Recommended scan settings to avoid getting blocked by WAFs #4493
-
Hi, I am new to Nuclei and only did a few scans using teh community templates. I am observing that quite quickly my scan is getting blocked by WAFs such as Cloudflare or on premise WAF like Big IP F5. Especially Cloudlfare seems to be quite agressive as my IP was blocked for at least two weeks (for that specific website). Is it enough to use rate liming / concurrency with My plan is run a daily nuclei scan on about 100 urls of web applications (we have permission to scan the applications). Valentijn |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
If you're scanning those applications as part of engagement, the only way to guarantee that they will get through would be to have your IPs whitelisted by the WAFs. Rate limiting, concurrency can help, but in the end whitelisting is the only way to guarantee the traffic will get through. |
Beta Was this translation helpful? Give feedback.
If you're scanning those applications as part of engagement, the only way to guarantee that they will get through would be to have your IPs whitelisted by the WAFs.
Rate limiting, concurrency can help, but in the end whitelisting is the only way to guarantee the traffic will get through.