I need to write a script for people to test. I discussed a set of conditions in which we can pull the file name from the url and be reasonably certain that the uri path component was referencing a file on disk (as Izik showed in his log). I'll see if I can get to that tonight. If enough people test it and it seems to work reasonably well I think we could roll it into Bro directly.
A little late, but here is a script that adds a bunch of file names for files over HTTP. If some people can run it and we get feedback I think we can target this change for 2.6. Get some extra file names from http · GitHub
For those that don't want to click on it, it works by watching for ETAG headers which are typically generated from the file timestamp and inode number of the file. It appears that web apps don't tend to include this header and my testing showed that it was pretty reliable about only logging things that were real file names.
Let me know how it goes if anyone runs this! Lots of new file names in files.log.