Open GoogleCodeExporter opened 9 years ago
I think excluding regexes from the proxy should mean that matching URLs do not
appear in the history or sites tree - thats what its for.
However I do think that having more display options in the History and Sites
tabs is really useful.
So my suggestion is that we enhance the History Filter to support regex
exclusions (but not inclusions).
That way you can choose to whether to filter out certain types of files. We
could even replace the 'Enable image in History' with a filter option which
matches standard image extensions.
And for the Sites tree we could introduce a toolbar similar to the History one
- one that support the same filter options and the 'in scope' button.
Does that sound like a good alternative?
Original comment by psii...@gmail.com
on 5 Apr 2013 at 8:29
If the goal for exceptions is to completely hide them from all modules, then I
agree to keep them that way and then add new display filters similar to the
current ones for images to History and Sites (slightly improved, see below).
However I would improve them for both (images or other regexs): all traffic not
excluded should be available since ZAP starts for all the modules (e.g. History
and Sites). Depending on the filters, the traffic will be displayed or not, but
available. If I'm not wrong, currently images can only be seen since the moment
you enable to see them in History.
I agree the current "Enable image in History" could be integrated in this more
generic regex-based display filtering mechanism and even allow the
customization of the image extensions (.gif, .png. jpg,...).
Then we need to decide what the default will be for images (I vote for off, as
right now) and for other regexs (.css, .js, .ico,...). And finally, a
complementary thing is if that filtering display behavior should impact if the
associated traffic is automatically intercepted (Break tab).
I see this as two different things (although curently for images is the same
thing: History display == Break tab interception), so having independent
options to decide if you want to just display (or not) the traffic in History
(or Sites), and if you want to intercept it (Break tab) would be very useful.
I'm aware we can create Break rules too, but I would provide a direct Break
rule matching for these display filters.
Original comment by raul.si...@gmail.com
on 5 Apr 2013 at 8:53
Please check out the new feature for GlobalExcludeURL in the Options menu.
This allows you to specify multiple regexs that are automatically ignored by
the Proxy, Break, Spider, and Scanner. The regexs persist outside of the
session - they are completely ignored and saved between boot-ups of ZAP. The
URLs will still appear in the History tab. I think this meets most of what
you're requesting.
Please look at the daily or weekly builds after Feb 25, this was added in SVN
commit 4333.
Original comment by veggiespam
on 25 Feb 2014 at 3:24
Original issue reported on code.google.com by
raul.si...@gmail.com
on 4 Apr 2013 at 7:31