server-policy pattern custom-global-white-list-group

Use this command to configure objects that will be exempt from scans.

This command applies to all the server-policies. If you want to define an allow list that applies specifically to a certain server policiy, use config server-policy allow-list instead of this one.

To use this command, your administrator account’s access control profile must have either w or rw permission to the traroutegrp area. For details, see Permissions.

Syntax

config server-policy pattern custom-global-white-list-group

edit <entry_index>

set status {enable | disable}

set type {Cookie | Parameter | URL | Header_Field }

set domain "<cookie_str>"

set name "<name_str>"

set path "<url_str>"

set request-type {plain | regular}

set domain-type {plain | regular}

set name-type {plain | regular}

set request-file-status {enable | disable}

set domain-status {enable | disable}

set request-file "<url_str>"

set header-type {plain | regular}

set value-status {enable | disable}

set value-type {plain | regular}

set value <header_value_string>

end

Variable	Description	Default
<entry_index>	Enter the index number of the individual rule in the table. The valid range is 1–9,223,372,036,854,775,807.	No default.
status {enable \| disable}	Enable to exempt this object from all scans.	`enable`
type {Cookie \| Parameter \| URL \| Header_Field }	Indicate the type of the object. Depending on your selection, the remaining settings vary.	`URL`
path "<url_str>"	Enter the path as it appears in the cookie, such as `/` or `/blog/folder`. This setting is available if type {Cookie \| Parameter \| URL \| Header_Field } is set to `Cookie`.	No default.
request-type {plain \| regular}	Indicate whether the request-file "<url_str>" field contains a literal URL (`plain`), or a regular expression designed to match multiple URLs (`regular`). This setting is available if type {Cookie \| Parameter \| URL \| Header_Field } is set to `URL`.	`plain`
domain-type {plain \| regular}	Indicate whether the `domain "<cookie_str>"` field will contain a literal domain/IP address (Simple String), or a regular expression designed to match multiple domains/IP addresses (Regular Expression).	`plain`
domain "<cookie_str>"	Enter the partial or complete domain name or IP address as it appears in the cookie, such as: `www.example.com` `.google.com` `192.0.2.50` If clients sometimes access the host via IP address instead of DNS, create allow list objects for both. This setting is available if type {Cookie \| Parameter \| URL \| Header_Field } is set to `Cookie`. Caution: Do not allowlist untrusted subdomains that use vulnerable cookies. It could compromise the security of that domain and its network.	No default.
name-type {plain \| regular}	Indicate whether the `name "<name_str>"` field will contain a literal parameter name (Simple String), or a regular expression designed to match all parameter names (Regular Expression).	plain
name "<name_str>"	Depending on your selection in type {Cookie \| Parameter \| URL \| Header_Field }, either: Enter the name of the cookie as it appears in the HTTP request, such as `NID`. Enter the name of the parameter as it appears in the HTTP URL or body, such as `rememberme`. This setting is available if type {Cookie \| Parameter \| URL \| Header_Field } is set to `Cookie`, `Parameter`, or `Header_Field`.	No default.
request-file-status {enable \| disable}	Enable to apply this rule only to HTTP requests for specific URLs. Configure `request-file "<url_str>"` if it is enabled.	`disable`
domain-status {enable \| disable}	Enable to apply this rule only to HTTP requests for specific domains. If enabled, also configure `domain "<cookie_str>"`.	`disable`
request-file "<url_str>"	Depending on your selection in the request-type {plain \| regular} field, enter either: The literal URL, such as `/robots.txt`, that the HTTP request must contain in order to match the rule. The URL must begin with a backslash ( / ). A regular expression, such as `^/*.html`, matching all and only the URLs to which the rule should apply. The pattern does not require a slash ( / ); however, it must at match URLs that begin with a backslash, such as `/index.html`. Do not include the domain name, such as `www.example.com`. This setting is available if type {Cookie \| Parameter \| URL \| Header_Field } is set to `URL`.
header-type {plain \| regular}	Indicate whether the type field will contain a literal name (plain), or a regular expression designed to match multiple names (regular).	`plain`
value-status {enable \| disable}	Enable to also check the value of the HTTP header. Only the HTTP headers which match both the name and the value will be allowlisted.	`disable`
value-type {plain \| regular}	Indicate whether the header name will contain a literal name (`plain`), or a regular expression designed to match multiple names (`regular`).	`plain`
value <header_value_string>	The value of the HTTP header. Depending on your selection in the `value-type` field, enter either a literal value or a regular expression.	No default.

Example

This example exempts requests for robots.txt from most scans.

config server-policy pattern custom-global-allow-list-group

edit 1

set request-file "/robots.txt"

end