The applications I need to scan are within a very large site of mostly static pages (more than the maximum the scanner will crawl). So I need to use a white list to target the application. All of the applications are in subdirectories and some are in subdirectories two or three levels down from the root. But I can only get Qualys to scan things one level down.
Initially I set up a white list with RegEx's like these:
It wouldn't scan anything at all until I added the following white list URL:
Then it did scan /subdir1/.* but not /subdir2/subdir3/.*
So I thought perhaps I had to add URLs to help it find the correct path. So I added the following white list URL:
It still won't scan /subdir2/subdir3/.*
I've never worked with white lists or black lists before in any context so perhaps there's something fundamental that I'm missing.