Adding new exclusions or exceptions

Procedure

  1. In the Exclude Paths area of the Exclude Paths and Files tab of the Configuration dialog box, click the plus button, select Exclusion or Exception, enter the full path or Regexp., and click OK. (In the Scan Configuration Wizard > Starting URL > Advanced, click Explore.)
    The New Exclusion or Exception dialog box opens.

  2. Select the radio button for the filter you want to create:
    • Exclusion: Do not scan URLs matching this item.
    • Exception: Include URLs matching this item even though they are excluded by an Exclusion higher up on the list.
    Note: The Exception function is only needed if you want to include a directory that is within a path that you have excluded. For example, if you have excluded: http://demo.testfire.net/bank you could then add http://demo.testfire.net/bank/transfer.aspx as an Inclusion, lower down in the list, to include that subdirectory in scans.
    Note: If you add Exclusions between the Explore and Test stages of scanning, AppScan® will not test the excluded paths even though they were explored.
  3. Optionally add a description that will appear in the Exclude Paths list.
  4. Type a path or regular expression that will match a set of directories into the Path field (see examples in table following), and for a regular expression select the check box.
    Note: A regular expression (regexp.) is a string that describes a set of strings, according to certain syntax rules. Click the Expression Test button to open the Expression Test PowerTool, which can help you verify the syntax of your regular expressions.

    If you need additional help writing regular expressions you may find the following link useful: http://www.regular-expressions.info/quickstart.html

  5. To apply the exclusion or exception to paths that include specific parameters only, click the plus button to add one or more parameters to the lower pane of the dialog box.
    Note: This feature is designed for "megascript" applications, where the entire application is contained in a URL and controlled by its parameters. Filtering out the URL would disable the scan, but you can filter out specific parameters, or even specific parameter values (such as those that login or logout).
  6. Click OK.

    The new item is added to the bottom of the list.

    Note: Where there is a conflict between two items in the list, the lower item takes priority. Use the Up/Down buttons to adjust the order of items as required. If an exclusion or inclusion is made redundant due to another exclusion or inclusion higher in the list, the redundant item will be deleted from the list when you click OK.

Example

Type

Example and Function

Exclude

http://demo.testfire.net/transfer

or

http://demo.testfire.net/transfer/

Filters out the specified URL and all sub-directories and files

Exclude

.*private.*

Exclude all URLs containing the string private

Exclude

.*_bk.aspx

Exclude all URLs ending in _bk.aspx

Exception

http://demo.testfire.net/transfer/customize.aspx

When an earlier Exclusion (such as the first one in this table) excludes sub-directories and files, this Exception includes this particular path in the scan.

Note that the Exception must appear below the Exclusion to take effect