Mariusz Miesiak
Reputation: 638
Exclude URL in ZAP proxy scanning run as daemon
How can I exclude certain URL from ZAP proxy scanning when starting it in daemon mode with following command:
zap.sh -daemon -host 0.0.0.0 -port 8090 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.disablekey=true
Is there any argument or config parameter I can set to exclude certain URLs?
I'm using official docker image owasp/zap2docker-stable:latest.
Upvotes: 3
Views: 2975
Answers (1)
Mariusz Miesiak
Reputation: 638
For anyone who has the same issue the solution is to use following argument in the start command:
-config globalexcludeurl.url_list.url.regex='^((?!http:\/\/example\.com\/).*)$'
In this example it will ignore all urls except the one that begin with http://example.com/.
Upvotes: 8
Related Questions
- OWASP ZAP - Scan a list of url
- How to prevent OWASP ZAP scanner hitting external URLs in Standard Mode?
- how to exclude unnecessary URLs in ZAP html report
- How to run OWASP Zed Attack Proxy ZAP's zap-api-scan.py without requiring docker
- URL pattern to exclude globally in Zap
- ZAP keeps scanning unnecessary URLs
- OWASP Zaproxy cannot attack URL if its begins with https
- Configure Zap Attack as a system wide proxy
- Using OWASP ZAP behind a corporate proxy
- OWASP Zap Exclude in Proxy everything but given URL