Description
I am using bunkerweb as a reverse-proxy, and I would like to scan my website with the Acunetix security scanner. Unfortunately, the IP address of the scanner always got banned despite it is in the whitelist. The reason is, during the scan, Acunetix sends a lot of requests with a "weird" Host header, which is different from the server name.
How to reproduce
Sending multiples requests with a different Host header (test.com) than the SERVER_NAME value (app1.example.com), from a whitelisted IP address, trigger a ban by bad behavior.
Here is a sample configuration that you can use to observe the bug :
Description I am using bunkerweb as a reverse-proxy, and I would like to scan my website with the Acunetix security scanner. Unfortunately, the IP address of the scanner always got banned despite it is in the whitelist. The reason is, during the scan, Acunetix sends a lot of requests with a "weird" Host header, which is different from the server name.
How to reproduce Sending multiples requests with a different Host header (
test.com
) than the SERVER_NAME value (app1.example.com
), from a whitelisted IP address, trigger a ban by bad behavior. Here is a sample configuration that you can use to observe the bug :Logs
Thank you for your help.