Exceptions

Use exceptions to include URLs in the scan that would typically be excluded because they are specified in the Exclusions. You can apply exceptions to a single exclusion (known as specific exception) or to all exclusions (known as overall exceptions).

When the scan finds a URL that matches a pattern you want to exclude, it first looks to see if there is an exception that applies to that exclusion. If the URL matches a specific exception, it is included in the scan, unless it matches another one of your exclusions. If the URL does not match the specific exception, then it is compared with the list of overall exceptions. If the URL matches any of the overall exceptions, it is included in the scan. If the URL does not match any of the overall exceptions, it is excluded from the scan.

Both specific and overall exceptions can be combined together to produce a required effect. For example, you are excluding directories A, B, C, D, and E because they contain many .zip and image files that are not relevant. However, they all contain .html files that you want to include in the scan, so that you create an overall exception that includes .html files. But directory E also contains some .asp files that should be included in the scan. You can create a specific exception to directory E that includes .asp files in it.

Example: Specific exception to an exclusion

You have a download directory containing mostly .exe and .zip files that you do not need to scan. However, there are a few html files in that directory that should be scanned because they contain content. On the Exclusions page you can add the exclusion and specific exception shown in here:

Adding an exclusion and specific exception to it

With the exclusion and exception shown here, the URL www.mycompany.com/downloads/appscan.html would be included in the scan. Use the same syntax (URLs or regular expressions) to specify the exclusion and the exceptions.

Example: Overall exception

In this example, two URLs that contain files that do not need to be scanned have been excluded. An overall exception is applied to the page because there are some cases where .asp and .html files exist in those directories, and the scan should include them because they are experienced by users.

Adding an Overall Exception

With the overall exception shown in the here, the URL www.mycompany.com/support/mydownloads.asp would be included in the scan because it falls under the overall exception.