Sites, Scanning and Options
Scanning Options
The has two modes, in general, a Safe Scan will get the domains needed, run that first, then try turning off the safety.
-
Safe Scan
- This option pulls the site page you supplied and makes a list of:
- Direct links (“href” links)
- Image links (“img” links)
- The site domain name of any link supplied
- This option pulls the site page you supplied and makes a list of:
-
Non-Safe Scan
- This option works slight differently, in steps:
- Collect the site content
- Look through the text for anything that looks like “http(s)://<something/”
- Check that’s a domain, then add it to the list
- This option works slight differently, in steps:
This is more likely to catch domains called by JavaScript that contain extra calls.
Tech Example
The site “iplocation.net” when connecting via IPv6 will report your IPv6 VPN address, and then make a Javascript call to “ipv4.iplocation.net”. This link is buried in JavaScript and isn’t detected by a Safe Scan
Options during Sync
On the sites page, each site has two options:
-
Scan on Sync
- This runs a Safe Scan whenever you Sync, to find any urls in there and add them to the list.
- Guidance - use this at first, but experiment with turning it off:
- Off - Sync will be faster
- On - More likely to catch any new domains
-
Override Keywords
- Keywords win whenever they exist, and the domain will be removed from the Sync list
- With this option, you can choose to force the domain back into the Sync list.
-
Also Use Historical DNS
- Will track IP addresses for a specific FQDN
- When a site’s IP addresses are queried, any historical IPs for the FQDN will be added to the firewall alias as well
- Note: This does not affect DNS resolution for the site, it just means if a site returns to an old IP, it’s already lined up