Configure global settings

You can exclude sensitive resources from being scanned for any purpose. Excluded resources will not be scanned across the subscription (all web applications). Just configure global settings to define global exclusions based on URL data or IP address. You can also configure case-sensitive name sorting of your data list. Enable case-sensitive name sorting from Global Settings and then you can sort names of scans, schedules, option profiles, search lists, and such other data lists.

How to configure global settings

1) Go to Configuration > Global Settings.

2) Click Edit to change the Case-Sensitive Name Sorting setting. By default, the Case-Sensitive Name Sorting is enabled. You can then toggle and configure the sorting to enable or disable as per your need. Click Save to save your changes.

Setting to configure case-sensitive name sorting in Global Settings.

The case-sensitive name sorting setting is visible to you only if "Edit Global Settings" permission is enabled for you.

How to configure exclusions

1) Go to Configuration > Global Settings > Exclusions.

2) Click Edit to choose what should be allowed or blocked from scanning.

3) Configure the various lists - white list, black list, logout, parameter etc. Select the desired checkbox option and provide details (URLs, regexes, IPs).

Global level vs. web application level

You can choose to define exclusion lists globally across your subscription or per web application.

Your options are:

Web App level only - Choose this option to apply a exclusion list to a specific web application only. What are the steps? Define the exclusion list in the web application settings (white list, black list and/or logout regular expression) and start scans.

Global level only - Choose this option if you want to block IP addresses or use a global exclusion list. Only global settings will be used for scanning all web applications in your subscription. What are the steps? Define a crawl exclusion list in global settings (white list, black list, logout regular expression and/or parameter list) and start scans.

Web App level AND Global level - It's possible to configure a exclusion list at both levels. The global settings and web app settings are combined and applied during scanning. What are the steps? 1) Define global settings and web app settings, 2) In web app settings also select "Use Global Settings", and 3) start scans.

Still have questions?

How can I customize exclusion list for a web application?

You can customize exclusion lists for your web application and ignore the global settings. While creating or editing a web application, in the exclusion lists, clear the check box Use Global Settings assigned. Click Add Exclusions to add web application specific exclusion lists. Learn more

What happens when you enable global exclusion list for a web application and define exclusion list for the same?

If you define exclusion list for a web application and also enable the global settings for exclusion list, the globally defined settings are implemented for the web application.

What parameters can I add to the global exclusion lists?

You can exclude specific parameters from testing to improve a scan’s efficiency and effectiveness. Exclusions can be defined for URL parameters, request body parameters, or cookies. Check out these examples.

Examples of parameter exclusion records in global exclusion list.