Limiting scan to the Starting URL folder

You can easily limit a scan to within and below the folder of the Starting URL.

About this task

The check box under the Starting URL field automatically creates the necessary filters to limit your scan to within and below a particular directory.

Procedure

  1. Open Scan Configuration > URL and Servers.
  2. Type or paste-in the URL of the directory you want to restrict the scan to.
  3. Select the Scan only links in and below this directory check box.

    The scan will now be limited to paths under this URL. Links outside this range will not be scanned.

Example

If the Starting URL is defined as http://main/bank/

  • Links to the following will be scanned:
    • http://main/bank/transfer.aspx/
    • http://main/bank/transfer/page_1.aspx/
  • Links to the following will be ignored:
    • http://main/transfer.aspx/
    • http://main/transfer/page_1.aspx/

When you configure the Starting URL, and select this check box, the following two items are added at the top of the Exclude Paths and Files table (Scan Configuration > Exclude Paths and Files):

Item Type Path Matching Behavior
Exclude (Start URL) .* Regular Expression

Always first in the table. Cannot be demoted.

Cannot be edited or deleted. However, if the next item (Exception) is deleted, this is deleted too.

Exception (Start URL) http://main/bank Full Path

Always second in the table. Cannot be promoted or demoted.

Can be edited. (This is to allow for editing the exception in rare cases where AppScan misidentifies the Starting URL directory.)

If deleted, the previous item (Exclude) is also deleted, and the Starting URL check box is deselected.

Note: Unlike other exclusions and exceptions, these two have a gray background, indicating their special status.

When the scan starts, and the Application Tree fills in the left pane, links to parts of the application that are not below the Starting URL are shown with a red X, indicating that they were not scanned.


Red X icons in application tree

What to do next

You can verify that the Exception added is correct, or edit it, from Exclude Paths and Files view (see Limiting scan to a specific folder.