Support
Scans

WAF Identifier

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

The WAF Identifier Security Check detects whether there is a Web Application Firewall (WAF) enabled in the target site.

If a WAF is enabled in the target site, it will block Invicti attacks and greatly reduce the scan coverage. It should be disabled in order for Invicti to function properly.

WAF Identifier Security Check runs before Invicti makes any attacks to the target site and analyzes whether the website is using any WAF. If a WAF is identified, Invicti Standard shows a pop-up notification. Users can do one of the following:

  • Click OK to stop the scan, disable the WAF and start a new scan
  • Click Ignore to dismiss the warning

Invicti Enterprise only reports the WAF detection in its report. It does not show any pop-up. For more information, see Web Application Firewall Detected.

The WAF Identifier Security Check is enabled by default. There are no additional settings available for the WAF Identifier Security Check.

For further information, see Security Checks.

How to Disable the WAF Identifier Security Check in Invicti Enterprise

  1. Log in to Invicti Enterprise.
  2. From the main menu, go to Policies > New Scan Policy > Security Checks.
  1. Deselect the WAF Identifier checkbox.
  1. Select Save.

How to Disable the WAF Identifier Security Check in Invicti Standard

  1. Open Invicti Standard.
  2. From the Home tab, select the Scan Policy Editor. The Scan Policy Editor dialog is displayed.
  3. Select the scan policy you want to edit.
  4. Select the Security Checks tab
  5. In the Security Checks list, scroll down to WAF Identifier Security Check. (Or, type ‘waf’ in the search box to filter the security checks.)
  1. Deselect the WAF Identifier Security Check checkbox.
  2. Select OK.