General
      Back to home
      1. Knowledge base
      2. Web Application Security
      3. General

      How do I make a custom rule for exclusion of URLs for the web application scanner?

      To add a custom rule for excluding URLs you can use regular expression (regexp). The URLs matching the rule will not be scanned by the WAS scanner. Read more about regular expressions here (external link):
      https://en.wikipedia.org/wiki/Regular_expression

      Follow these steps to create a custom rule.

      1. Login to Security Center.
      2. Click Scan webb app.
      3. Click Web applications.
      4. Click edit for the web app.
      5. In the window click Crawl exclusion list.
      6. Under Blacklists check Regular expressions.
      7. After Regular expression enter one or more regular expression rules for excluding URLs. See common examples below. Notice that you need to use escape for special characters like ".", "?", "^", "$", "[", "]", "(", ")" and "=".
      8. Click OK. Next time you scan the web app the rule will be used.
      9. Done!

      Exclude all URLs below a folder

      Exclude everything below a specific folder:

      Regexp:
      ^http://www\.holmsecurity\.se/about-us/.*

      Example match:
      http://www.holmsecurity.se/about-us/contact.html
      http://www.holmsecurity.se/about-us/contact/us-office.php

      Exclude URLs based on a file type

      Exclude all URLs that ends with a specific filetype, like all HTML documents:

      Regexp:
      .*\.html$

      Example match:
      http://www.holmsecurity.se/about-us/contact.html
      http://www.holmsecurity.se/start.html

      Exclude URLs based on a string

      Exclude all URLs that contains a specific string.

      Regexp:
      .*form.*

      Example match:
      http://www.holmsecurity.se/forms/sign-up.html
      https://forms.holmsecurtity.com/
      http://www.holmsecurity.se/form.phs