Exclusion lists

Use Global Settings

Now you can exclude sensitive resources that you don't want to scan across the entire subscription. For this web application, opt to either use global exclusions defined in global settings, or configure exclusions specific to this web application.

Select the check box to use global exclusions defined in global settings. Clear the check box to ignore global exclusions. Want to customize exclusions for this web app? Just click Add Exclusion.

Allow List

This list identifies the links (URLs) in the web application that you want to be scanned. For each string specified, the crawler performs a string match against each link it encounters. When a match is found, the crawler submits a request for the link. When there is an allow list only (no exclude list), no links will be crawled unless they match a allow list entry.

The allow list can consist of URLs and/or regular expressions.

URLs. Select the check box to enter the URLs for the allow list. Each URL must be a fully qualified domain name. Enter each URL on a new line. You can enter a maximum of 2048 characters for each URL.

Regular Expressions. Select the check box to enter regular expressions for the allow list. Enter each regular expression on a new line. For example, specify /my/path/.* for all URLs under the /my/path/ directory. You can enter a maximum of 2048 characters for each regular expression.

Comments. You can provide comments along with allow list scanning entries. The comments visibly aid users on why specific allow list entries were created. You can enter a maximum of 1024 characters for each comment.

Exclude List

This list identifies the links (URLs) in the web application that you do not want to be scanned. For each string specified, the crawler performs a string match against each link it encounters. When a match is found, the crawler does not submit a request for the link unless it also matches a allow list entry.

The exclude list can consist of URLs and/or regular expressions.

URLs. Select the check box to enter URLs for the exclude list. Each URL must be a fully qualified domain name. Enter each URL on a new line. You can enter a maximum of 2048 characters for each URL.

Regular Expressions. Select the check box to enter regular expressions for the exclude list. Enter each regular expression on a new line. For example, specify /my/path/.* for all URLs under the /my/path/ directory. You can enter a maximum of 2048 characters for each regular expression.

Comments. You can provide comments along with exclude list scanning entries. The comments visibly aid users on why specific exclude list entries were created. You can enter a maximum of 1024 characters for each comment.

POST Data Exclude List

This list identifies POST requests with body for which you want to block form submission, as this could have unwanted side effects like mass emailing. The entries for POST Data Exclude List should match something that appears in the body of the POST request. When specified, our service blocks form submission for any POST request with body that matches the specified entries and does not submit the blocked POST data (for example, form fields) during all scan phases.

Regular Expressions. Select to set up a list of POST request with body for the form submissions you want to block. Specify each entry on a separate line in the field provided. You can enter a maximum of 2048 characters for each entry.

Logout Regular Expression

The logout regular expression lists the logout links you want to exclude from scanning.

Regular Expressions. Select the check box for the logout regular expression. Select to set up a list of regular expressions to identify logout links you want to exclude form scanning. Enter each regular expression on a separate line in the field provided. You can enter a maximum of 2048 characters for each regular expression.

Parameters

Define the parameters you want to exclude from scanning. You could choose a type: ANY, COOKIE, POST, URL and then specify the name of the parameter.

Regular Expressions. Select the check box to enter regular expression to exclude parameter.