General

How do I make a custom rule for exclusion of URLs for the web application scanner?

To add a custom rule for excluding URLs you can use regular expression (regexp). The URLs matching the rule will not be scanned by the WAS scanner. Read more about regular expressions here (external link):
https://en.wikipedia.org/wiki/Regular_expression

Follow these steps to create a custom rule.

  1. Login to Security Center.
  2. Click Scan webb app.
  3. Click Web applications.
  4. Click edit for the web app.
  5. In the window click Crawl exclusion list.
  6. Under Blacklists check Regular expressions.
  7. After Regular expression enter one or more regular expression rules for excluding URLs. See common examples below. Notice that you need to use escape for special characters like ".", "?", "^", "$", "[", "]", "(", ")" and "=".
  8. Click OK. Next time you scan the web app the rule will be used.
  9. Done!

Exclude all URLs below a folder

Exclude everything below a specific folder:

Regexp:
^http://www\.holmsecurity\.se/about-us/.*

Example match:
http://www.holmsecurity.se/about-us/contact.html
http://www.holmsecurity.se/about-us/contact/us-office.php

Exclude URLs based on a file type

Exclude all URLs that ends with a specific filetype, like all HTML documents:

Regexp:
.*\.html$

Example match:
http://www.holmsecurity.se/about-us/contact.html
http://www.holmsecurity.se/start.html

Exclude URLs based on a string

Exclude all URLs that contains a specific string.

Regexp:
.*form.*

Example match:
http://www.holmsecurity.se/forms/sign-up.html
https://forms.holmsecurtity.com/
http://www.holmsecurity.se/form.phs