The WAF Identifier Security Check detects whether there is a Web Application Firewall (WAF) enabled in the target site.
If a WAF is enabled in the target site, it will block Acunetix 360 attacks and greatly reduce the scan coverage. It should be disabled in order for Acunetix 360 to function properly.
The WAF Identifier Security Check runs before Acunetix 360 makes any attacks to the target site and analyzes whether the website is using any WAF. If a WAF is identified, it provides the following information.
The WAF Identifier Security Check is enabled by default. There are no additional settings available for the WAF Identifier Security Check.
For further information, see Security Checks.
How to Disable the WAF Identifier Security Check in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, click Policies, then New Scan Policy.
- Click the Security Checks tab.
- Deselect the WAF Identifier checkbox.
- Click Save.