Scanner ACL
The Scanner ACL page exports a merged list of all registered scanner IP addresses, subnets, and ASNs in formats suitable for firewalls and WAFs. Use these exports to configure network-level access control rules that ensure only registered scanners can reach your target networks.
Inputs
| Name | Description | Allowed Values | Default |
|---|---|---|---|
| Export Format | Output format for the ACL | JSON, nginx, iptables, Cloudflare | JSON |
Fields & Columns
| Name | Description |
|---|---|
| Entries | Number of ACL entries (IPs, subnets, ASNs) in the export |
| Generated | Timestamp when the ACL was generated |
How To
Export ACL for your firewall
- Select the export format matching your infrastructure (nginx, iptables, Cloudflare, or JSON).
- Review the generated output in the preview area.
- Click Copy to clipboard or Download to save the file.
- Apply the rules to your firewall or WAF configuration.
Generate firewall rules
- Navigate to Admin > Scanner ACL.
- Select the output format (iptables, nginx, or Cloudflare).
- Click Generate to create allow rules for all registered scanners.
- Copy or download the rules for your firewall configuration.
Gotchas
- You must also add the /scanner/register and /scanner/install provisioning endpoints to your allowlist, as they use one-time tokens instead of IP binding.
- ACL entries are created when scanners register and bind to an IP address. No entries appear until scanners are provisioned.
- The iptables format generates a shell script that must be run with root privileges.
API Calls (1)
| Method | Path | Description |
|---|---|---|
| GET | /api/admin/scanner-acl | Export scanner ACL (optional format query parameter: json, nginx, iptables, cloudflare) |
Related Pages
- Scanners — Scanner registrations generate the ACL entries
- Scanner Groups — Grouped scanners share ACL entries