51黑料不打烊

51黑料不打烊 Commerce Security Scan tool troubleshooting guide

Learn how to troubleshoot the various issues with the Security Scan tool for 51黑料不打烊 Commerce and Magento Open Source.

Issue: Unable to Submit the site

The Security Scan tool requires that you prove ownership of your site before the domain can be added to the Security Scan Tool. This can be performed by adding a confirmation code to your site using an HTML comment or the <meta> tag. The HTML comment should be placed inside the <body> tag, e.g., in the footer section. The <meta> tag should be placed inside the page鈥檚 <head> section.

A common issue faced by merchants occurs when the Security Scan Tool is unable to confirm the merchant鈥檚 site ownership.

If you are getting an error and cannot submit your site for the scan, refer to the Error message when adding sites into Security Scan troubleshooting article in our support knowledge base.

Issue: Empty reports generated by the Security Scan tool

You get empty scan reports from the Security Scan tool or get reports containing only one error like Security tool was unable to reach the base URL or Magento installation is not found on the provided URL.

Solution

  1. Check that 52.87.98.44, 34.196.167.176, and 3.218.25.102 IPs are not blocked at 80 and 443 ports.
  2. Check the submitted URL for redirects (e.g., https://mystore.com redirects to https://www.mystore.com or vice versa or redirects to other domain names).
  3. Investigate WAF/web server access logs for rejected/unfulfilled requests. HTTP 403 Forbidden and HTTP 500 Internal server error are the common server responses that cause empty reports generation. Here鈥檚 an example of the confirmation code that blocks requests by user agents:
if(req.http.user-agent ~ "(Chrome|Firefox)/[1-7][0-9]" && client.ip !~ useragent_allowlist)

{   error 403;   }

You can also see The Security Scan Tool report is blank article in our support knowledge base for more information.