Enterprise Edition
Configuring network and firewall settings for a site
-
Last updated: July 16, 2024
-
Read time: 2 Minutes
When you add a new site, you need to configure your network and firewall settings to enable Burp Suite Enterprise Edition to scan your site effectively. This includes:
Allowing access to your site from the infrastructure on which your scans will run.
Allowing outbound connections to the public Burp Collaborator server. This enables Burp Scanner to use out-of-band application security testing (OAST) techniques to test whether an attacker could induce your site to interact with arbitrary external services. For more information, see Burp Collaborator.
The configuration depends on whether you have a Cloud or self-hosted instance of Burp Suite Enterprise Edition.
For details, see the relevant section below.
Cloud instances
If you want to run scans of the site on Cloud scanning machines:
-
Allow inbound access to your site from the Scanner IPs listed on the PortSwigger IP ranges page.
Allow outbound access from your site to
*.oastify.com
on ports80
and443
.
If you want to run scans of the site on self-hosted scanning machines:
Allow inbound access to your site from the IP addresses of your scanning machines.
Allow outbound access from your site to
*.oastify.com
on ports80
and443
.
If you want to run CI-driven scans of your site:
Allow inbound access to your site from your scan containers.
Allow outbound access from your site to
*.oastify.com
on ports80
and443
.
Note
These options are not mutually exclusive. You can enable all of them for your site.
Self-hosted instances
To allow your scanning machines to scan your site effectively:
Allow inbound access to your site from the IP addresses of your scanning machines.
Allow outbound access from your site to
*.oastify.com
on ports80
and443
.
If you want to run CI-driven scans of your site:
Allow inbound access to your site from your CI/CD platform agents.
Allow outbound access from your site to
*.oastify.com
on ports80
and443
.
Note
These options are not mutually exclusive. You can enable all of them for your site.