Allowed Hosts

Use the Allowed Host settings to add domains to be crawled. If your Web presence uses multiple domains, add those domains here. For example, if you were scanning "WIexample.com," you would need to add "WIexample2.com" and "WIexample3.com" here if those domains were part of your Web presence and you wanted to include them in the crawl or audit.

You can also use this feature to scan any domain whose name contains the text you specify. For example, suppose you specify www.myco.com as the scan target and you enter "myco" as an allowed host. As Fortify WebInspect scans the target site, if it encounters a link to any URL containing "myco," it will pursue that link and scan that site's server, repeating the process until all linked sites are scanned. For this hypothetical example, Fortify WebInspect would scan the following domains:

• www.myco.com:80
• contact.myco.com:80
• www1.myco.com
• ethics.myco.com:80
• contact.myco.com:443
• wow.myco.com:80
• mycocorp.com:80
• www.interconnection.myco.com:80

Note that if you specify a port number, then the allowed host must be an exact match.

Adding an Allowed Domain

To add allowed domains:

1. Click Edit > Default Scan Settings.

2. From the Scan Settings group in the left column, select Allowed Hosts.

3. Click Add.

4. On the Specify Allowed Host dialog box, enter a URL (or a regular expression representing a URL) and click OK. 

Note: When specifying the URL, do not include the protocol designator (such as http:// or https://).

Editing or Removing an Allowed Domain

To edit or remove an allowed domain:

1. Select a domain from the Allowed Hosts list.

2. Click Edit or Remove.