-
Security Announcements
-
Product News
-
Next-Gen Vulnerability Management
-
Getting Started
-
General
-
Operating Status
-
Network & System Security
-
Web Application Security
-
Cloud Security
-
API Security
-
Phishing Simulation & Awareness Training
-
Attack Surface Management
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset Management
-
Vulnerability Manager
-
Reports
-
Digest Reports
-
Organizer
-
Continuous Monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & Conditions
-
Dashboard
How do I make a custom rule for exclusion of URLs for the web application scanner?
To add a custom rule for excluding URLs you can use regular expression (regexp). The URLs matching the rule will not be scanned by the WAS scanner. Read more about regular expressions here (external link):
https://en.wikipedia.org/wiki/Regular_expression
Follow these steps to create a custom rule.
- Login to Security Center.
- Click Scan webb app.
- Click Web applications.
- Click edit for the web app.
- In the window click Crawl exclusion list.
- Under Blacklists check Regular expressions.
- After Regular expression enter one or more regular expression rules for excluding URLs. See common examples below. Notice that you need to use escape for special characters like ".", "?", "^", "$", "[", "]", "(", ")" and "=".
- Click OK. Next time you scan the web app the rule will be used.
- Done!
Exclude all URLs below a folder
Exclude everything below a specific folder:
Regexp:
^http://www\.holmsecurity\.se/about-us/.*
Example match:
http://www.holmsecurity.se/about-us/contact.html
http://www.holmsecurity.se/about-us/contact/us-office.php
Exclude URLs based on a file type
Exclude all URLs that ends with a specific filetype, like all HTML documents:
Regexp:
.*\.html$
Example match:
http://www.holmsecurity.se/about-us/contact.html
http://www.holmsecurity.se/start.html
Exclude URLs based on a string
Exclude all URLs that contains a specific string.
Regexp:
.*form.*
Example match:
http://www.holmsecurity.se/forms/sign-up.html
https://forms.holmsecurtity.com/
http://www.holmsecurity.se/form.phs