Secure Seal module seems to be aggressively scanning our corporate website, and only one URL in particular.
How do I exclude that URL from being scanned in Secure Seal settings? Would appreciate if someone can assist with this.
Have you tried blacklisting that URL in your WAS configuration; I believe that is where secure seal is pulling it.
Hi Busby, thanks for your reply. I was under the impression that Secure Seal is a standalone module in Qualys. There might be a caveat to doing this with Secure Seal though. If "blacklisting resources" means preventing Qualys from scanning those resources, then according to the Secure Seal FAQ page SECURE Seal FAQ | Qualys, Inc., "when there are blacklisted resources, all Secure Seal Scans will fail and the seal will not be displayed on your website". This is of course blacklisting the URL in SecureSeal configuration, however I'm thinking that blacklisting in WAS configuration may have the same effect. It goes on to mention "If there are pages that you believe should not be included in the Seal Scan, please select ‘Request Exception’ in the management portal."
But for "Request Exception" to work, there has to be a finding to choose from.
Retrieving data ...