Allowlist and Manage Targets

Allowlisting target domains is a critical step for creating a scan config. Domains need to be allowlisted before you can add them to an app or configure a scan. All newly allowlisted target domains are enabled by default, unless configured otherwise. When you're not using a target domain and want it excluded from scans, you can disable and enable as needed. If you have a target domain that hasn't been scanned, you can delete it.

Disabling and deleting targets

Currently, you cannot delete any target domains that you've scanned. You can disable the target domain instead. In the example above, the target that has not been scanned has the option to delete. The targets that have been scanned can only be disabled.

Allowlist and Add Target Domains

Before you create an app or create a scan config, verify that you have added the target domains you want to scan to the allowlist.

  1. From the left menu, go to the Targets page.
  2. When the Targets page appears, click the Add Targets button.
  3. When the Add Targets page appears, input each target domain you want to allowlist. To bulk add multiple target domains, enter each one on a new line. Only the domain is required. Protocols and subdirectories will be removed during scanning. URL format: protocol://subdomain.domain.com/subdirectory

Enable or Disable Target Domains

You can enable or disable target domains as needed. For example, if you are taking a domain offline indefinitely, you can disable the target domain and re-enable if your domain goes back online. Only enabled domains can be added to a scan config or app. If you attempt to add a disabled target domain, you will be prompted to allowlist it.

Disabled Target Domains

If you are disabling a target domain, existing scan configs may be affected. Check your scan configs to ensure that the target domains can be disabled.

Enable or disable a target domain:

  1. From the left menu, go to the Targets page.
  2. Select the target domain you want to modify, and toggle the Enable button on or off.

Delete Target Domains

You can only delete target domains that have not been scanned. To exclude targets that have been scanned, disable them from future scans.

Deleted Target Domains

If you are deleting a target domain, existing scan configs that use it may be affected. Check your scan configs to ensure that the target domains can be deleted.

Delete a target domain:

  1. From the left menu, go to the Targets page.
  2. Select the target domain you want to modify, and click Delete.