Exclusion lists
Use Global Settings
Now you can exclude sensitive resources that you don't want to scan
across the entire subscription. For this web application, opt to either
use global exclusions defined in global settings, or configure exclusions
specific to this web application.
Select the check box to use global exclusions defined in global
settings. Clear the check box to ignore global exclusions. Want to
customize exclusions for this web app? Just click Add Exclusion.
White List
This list identifies the links (URLs) in the web application that
you want to be scanned. For each string specified, the crawler performs
a string match against each link it encounters. When a match is found,
the crawler submits a request for the link. When there is an allow
list only (no exclude list), no links will be crawled unless they
match a white list entry.
The allow list can consist of URLs and/or regular expressions.
URLs. Select the check box to enter
the URLs for the allow list. Each URL must be a fully qualified domain
name. Enter each URL on a new line. You can enter a maximum of 2048
characters for each URL.
Regular Expressions. Select the check box to enter regular expressions
for the allow list. Enter each regular expression on a new line. For
example, specify /my/path/.* for all URLs under the /my/path/ directory.
You can enter a maximum of 2048 characters for each regular expression.
Comments. You can provide comments along with allow list scanning
entries. The comments visibly aid users on why specific allow list
entries were created. You can enter a maximum of 1024 characters for
each comment.
Black List
This list identifies the links (URLs) in the web application that
you do not want to be scanned. For each string specified, the crawler
performs a string match against each link it encounters. When a match
is found, the crawler does not submit a request for the link unless
it also matches a allow list entry.
The exclude list can consist of URLs and/or regular expressions.
URLs. Select the check box to enter
URLs for the exclude list. Each URL must be a fully qualified domain
name. Enter each URL on a new line. You can enter a maximum of 2048
characters for each URL.
Regular Expressions. Select the check box to enter regular expressions
for the exclude list. Enter each regular expression on a new line.
For example, specify /my/path/.* for all URLs under the /my/path/
directory. You can enter a maximum of 2048 characters for each regular
expression.
Comments. You can provide comments along with exclude list scanning
entries. The comments visibly aid users on why specific exclude list
entries were created. You can enter a maximum of 1024 characters for
each comment.
POST Data Black List
This list identifies POST requests with body for which you want
to block form submission, as this could have unwanted side effects
like mass emailing. The entries for POST Data Black List should match
something that appears in the body of the POST request. When specified,
our service blocks form submission for any POST request with body
that matches the specified entries and does not submit the blocked
POST data (for example, form fields) during all scan phases.
Regular Expressions. Select to set up a list of POST request with
body for the form submissions you want to block. Specify each entry
on a separate line in the field provided. You can enter a maximum
of 2048 characters for each entry.
Logout Regular Expression
The logout regular expression lists the logout links you want to
exclude from scanning.
Regular Expressions. Select the check box for the logout regular
expression. Select to set up a list of regular expressions to identify
logout links you want to exclude form scanning. Enter each regular
expression on a separate line in the field provided. You can enter
a maximum of 2048 characters for each regular expression.
Parameters
Define the parameters you want to exclude from scanning. You could
choose a type: ANY, COOKIE, POST, URL and then specify the name of
the parameter.
Regular Expressions. Select the check box to enter regular expression
to exclude parameter.