Support
Invicti Enterprise On-Premises

Security settings

This document is for:
Invicti Enterprise On-Premises

On the Security Settings page, you can enable, add, and set security measures while scanning. You can also make user sessions IP restricted, prevent internal scanning, enable localhost scanning, and add new authorized IP addresses.

Security settings is available in the Invicti Enterprise On-Premises Edition only.

For further information, Invicti Editions.

Security settings fields

This table lists and explains the fields on the Security settings page.

FieldDescription
Prevent Internal ScanningEnable this option to prevent Invicti from scanning internal IP address blocks.
Enable Localhost ScanningEnable this option to allow Invicti to scan localhost. For example, if you’ve already built your website on localhost:95, please enable it for scanning.
Authorized IP AddressesThis is a list of IP Addresses that have been specifically authorized to access Invicti Enterprise.
If you want to serve the application behind a load balancer, you must add its IP address to this list. Otherwise, IP Based Cookies will not work.
NameThis is the name of the IP Address.
Regex PatternThis is the Regex Patterns of the IP Address.

How to enable Security settings

  1. Log in to Invicti Enterprise.
  2. From the main menu, select Settings > Security
  • Enable the Prevent Internal Scanning checkbox.
  • Enable the Enable Localhost Scanning checkbox.
  1. Select Save.

How to add an Authorized IP Address

  1. From the main menu, select Settings > Security
  2. In the Authorized IP Addresses panel, select New.
  3. Complete the Authorized IP Addresses, Name, and Regex Pattern fields.
  4. Select Save.

How to delete an Authorized IP Address

  1. From the main menu, select Settings > Security
  2. In the Authorized IP Addresses panel, select the Delete button () next to the relevant IP address.
  3. Select Save.