.asp is visited and a unique parameter is appended to the URL, it is not considered a new page in your reports.

Example of a form parameter

In this example, the following forms are both on the same page:

Form A

<form name="signin" method="post" action="www.example.com/customer.asp" id="signin">
<input type=text name=userid value=2WMW609S5M> 

Form B

<form name="signin" method="post" action="www.example.com/customer.asp" id="signin">
<input type=text name=userid value=9ZBG609S5F>

When the userid parameter changes in the form, as in the previous example when it changes from "2WMW609S5M" to "9ZBG609S5F", the scan will identify each as a separate form in your reports. Adding the userid parameter as a parameter exclusion (Parameter and Cookie page) means that the scan job will only see and report on one form in your reports. This method is the only way for the scan job to determine whether the forms are the same - by normalizing them to exclude the parameters.