This article explains how to set up Catcher24 to correctly scan web servers that are hosted behind Cloudflare.
Catcher24 is fully compatible with Cloudflare, but it is important that you set up your targets in the Catcher dashboard correctly. This ensures our scanning engines can distinguish between and reach your intended targets (the website versus the underlying server).
Configuring your targets
-
To scan only the website/web-application: Add the domain hostname.
-
To scan the server infrastructure: Add the server IP-address.
-
To scan the infrastructure and website: Add both the hostname and the IP-address. Please note that this will count as two targets.
Best practice: In all situations, you must prevent scan interference by adding the Catcher24 scanning IPs to the Cloudflare allowlist.