The FAST node treats all of the incoming requests as the baseline ones by default. Therefore, the node records them and creates and executes security tests on their basis. However, it is possible for the extraneous requests that should not be recognized as baseline requests to pass through the FAST node to the target application.
You can limit the number of requests to be recorded with the FAST node by filtering out all the requests that are not targeted to the application (note that the FAST node proxies the filtered requests but does not record them). This limitation reduces the load that applies to the FAST node and the target application, while boosting the testing process. To apply this limitation, you need to know the hosts the request source interacts with during the testing.
You can filter out all the non-baseline requests by configuring the
ALLOWED_HOSTS environment variable.
ALLOWED_HOSTS variable accepts the following hosts formats:
- fully qualified names (e.g.
- a value beginning with a period (e.g.
.example.local) that is recognized as a subdomain wildcard
- a value of
*that matches anything (in this case, all of the requests are recorded by the FAST node)
For more information about the
ALLOWED_HOSTS variable values, proceed to this link.
The FAST node employs this environment variable in the following way:
If the value of the
Hostheader of the incoming request matches the value specified in the
ALLOWED_HOSTSvariable, then the FAST node considers the request as a baseline one. The request is then recorded and proxied.
All the other requests are proxied through the FAST node but not recorded.