Prevent vulnerability scanner from triggering security event

I do weekly security scanning on my website with Detectify.

When this happens, it triggers a security event. Is there a way to allowlist traffic from Detectify scanners so that they don’t trigger security events?

I have their IP addresses.

  1. Log in to Cloudflare.
  2. Select your domain.
  3. Go to the Security > Firewall section.
  4. Create a custom rule to allowlist the IP.
  5. Deploy the rule.
  6. Adjust rule priority if needed.
  7. Test and monitor.
  8. Document rules and consider security.

Thank you!

Under Custom Rules, I don’t see an “allowlist” option. The most relevant option seems to be “skip”, but I’m not sure which things I should be skipping. The available options are below. Any advice?

WAF components to skip

  • All remaining custom rules
  • All rate limiting rules
  • All managed rules
  • All Super Bot Fight Mode Rules
  • Zone Lockdown
  • User Agent Blocking
  • Browser Integrity Check
  • Hotlink Protection
  • Security Level
  • Rate limiting rules (previous version)
  • Managed rules (previous version)

Yes, I meant SKIP. When you use the SKIP function that will allowlist. You can tick all to purely allowlist the IP.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.