Enterprise Edition

Configuring network and firewall settings for a site

  • Last updated: April 10, 2024

  • Read time: 2 Minutes

When you add a new site, you need to configure your network and firewall settings to enable Burp Suite Enterprise Edition to scan your site effectively. This includes:

  • Allowing access to your site from the infrastructure on which your scans will run.

  • Allowing outbound connections to the public Burp Collaborator server. This enables Burp Scanner to use out-of-band application security testing (OAST) techniques to test whether an attacker could induce your site to interact with arbitrary external services. For more information, see Burp Collaborator.

The configuration depends on whether you have a Cloud or self-hosted instance of Burp Suite Enterprise Edition.

For details, see the relevant section below.

Cloud instances

If you want to run scans of the site on Cloud scanning machines:

  • Allow inbound access to your site from the following IP addresses:

    54.228.175.165/32 52.211.227.32/32 52.17.113.255/32
  • Allow outbound access from your site to *.oastify.com on ports 80 and 443.

If you want to run scans of the site on self-hosted scanning machines:

  • Allow inbound access to your site from the IP addresses of your scanning machines.

  • Allow outbound access from your site to *.oastify.com on ports 80 and 443.

If you want to run CI-driven scans of your site:

  • Allow inbound access to your site from your scan containers.

  • Allow outbound access from your site to *.oastify.com on ports 80 and 443.

Note

These options are not mutually exclusive. You can enable all of them for your site.

Self-hosted instances

To allow your scanning machines to scan your site effectively:

  • Allow inbound access to your site from the IP addresses of your scanning machines.

  • Allow outbound access from your site to *.oastify.com on ports 80 and 443.

If you want to run CI-driven scans of your site:

  • Allow inbound access to your site from your CI/CD platform agents.

  • Allow outbound access from your site to *.oastify.com on ports 80 and 443.

Note

These options are not mutually exclusive. You can enable all of them for your site.

Was this article helpful?