Issue when Scanning a site with Cloudflare WAF
76 views
Skip to first unread message
Claudio Gallo
Feb 14, 2023, 10:17:33 AM2/14/23
to OWASP ZAP User Group
Hi,
I am trying to implement ZAP into our CI/CD and our site uses Cloudflare. We already bypassed the IP in the WAF but I keep getting URLs that have this path at the end "/cdn-cgi/", is there a way to exclude URL paths in the tool?
Thank you,
Claudio
thc...@gmail.com
Feb 14, 2023, 10:44:50 AM2/14/23
to zaprox...@googlegroups.com
Hi.
You can Exclude from Proxy if you don't want ZAP to handle them:
https://www.zaproxy.org/docs/desktop/ui/dialogs/session/#exclude-from-proxy
There's also Global Exclude URL:
https://www.zaproxy.org/docs/desktop/ui/dialogs/options/globalexcludeurl/
for permanent excludes (rather than being tied to the session).
Best regards.
You can Exclude from Proxy if you don't want ZAP to handle them:
https://www.zaproxy.org/docs/desktop/ui/dialogs/session/#exclude-from-proxy
There's also Global Exclude URL:
https://www.zaproxy.org/docs/desktop/ui/dialogs/options/globalexcludeurl/
for permanent excludes (rather than being tied to the session).
Best regards.
Reply all
Reply to author
Forward
0 new messages