Restrict to folder limitations

This topic describes limitations to the Restrict to folder scan option when JavaScript include files are encountered or when a login or workflow macro is used.

JavaScript include files

During a scan, the crawler and JavaScript engine might access external JavaScript include files. These files are not actively audited, so no attacks are sent over HTTP. However, passive inspection can reveal issues with JavaScript include files, and these files will be listed in the site tree.

Login macros

If you use a login macro, then sessions requested in the macro will be listed in the site tree. The sessions will be passively audited, meaning that no attacks will be sent, but vulnerabilities such as weak encryption, unencrypted login forms, and so on might be revealed.

Workflow macros

If you use a workflow macro in a Crawl and Audit scan or a Crawl Only scan, then the scan might violate the Restrict to folder option. The assumption is that you wish to visit the URLs included in the workflow macro.