You can exclude sensitive resources from being scanned for any purpose. Excluded resources will not be scanned across the subscription (all web applications). Just configure global settings to define global exclusions based on URL data or IP address. You can also configure case-sensitive name sorting of your data list. Enable case-sensitive name sorting from Global Settings and then you can sort names of scans, schedules, option profiles, search lists, and such other data lists.
1) Go to Configuration > Global Settings.
2) Click Edit to change the Case-Sensitive Name Sorting setting. By default, the Case-Sensitive Name Sorting is enabled. You can then toggle and configure the sorting to enable or disable as per your need. Click Save to save your changes.
The case-sensitive name sorting setting is visible to you only if "Edit Global Settings" permission is enabled for you.
1) Go to Configuration > Global Settings > Exclusions.
2) Click Edit to choose what should be allowed or blocked from scanning.
3) Configure the various lists - White list, Black list, logout, parameter etc. Select the desired checkbox option and provide details (URLs, regexes, IPs).
You can choose to define exclusion lists globally across your subscription or per web application.
Your options are:
Web App level only - Choose this option to apply a exclusion list to a specific web application only. What are the steps? Define the exclusion list in the web application settings (allow list, exclude list and/or logout regular expression) and start scans.
Global level only - Choose this option if you want to block IP addresses or use a global exclusion list. Only global settings will be used for scanning all web applications in your subscription. What are the steps? Define a crawl exclusion list in global settings (allow list, exclude list, logout regular expression and/or parameter list) and start scans.
Web App level AND Global level - It's possible to configure a exclusion list at both levels. The global settings and web app settings are combined and applied during scanning. What are the steps? 1) Define global settings and web app settings, 2) In web app settings also select "Use Global Settings", and 3) start scans.
You can customize exclusion lists for your web application and ignore the global settings. While creating or editing a web application, in the exclusion lists, clear the check box Use Global Settings assigned. Click Add Exclusions to add web application specific exclusion lists. Learn more
If you define exclusion list for a web application and also enable the global settings for exclusion list, the globally defined settings are implemented for the web application.
You can exclude specific parameters from testing to improve a scan’s efficiency and effectiveness. Exclusions can be defined for URL parameters, request body parameters, or cookies. Check out these examples.
