There are situations where you want to configure Acunetix WVS to exclude a portion of web application from crawling / scanning. This might be required if the web application being scanned is too big, or if scanning part of the site might trigger unwanted actions. There are 2 ways to instruct Acunetix to omit scanning part of your web application.
The easiest method is to scan a directory on the site – e.g. http://testphp.vulnweb.com/AJAX/. Acunetix will only scan the of the site which is found in the /AJAX/ location, and will not scan any URLS which are above the /AJAX/ path. For this to work correctly, the URL needs to end in a forward slash (/).
The second method is to make use of the the Directory and File Filters, which enables you to specify a list of directories or filenames to be excluded from a crawl. Filters can be configured according to directory or file names, as well as through the use of wildcards to match multiple directories or files with the same filter. Regular expressions can also be used to match a number of directories or files. If a regular expression is specified as a filter, toggle the value to Yes under the ‘Regex’ column by clicking on it.
To add a directory or file filter:
- Click the Add URL button and specify the URL of the website where the directory or file is located.
- Click the Add Filter button and specify the directory or filename whilst optionally using a wildcard or regular expression.
- When specifying a directory, do not add a slash ‘/’ in front of the directory name. A trailing slash is automatically added to the end of the website URL.
Note: Directory and File filters specified for the root or any other directory of a website are not inherited by their sub directories, therefore a filter must be specified separately for sub directories, as shown in the screenshot above.