Common vulnerability scanner User-Agents

  • Resolved webkiwinz

    (@webkiwinz)


    1 year, 3 months ago

    We use virusDie as well as wordfence. THe VD scanner was failing. Investigation showed it was WordFence blocking it stating : blocked by firewall for Common vulnerability scanner User-Agents

    We added the IP address for virusdie into the allowed IP setting. It was still blocked by Wordfence with the above message. The only way we can get this working is to disable the vulnerabiity scanner agents setting which leaves us open to all scanners.

    Why is this over riding the “Allowlisted IP addresses that bypass all rules ” setting?

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    1 year, 3 months ago

    Hi @webkiwinz,

    Looking back through our logs, it looks like that rule was specifically created so that it can be disabled (when hit by a product you really use) to allow the User-Agent through without disabling other protection the firewall offers. That seems like a safe fallback from what I’ve read.

    We’d never recommend allowing IPs to bypass all of Wordfence’s protection no matter how trusted that source may seem to be. That setting is there mainly for rare occasions a known safe IP on your hosting environment such as a load-balancer keeps getting stopped.

    I would definitely first try running virusDie’s scan while Learning Mode is enabled for a short period of time though. It may catch possible false-positives that are happening and mean you can keep the rule enabled, too.

    Let us know how you get on,
    Peter.

Viewing 1 replies (of 1 total)

The topic ‘Common vulnerability scanner User-Agents’ is closed to new replies.