Skip to main content

Denylist or allowlist an application pool

Denylists and allowlists are based on the application pool name. Application pool denylists and allowlists also accept * as a variable-length wildcard. (AppPool* will match AppPool1, AppPool_arb, etc.)

Allowlists take precedence over denylists. Application pools that satisfy both lists aren't analyzed.

To disable the agent for a specific application, populate agent.dotnet.app_pool_denylist with the appropriate application pool in C:\ProgramData\Contrast\dotnet\contrast_security.yaml:

# Comma-separated list of application pools ignored by Contrast
agent:
  dotnet:
    app_pool_denylist: ExampleAppPoolName

To only enable the agent for specific applications hosted by IIS, configure agent.dotnet.app_pool_allowlist to only analyze certain application pools. If an application pool is allowlisted, the agent analyzes the matching pools. There should be no performance impact for any other applications.

To enable the agent for only specific application pools, populate agent.dotnet.app_pool_allowlist with the appropriate application pool in C:\ProgramData\Contrast\dotnet\contrast_security.yaml:

# Comma-separated list of application pools exclusively profiled by Contrast
agent:
  dotnet:
    app_pool_allowlist: ExampleAppPoolName

Tip

Read more about yaml configuration.