Adding new exclusions or exceptions

Procedure

  1. In Configuration > Excluded paths and files > Exclude paths list, click +Add.
    The Add exclusion or exception dialog box opens.Add exclusion or exception dialog box
  2. Select the anyone of the following type you want to create:
    • Exclusion: Do not scan URLs matching this item.
    • Exception: Include URLs matching this item even though they are excluded by an Exclusion higher up on the list.
    Note:
    • The Exception function is only needed if you want to include a directory that is within a path that you have excluded. For example, if you have excluded: https://demo.testfire.net/bank you could then add https://demo.testfire.net/bank/transfer.aspx as an Inclusion, lower down in the list, to include that subdirectory in scans
    • If you add Exclusions between the Explore and Test stages of scanning, AppScan® will not test the excluded paths even though they were explored.
  3. Type a path or regular expression that will match a set of directories into the Path to exclude field (see examples in table following
  4. If the path is a regular expression, select the Treat as regular expressioncheckbox.
    Note: A regular expression (regexp.) is a string that describes a set of strings, according to certain syntax rules. Click the Regex button to open the Expression Test PowerTool, which can help you verify the syntax of your regular expressions.

    If you need additional help writing regular expressions you may find the following link useful: http://www.regular-expressions.info/quickstart.html

  5. To apply the exclusion or exception to paths that include specific parameters only, select the Include parameters checkbox and click +Add. In the Add parameter dialog box, enter the Parameter name and Parameter valueand click Add parameter to add one or more parameters.
    Note: This feature is designed for "megascript" applications, where the entire application is contained in a URL and controlled by its parameters. Filtering out the URL disables the scan, but you can filter out specific parameters or even specific parameter values (such as those for login or logout).
  6. Optionally add a description to be displayed in the Exclude Paths list.
  7. Click Add.

    The new item is added to the bottom of the list.

    Note: Where there is a conflict between two items in the list, the lower item takes priority. Use the Move up or Move down buttons to adjust the order of items as required. If an exclusion or inclusion is made redundant due to another exclusion or inclusion higher in the list, the redundant item is deleted from the list when you click OK.

Example

Type

Example and Function

Exclusion

https://demo.testfire.net/

or

https://demo.testfire.net/transfer/

Filters out the specified URL and all sub-directories and files

Exclusion

.*private.*

Exclude all URLs containing the string private

Exclusion

.*_bk.aspx

Exclude all URLs ending in _bk.aspx

Exception

https://demo.testfire.net/transfer/customize.aspx

When an earlier Exclusion (such as the first one in this table) excludes sub-directories and files, this Exception includes this particular path in the scan.

Note that the Exception must be below the Exclusion to take effect.