Rick M

I started to look at this a few weeks back. It seems fairly easy to implement for ascan (using a StopWatch). However, the timing for the individual scan rules is...

Nope, as you can see

Quote @thc202: > Did it work in 2.11?

Quote @Foteini7 > I have not tried the 2.11 version, this can be an option if it works, since the 2.10 has the log4j issue

Exclude the -g, you shouldn't be generating the config on every run: https://www.zaproxy.org/docs/docker/full-scan/#usage Also quickprogress because you aren't using quickscan you're using a packaged scan.

> no log file exists in the home directory. Nor should it. (ZAP home, not user home.) https://www.zaproxy.org/faq/how-do-you-configure-zap-logging/ > ZAP logs to a file called “zap.log” in the [ZAP ‘home’...

Just the reports that currently exist.

I believe it was only implemented in one report template. It could probably be added to others as well.

To the original issue: Is this really about pass-thru or are you after blocking/prevention? Because you should be able to use Global Excludes or TLS Pass-thru if that fits the...

Would also probably require: [Enhancement: Add support for raising alerts for other than HTTP/1.x interactions](https://github.com/zaproxy/zaproxy/issues/2464)