FixWeb

// docs / domains

Domains

A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.

Dearbhadh domain

Cuir hostname ris aig Dashboard → Domains. Tagh aon de dhà dhòigh verification:

  • DNS TXT — cuir record aig _fixweb.<hostname> leis an token a ghineas sinn. Re-resolve sinn e bhon fhrithealaiche againn, chan ann bhon fhear agadsa, mar sin cha chuir roghainnean SPF / DMARC bacadh air. Propagation àbhaisteach: 1-5 mionaidean; re-check sinn gach 30 diog airson 10 mionaidean.
  • HTTP file — hostaich text file beag aig /.well-known/fixweb-verification.txt leis an token. Fetch sinn thairis air HTTPS tron request path SSRF-guarded.

Thèid verifications a re-check gach latha leis a' cron domain-reverify. Ma sguireas domain a bha verified roimhe de bhith a' resolve an token (m.e. thug thu air falbh an DNS record), thèid an verification a revoke agus tuitidh active scans na aghaidh air ais gu verify_required gus an cuir thu ris a-rithist e.

Ath-scans clàraichte Pro+

Tha am plana Pro a' coiseachd ath-sgaoileadh fearann dearbhte aig ruitheam ≥3h; tha am plana Unlimited aig ≥1h. Fosgail Deas-bhòrd → Fearainn → Clàr, cuir an toggle air, tagh ruitheam:

  • 1 uair a thìde — ri fhaighinn dìreach air a' phlana Unlimited
  • 3h, 6h, 12h, gach latha, gach 2 latha, gach seachdain

Gach cron tick (gach 15 min) togaidh an scheduler schedules a tha due, claims iad tro optimistic compare-and-swap air next_run_at (gus nach dèan dà chrons double-enqueue), àrdaichidh e do scan-usage counter, agus enqueues scan fulangach ùr. Sealbhaichidh an scan an domain-verification attestation agad — cha dèan thu re-attest gach run — mar sin cuir an schedule dheth gus revoke.

Nuair a chrìochnaicheas e, thèid an email scan-completed a-mach leis a' preference scheduled_scan_email (stiùirich aig Account → Settings).

Lorg bagairtean beò Unlimited+

Tha am plana Unlimited a' coimhead gu fèin-obrachail air gach fearann dearbhte airson trì comharran eadar sganaidhean clàraichte:

  • Certificate transparency — gach 30 mionaid bidh sinn a' ceasnachadh crt.sh airson certs ùra anns a bheil an hostname agad no subdomain sam bith. Lasas certs ùra alert new_certificate.
  • DNS diff — gach 30 mionaid resolve sinn A, AAAA, MX, TXT, NS, CNAME agus coimeasaidh sinn ris an snapshot mu dheireadh. Lasas atharrachaidhean alert dns_change.
  • Threat-intel — gach uair bidh sinn a' sgrùdadh Spamhaus DBL agus URLhaus airson listings den apex hostname. Lasas listings alert threat_intel_listing.

Dedupes alerts air content-hash signature gus nach re-fire an aon atharrachadh ma lorgar a-rithist e. Faic / dismiss alerts aig Dashboard → Domains → [domain] → Monitor. Leanaidh email notifications am pref threat_alert_email.

Gleidheadh snapshots

Auto-prune monitor snapshots às dèidh 7 latha, ach a-mhàin am baseline as ùire gach paidhir (domain, signal-type) — fuirichidh am fear sin ge bith dè an aois gus am bi an ath diff ceart. Purge dismissed alerts às dèidh 90 latha.

Trigger bho API no MCP

Tha domain management UI-only an-dràsta — chan eil API surface ann airson verification no atharrachaidhean schedule. Gus scan a thòiseachadh an aghaidh domain a tha verified mu thràth tro API, cleachd POST /api/v1/scans:

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'
Domains — Docs · FixWeb