Hi Greg,
Applications are detected either automatically by http headers or if the customer creates a detection rule by an URL pattern. The URL pattern rules are always considered first.
Auto detection (current version): By default ruxit checks the host, the x-forwarded-for or the x-host header for the "real" domain name - which is then used as the application name. Other headers could be defined in the global settings -> real user monitoring -> applications, look for "Identify domain names using HTTP request headers".
If ruxit picks up a new header value (new domain) it makes some checks before the application will be treated as application candidate, here are some examples:
- header must be valid according the specification
- response code must be valid: 200
- known robots and crawlers are ignored for new applications
- and some more ...
When this checks are passed the new domain is an application candidate and the javascript tag will be injected. Only if a monitor signal from the javascript tag for that application is finding it's way to ruxit, then this application will be a real application and shows up in the list.
Previous versions: unfortunately we don't had all the additional checks in previous versions. So most of the "www.google.com" applications are because we did a bad job on the auto detection. These apps are created because someone has send to your IP a http request with "www.google.com" in the host header. This is done to check if there is an open proxy. More info: http://meatballwiki.org/wiki/OpenProxy
With one of the next releases we will clean up the application lists and will remove all this false detected applications. For now it is the best way to just disable real user monitoring for them. If you still see new "false" detected application, please send me a note or open a support ticket, so that we can take a closer look.
Alex
