If you can't access the target through Vex, you should identify whether it is caused by a poor configuration or the target specifications.
See the checklist below. (15 items in total)
-Attributable to a testing environment -3 items
-Attributable to Vex settings -4 items
-Attributable to an environment of a target -8 items
*It is listed in order of priority, so be sure to check from the top.
[Attributable to a testing environment]
1. Can you access the target site from the browser on the terminal where Vex is installed, without going through Vex?
Yes |
Go to the next one. |
No |
Make sure that the target site is properly running, and that the IP address is not restricted in your testing environment. |
2. Is an upstream proxy server used?
Yes |
Go to "Target information" > "Detail settings", and specify "Upstream proxy server" before accessing the target, if it has not been specified. [Related article] Is it possible to run Vex through an internal proxy server? |
No |
Go to the next one. |
3. Is automatic configuration script used?
Yes |
If you use a web browser's automatic configuration script (Proxy Auto Configuration - PAC), check the distributed destination proxy server, and go to "Target information" > "Detailed settings" to specify "Upstream proxy server". [Related article]Is it possible to run Vex through an internal proxy server? Also, be sure to uncheck "Use automatic configuration script" in the "Proxy Settings" on your browser. For more details, see Quick Start "3.3 Browser Setting". |
No |
|
[Attributable to Vex settings]
4. Is your browser's "Proxy Settings" correct?
Yes |
Review the "Proxy Settings" of your web browser and make sure there are no errors in the settings. For more details, see Quick Start "3.3 Browser Setting". |
No |
go to the next one. |
5. Does the error message "Permission denied.The URL you try to access is not allowed." appear on your browser?
Yes |
You may not have a scanning project open. If the scanning project is not open, the port assigned to the Vex user will not be valid. Make sure that you have the scanning project open when you record a proxy log. When this error message appears while you have the scanning project open, the access destination on the browser and the target information specified in Vex scanning project may be different.
<Steps> 2.Check the Target information For example, if the target URL is "http://www.example.com/index.html", specify "http"://"www.example.com":80" as the setting value. |
No |
|
6. Does the error message "Permission denied. The URL you try to access matches rejected rules..." appear on your browser?
Yes |
"Excluded access path" setting limits the access. Make sure that the setting is correct. |
No |
|
7. Is the "logging" feature enabled ?
Yes |
Go to the next one. |
No |
Click "Enable logging" on the upper left of Vex screen to enable the logging. |
[Attributable to an environment of a target]
8. Are you operating a feature that generates communication with the web server?
Yes |
Depending on the specifications of the application, communication may not be generated due to cache that has been stored, so be sure to clear cache and access the target again to check if the log can be obtained.
|
No |
Vex records communication between a client and a target server and performs a scan based on the logs recorded.
A feature that does not generate communication cannot be scanned by Vex. [Ex] When Javascript is dynamically changing the display information on the client-side browser. |
9. Is a domain other than the target accessed due to acquisition of js files, or asynchronous communication?
Yes |
When external js files are loaded or Ajax communication occurs for a domain that is not specified in the target information, Vex cannot acquire the information necessary for operating the site and may not work properly.
Specify all the domains where the communication will occur in the "Target information".
|
No |
Go to the next one. |
10. Is a client certificate used?
Yes |
Go to "Target information" > "Detail settings" and specify "Client certification", if it has not been specified, before accessing the target. [Related article]Settings for scanning a site using a client certificate |
No |
|
11. Is Digest access authentication or NTLM authentication used?
Yes |
Go to "Target information">"Detail settings" and specify the authentication information in the relevant fields if it has not been specified. For more details, see User Guide "4.1.2.2 Target information" |
No |
|
12. Does the target site implement HTTP Strict Transport Security (HSTS)?
Yes |
When the target site implement HTTP Strict Transport Security (HSTS), the SSL certificate checker on the browser blocks the communication via Vex. If you have not specified "Vex CA certificate" on the browser for operating the target, be sure to specify it before accessing it. [Related article] Presetting for scanning a target using HTTPS communication |
No |
|
13. Is Server Name Indication (SNI) disabled on the target site?
Yes |
Go to "Target information" > "Detail Settings" and disable the "Server Name Indication (SNI)" before accessing the site. For more details, see User's Guide "4.1.2.2 Target information". |
No |
|
14. Does the target site restrict communication using HTTP/1.0?
Yes |
Go to "Target information" > "Detail settings" , and set the "HTTP Version" to "1.1" before accessing the site. *The default is "1.0".[Related article] How is it possible to get the proxy logs that is communicated with HTTP/1.1? |
No |
Go to the next one.
|
15. Are all of the values in Detail settings of"Edit target information" the default ?
Yes |
In some cases, you will be able to obtain logs by editing any default values of Detailed settings in Target information due to the specification of the target.
Check all of the following settings to make sure that the log can be obtained. [Settings]
-Keep-Alive connection
Only in case of HTTP1.1, you can select either "Use" or "Do not use" .When 1.1 is selected, the default is "Do not use".
-Response Content-Length
The default is "Ignore"
-Accept-Encoding header
The default is "Delete"
-Response unzip
The default is "Yes"
For more details, see User Guide "4.1.2.2 Target information".
|
No |
|
Contact us with the Vex log attached, if the problem remains unsolved despite checking all of the above.
Comments
0 comments
Please sign in to leave a comment.