Web Application Scan Fails

This article explains how to diagnose and resolve issues where a Web Application scan fails to start, fails to complete, or is blocked by network or security controls.

Symptoms

• Web Application scan fails to start

• Web Application scan fails to complete

• Scan returns no results

• Scan appears blocked or unreachable

Common Causes

• Firewall or security controls blocking external scan traffic

• Required Cyrisma scanning source IP addresses are not allowlisted

Diagnostic Steps

Follow the steps below in order. Do not skip steps.

1. Check for External Blocking by Firewalls or Security Controls

Web Application scans originate from Cyrisma-managed external infrastructure. If inbound scanning traffic is blocked, the scan will fail.

What to check

• Firewall rules protecting the web application

• Web Application Firewall (WAF) rules

• Security controls restricting inbound connections

If blocking is detected, proceed to IP allowlisting.

2. Verify Required Source IP Addresses Are Allowlisted

Web Application scans may originate from the following IP addresses. These must be allowlisted in any firewall, WAF, or security control protecting the application:

• 40.117.185.208

• 23.96.124.27

• 20.106.163.214

If these IP addresses are not allowlisted, the scan may be blocked or fail to complete.

After updating allowlists, rerun the Web Application scan.

Resolution

Most Web Application scan failures are resolved by:

• Allowlisting the required Cyrisma scanning source IP addresses

• Adjusting firewall or WAF rules to permit inbound scanning traffic

Once changes are applied, rerun the scan and confirm successful completion.

When to Contact Support

Contact Cyrisma Support if:

• The scan continues to fail after IP allowlisting is confirmed

• The application remains unreachable from Cyrisma scanning infrastructure

Provide:

• Confirmation that required source IP addresses are allowlisted

• Any error messages returned by the scan