Exclusion lists
Use Global Settings
Now you can exclude sensitive resources that you don't want to scan
across the entire subscription. For this web application, opt to either
use global exclusions defined in global settings, or configure exclusions
specific to this web application.
Select the check box to use global exclusions defined in global
settings. Clear the check box to ignore global exclusions. Want to
customize exclusions for this web app? Just click Add Exclusion.
White List
The white list identifies the links (URLs) in the web application
that you want to be scanned. For each string specified, the crawler
performs a string match against each link it encounters. When a match
is found, the crawler submits a request for the link. When there is
a white list only (no black list), no links will be crawled unless
they match a white list entry.
The white list can consist of URLs and/or regular expressions.
URLs. Select the check box to enter
the URLs for the white list. Each URL must be a fully qualified domain
name. Enter each URL on a new line. You can enter a maximum of 2048
characters for each URL.
Regular Expressions. Select the check box to enter regular expressions
for the white list. Enter each regular expression on a new line. For
example, specify /my/path/.* for all URLs under the /my/path/ directory.
You can enter a maximum of 2048 characters for each regular expression.
Comments. You can provide comments along with whitelist scanning
entries. The comments visibly aid users on why specific whitelists
entries were created. You can enter a maximum of 1024 characters for
each comment.
Black List
The black list identifies the links (URLs) in the web application
that you do not want to be scanned. For each string specified, the
crawler performs a string match against each link it encounters. When
a match is found, the crawler does not submit a request for the link
unless it also matches a white list entry.
The black list can consist of URLs and/or regular expressions.
URLs. Select the check box to enter
URLs for the black list. Each URL must be a fully qualified domain
name. Enter each URL on a new line. You can enter a maximum of 2048
characters for each URL.
Regular Expressions. Select the check box to enter regular expressions
for the black list. Enter each regular expression on a new line. For
example, specify /my/path/.* for all URLs under the /my/path/ directory.
You can enter a maximum of 2048 characters for each regular expression.
Comments. You can provide comments along with blacklist scanning
entries. The comments visibly aid users on why specific blacklist
entries were created. You can enter a maximum of 1024 characters for
each comment.
POST Data Black List
The POST data black list identifies POST requests with body for
which you want to block form submission, as this could have unwanted
side effects like mass emailing. The entries for POST Data Black List
should match something that appears in the body of the POST request.
When specified, our service blocks form submission for any POST request
with body that matches the specified entries and does not submit the
blocked POST data (for example, form fields) during all scan phases.
Regular Expressions. Select to set up a list of POST request with
body for the form submissions you want to block. Specify each entry
on a separate line in the field provided. You can enter a maximum
of 2048 characters for each entry.
Logout Regular Expression
The logout regular expression lists the logout links you want to
exclude from scanning.
Regular Expressions. Select the check box for the logout regular
expression. Select to set up a list of regular expressions to identify
logout links you want to exclude form scanning. Enter each regular
expression on a separate line in the field provided. You can enter
a maximum of 2048 characters for each regular expression.
Parameters
Define the parameters you want to exclude from scanning. You could
choose a type: ANY, COOKIE, POST, URL and then specify the name of
the parameter.
Regular Expressions. Select the check box to enter regular expression
to exclude parameter.