When deploying with [DeployHQ](https://www.deployhq.com), you can [exclude files and directories](https://www.deployhq.com/blog/stop-certain-files-from-being-uploaded-during-a-deployment) from being uploaded to your server. But what if you want to exclude a parent directory while still deploying specific files or subdirectories inside it? That's where **whitelisting** comes in. By prefixing a rule with `!`, you can create exceptions within your exclusion rules — keeping specific files or directories even when their parent is excluded. ## How it works Whitelisting rules use the same syntax as exclusion rules, but with a `!` prefix. They can be configured in **Settings → Excluded Files** in your project, or in a `.deployignore` file in the root of your repository. ``` flowchart TD A[File in Repository] --> B{Matches exclusion rule?} B -- No --> C[✅ Deployed] B -- Yes --> D{Matches whitelist rule?} D -- No --> E[❌ Excluded] D -- Yes --> F[✅ Deployed] ``` ## Common examples ### Exclude `node_modules` but keep a specific package You use a vendored package that needs to be on the server, but want to exclude the rest of `node_modules`: ``` node_modules node_modules/**!node_modules/my-custom-package !node_modules/my-custom-package/** ``` ### Exclude all config files but keep a template Your `config/` directory contains secrets, but you want to deploy a sample configuration: ``` config config/**!config/config.sample.php ``` ### Exclude build artifacts but keep a dist folder You don't want source maps or test output deployed, but need the compiled assets: ``` build build/**!build/dist !build/dist/** ``` ### Exclude all dotfiles but keep `.htaccess` ``` **/.* !.htaccess ``` ## Syntax reference | Pattern | Effect | | --- | --- | | `vendor` | Excludes the `vendor` directory entry | | `vendor/**` | Excludes all contents inside `vendor` | | `!vendor/autoload.php` | Whitelists a single file inside `vendor` | | `!vendor/my-lib/**` | Whitelists an entire subdirectory | | `**/*.log` | Excludes all `.log` files at any depth | | `!logs/access.log` | Keeps one specific log file | **Important notes:** - Directory rules must **not** end with a trailing slash - Use `**` to recurse through nested directories - Whitelist rules are evaluated after exclusion rules - Both project-level exclusions and `.deployignore` support whitelisting ## Using `.deployignore` Instead of configuring exclusions through the [DeployHQ](https://www.deployhq.com) UI, you can add a `.deployignore` file to the root of your repository. This keeps your exclusion rules version-controlled alongside your code: ``` @title: .deployignore # Exclude dependencies vendor vendor/** # But keep the autoloader !vendor/autoload.php !vendor/composer !vendor/composer/** # Exclude environment files **/*.env # Exclude test directories tests tests/** ``` Note that `.deployignore` does not support [per-server exclusions](https://www.deployhq.com/blog/excluded-files-per-server) — for server-specific rules, use the project settings UI. ## Verifying your rules After running a deployment, you can verify which files were excluded by checking the deployment log. During the Generate Manifest step, [DeployHQ](https://www.deployhq.com) shows a full list of excluded files for each server — a useful way to confirm your whitelist rules are working as expected. For the full documentation on exclusion and whitelisting syntax, see our [support article](https://www.deployhq.com/support/excluded-files#whitelisting-files-and-directories). You may also find these guides helpful: - [Stop certain files from being uploaded during a deployment](https://www.deployhq.com/blog/stop-certain-files-from-being-uploaded-during-a-deployment) — the basics of file exclusions - [Excluded files per server](https://www.deployhq.com/blog/excluded-files-per-server) — different exclusion rules for different servers - [Building a CI/CD pipeline from scratch with DeployHQ](https://www.deployhq.com/blog/building-a-ci-cd-pipeline-from-scratch-with-deployhq-a-step-) — broader deployment automation - [Protect your environments: practical security tips](https://www.deployhq.com/blog/protect-your-environments-practical-security-tips-for-smarte) — keep secrets out of deployments * * * Ready to streamline your deployments? [Sign up for DeployHQ](https://www.deployhq.com/signup) and get started in minutes. If you have any questions, reach out to us at [support@deployhq.com](mailto:support@deployhq.com) or on [Twitter/X @deployhq](https://x.com/deployhq).