Why does Acunetix WVS detect site pages that don't exist?

Some websites are designed to use custom 404 error pages instead of a web browser's standard error page because they can be branded and made to contain useful links to other important pages. If your website uses custom 404 error pages -- which generate different error codes -- Acunetix WVS (during a security scan) can misinterpret them as being real site pages if it has not been configured to recognize them automatically.

WVS will automatically detect custom 404 error page by sending rogue URL requests. If Acunetix WVS is unable to find a matching pattern to distinguish the custom 404 error page, you will be alerted and have to configure the Acunetix WVS custom 404 error page rule.

The following instructions illustrate how to configure Acunetix WVS if it does not automatically detect the custom error page:

  1. Specify the URL of the website for which you would like to create a custom 404 error page rule in the ‘URL to match on’ input field.
  2. In the Pattern input field, you should specify a text pattern or regular expression which matches some unique text on the custom 404 error page.
  3. Specify where the pattern can be found in the custom 404 error page response from the ‘Match on’ drop down menu.

Alternatively you can also generate such pattern automatically by following the below procedure:

  1. Enter the website’s URL in the ‘Browse URL’ input field and click ‘GO’. The browser will request non existing URL’s to trigger the Custom 404 error page.
  2. Highlight the unique text from the custom error page.
  3. Click on ‘Generate pattern from selection’.

View all the Acunetix FAQs here.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Leave a Reply


*