DAST Scanning
Excluding URLs From Being Scanned
1min
In some situations specific URLs need to be excluded from DAST scans. This can include areas of the application which are out of scope, such as documentation endpoints, or in larger applications this may be necessary because the DAST scans need to be segmented by specific application areas. For example testing the main site vs an admin sub-section of the site.
The --excludeUrlsFile parameter can be used to point to a text file containing a single URL per line to exclude. The URLs may be exact matches, simple wildcard matches, or basic Regex.
Example file:
https://my-site.com/blog*
https://my-site.com/about/
^https://my-site.com/wp-content/.+$
Pass the --excludeUrlsFile=<exclude_urls_file>.txt parameter and ensure that the file exists in the mapped local directory (c:\local-path in this case).
docker run -v c:\local-path:/zap/wrk/:rw -it --rm soosio/dast --clientId=<soos_client_id> --apiKey="<soos_apikey>" --projectName="<project_name>" --excludeUrlsFile=exclude_urls.txt --scanMode=baseline https://url-to-test