cancel
Showing results for 
Search instead for 
Did you mean: 

Security Scanner - False positives due to login restriction

Security Scanner - False positives due to login restriction

I am having an issue with the Security Scanner, I have it pointed to a site (upgraded to the latest 2.2 release) and the report is giving me what I believe to be false positives. The reason for this (I think) is because the site in question has a login restriction (my own custom module) which is restricting access to certain pages on the site without a customer login being active. 

 

So my question is, is there a way for me to know which IP the scanner will run from?

 

I built in the ability to whitelist IP's from the functionality for situations like this, and I could no doubt find out by looking at the server logs, but will the IP remain consistent for future scans and am I going about this the right way?

 

Any advice?

 

Thanks,

Jamie

1 REPLY 1

Re: Security Scanner - False positives due to login restriction

Hi @invoke_jamie,

 

I understand what you're saying. I have, maybe another false possitive (I'm not completely sure yet).

Buy maybe you can try to contact the security team at the security-at-magento.com email address.