Installation guide

URL for Remote File

Inclusion

During Remote File Inclusion (RFI) testing, this option specifies a file on a remote host

to use for tests. By default, Nessus will use a safe file hosted on Tenable’s web server

for RFI testing. If the scanner cannot reach the Internet, using an internally hosted file

is recommended for more accurate RFI testing.

Web mirroring (plugin 10662) sets configuration parameters for Nessus’ native web server content mirroring utility.

Nessus will mirror web content to better analyze the contents for vulnerabilities and help minimize the impact on the

server.

Table 35 – Web Mirroring Settings

Option

Description

Number of pages to mirror

The maximum number of pages to mirror.

Maximum depth

Limit the number of links Nessus will follow for each start page.

Start page

The URL of the first page that will be tested. If multiple pages are required, use a colon

delimiter to separate them (e.g., “/:/php4:/base”).

Excluded items regex

Enable exclusion of portions of the web site from being crawled. For example, to

exclude the “/manual” directory and all Perl CGI, set this field to:

(^/manual)|(\.pl(\?.*)?$).

Follow dynamic pages

If this checkbox is selected, Nessus will follow dynamic links and may exceed the other

“Web mirroring” parameters.

When all of the options have been configured as desired, click “Submit” to save the policy and return to the Policies tab.

At any time, you can click “Edit” to make changes to a policy you have already created or click “Delete” to remove a

policy completely.

Users

SecurityCenter administrators and predefined roles are configured via the “Users” tab. More than one administrator can

be created per SecurityCenter. It is recommended to make at least one administrator user using TNS authentication. This

will enable at least one administrator-level account to log in should the LDAP service become unavailable.