About
This tool can quickly check some of the most common mistakes in a HTTP server setup.
It's not a full risk assessment but rather a guide.
The idea comes from twa.
The test coverage is very similar.
Firewalls
This tool creates multiple HTTP requests in quick succession ("bursts").
If you configured your firewall/server to block
DoS Attacks
you might find some of these tests failing if the safety mechanisms kick in and block the requests.
To prevent this, white-list the IP 46.140.111.92
temporarily.
Requests are made from our server only, not your browser.
Tests usually take less than 10 seconds to fully complete,
with the exception to port scans which can take up to 20.
Redirection Errors
If you find that many tests throw error with a 3xx
code,
try adding or removing the www.
subdomain.
The HTTP(s) 404 tests are performed by constructing a long URL using two random sha1 segments.
Example: /.well-known/f17df875...5ca2b73e/96636ddf...28521935
Privacy
This test forwards your IP (3.135.190.243
) to the server being tested using the "X-Forwarded-For" header.
The user agent in use is Mozilla/5.0 (ayra/hsc +https://cable.ayra.ch/hsc)
Limitations
This application only does minimal certificate testing.
For a complete test of your TLS and certificate configuration,
use a service like Qualys SSL Labs Server Tester
The application will search and test for some HTTP header values but will not check their validity fully.
Color Guide
- Green messages indicate a good result.
- Yellow messages mean the result is acceptable but can be improved.
- Red messages are problematic and should be fixed.
-
Blue "N/A" messages indicate a skipped test.
This happens when other conditions failed that need to pass for the test to continue.
For example Test #3 is not performed if #2 failed.