Gravityscan has two ways of scanning. A ‘remote’ scan fetches your web pages like a crawler to determine if your site has a problem. This mode may cause issues if you have server side security in place to limit requests and block offending IP addresses.
Gravityscan also has a ‘full’ scan mode which requires use of the Gravityscan Accelerator. The Accelerator is an agent that Gravityscan communicates with on your site. Some security settings can interfere with that communication and may cause inconsistent results. To fix this and to get the most out of Gravityscan, we suggest that you whitelist our IP range:
Note that some cloud WAF providers like Cloudflare don’t let you whitelist a /27 network. In the case of Cloudflare you need to whitelist 18.104.22.168/24. Unfortunately this is a slightly bigger IP block that extends outside our own IP range, but this is a problem with Cloudflare that we have no control over. Whitelisting this range will will ensure that Gravityscan has full access to your sites and can accurately report it’s findings to you.
We have also tested Gravityscan with various cloud WAF providers as well and we provide specific instructions here for some providers.
Gravityscan is whitelisted in Wordfence by default. This means that Gravityscan will not be subject to rate limiting rules or Country Blocking. However, the Wordfence Firewall is strict and does not allow general whitelisting by design. If you want to manually whitelist Gravityscans IP range in Wordfence to avoid Firewall blocks, use the option “Whitelisted IP addresses that bypass all rules” and enter the Gravityscan IP range in this format:
In some cases, .htaccess rules will cause issues for the gravity agent. This has been noticed with the Bulletproof security wordpress plugin. To bypass this, you will need to
1) make a backup copy of their .htaccess file
2) add this line to the top of their current .htaccess to allow it to process correctly:
RewriteRule ^gravityscan-agent-xxxxx\.php$ – [L]
Be sure to replace the “gravityscan-agent-xxxxx\.php” with the actual name of the file on your server.