cf-qualys-scanner

What is cf-qualys-scanner?

About

cf-qualys-scanner is a cloud-based web application security scanner that provides automated crawling and vulnerability testing to identify security flaws including XSS, SQL injection, and OWASP Top 10 vulnerabilities. You can see how often cf-qualys-scanner visits your website by setting up Dark Visitors Agent Analytics.

Expected Behavior

Security scanners do not follow a predictable schedule when visiting websites. Their scans can be one-time, occasional, or recurring depending on the purpose of the scanner and the organization's security practices. The frequency and depth of their scans can vary based on factors like the visibility of the site on the public internet, past scan results, and inclusion in external threat intelligence feeds.

Type

Detail

Insights

The percentage of all internet traffic coming from Security Scanners

Robots.txt

Should I Block cf-qualys-scanner?

Probably not. Security scanners can be beneficial, especially if they're configured to report issues back to you.

How Do I Block cf-qualys-scanner?

You can block cf-qualys-scanner or limit its access by setting user agent token rules in your website's robots.txt. Set up Dark Visitors Agent Analytics to check whether it's actually following them.

# In your robots.txt ...

User-agent: cf-qualys-scanner # https://darkvisitors.com/agents/cf-qualys-scanner
Disallow: /

⚠️ Manual Robots.txt Editing Is Not Scalable

New agents are created every day. We recommend setting up Dark Visitors Automatic Robots.txt if you want to block all agents of this type.

References

• https://qualys.com/apps/web-app-scanning/