OWASP ZAP Scan Configuration Inquiry
19 views
Skip to first unread message
Vanarat Khumdee
May 27, 2026, 8:09:49 AM (5 days ago) May 27
to ZAP User Group
I would like to ask if OWASP ZAP can be configured to scan only specific URLs or paths. Also, is it possible to set a rate limit during the scan?
I tried running the default scan configuration, and the system became unavailable afterward
Simon Bennetts
May 28, 2026, 5:04:55 AM (5 days ago) May 28
to ZAP User Group
Hiya,
ZAP is massively configurable, so yes, it can be configured to scan only specific URLs or paths.
There are different ways to do this, depending on how you are running ZAP.
If you're using automation then see https://www.zaproxy.org/docs/getting-further/automation/automation-options/
Yes, ZAP does support rate limiting.
Pro tip - got to https://www.zaproxy.org/ and put "Rate Limiting" into the search box and look at the first result :)
And an FYI, ZAP left OWASP nearly 3 year ago, its now just "ZAP", or "ZAP by Checkmarx".
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages