Managing CDNs and Shared IPs
Domains hosted on Content Delivery Networks (CDNs) or other cloud hosting services, will use shared IPs addresses managed by a third party.
Hexiosec ASM will still identify risks associated with CDNs or shared IP addresses. However, the application provides you with the capability to manage how these risks and assets related to these IPs are displayed in Hexiosec ASM. For instance, you can choose to exclude the IP-related risks associated with a domain hosted on Azure FrontDoor (Microsoft's CDN) from being shown.
The 'Manage CDNs' page in Hexiosec ASM allows you to designate specific domains as CDNs and exclude their IP-related risks from being considered in scope.
After toggling a domain as a CDN, the scan's results will update immediately, and the Actions will update after a few seconds.
If more than one domain links to a shared IP, you will need to mark all those domains as CDNs for the related risks and assets to be included.
The CDN toggle can be enabled and disabled without needing to re-run a scan.
If believe that scan might include many CDN hosted domains or domains hosted on shared resources, you can choose to completely ignore all IP related risks in the scan's results. Navigate to a scan's settings and toggle the option to 'Hide IP risks (Out of Scope)'.
The scan's result will update immediately, and the Actions will update after a few seconds.
The setting can be enabled and disabled without needing to re-run a scan.
If you use any of the functionality described above, Hexiosec ASM will mark certain types of IP-related assets as out-of-scope, including risks. However, to retain an understanding of domain hosting, certain other asset types are kept in-scope.
The following table lists which types will be out-of-scope and which will be in-scope.
Out-of-scope | In-scope |
|---|---|
Risks Certificates Services Assets URLs Components Entities | IP Ranges ASNs Domains Countries |