FixWeb

// docs / domains

Yankuna

A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.

Tabbatar da domain

Ƙara hostname a Dashboard → Domains. Zaɓi ɗaya daga cikin hanyoyin verification biyu:

  • DNS TXT — ƙara record a _fixweb.<hostname> tare da token da muka ƙirƙira. Muna sake resolve shi daga server ɗinmu, ba naka ba, don haka SPF / DMARC settings ba sa tsoma baki. Propagation na yau da kullum: minti 1-5; muna sake dubawa kowane daƙiƙa 30 na minti 10.
  • HTTP file — host ƙaramin text file a /.well-known/fixweb-verification.txt tare da token. Muna fetch ta HTTPS ta hanyar request path mai SSRF guard.

Ana sake duba verifications kullum ta domain-reverify cron. Idan domain da aka riga aka tabbatar ya daina resolve token (misali ka cire DNS record), ana soke verification kuma active scans a kansa suna komawa verify_required har sai ka sake ƙarawa.

Maimaita bincike da aka tsara Pro+

Tsarin Pro zai iya sake duba yankin da aka tabbatar a saurin ≥3h; tsarin Unlimited a ≥1h. Buɗe Dashboard → Yankuna → Jadawali, kunna toggle, zaɓi sauri:

  • Awa 1 — yana samuwa kawai akan tsarin Unlimited
  • 3h, 6h, 12h, kullum, kowane kwanaki 2, kowane mako

A kowane cron tick (kowane minti 15) scheduler yana ɗaukar schedules da lokacinsu ya yi, yana claim su ta optimistic compare-and-swap a kan next_run_at (don crons biyu kada su double-enqueue), yana ƙara scan-usage counter ɗinka, sannan yana enqueue sabon passive scan. Scan ɗin yana gadon domain-verification attestering ɗinka; ba ka sake attest kowane gudu ba, don haka kashe schedule don sokewa.

Idan an kammala, email na scan-completed yana fita ta amfani da preference scheduled_scan_email (sarrafa a Account → Settings).

Gano barazana kai tsaye Unlimited+

Tsarin Unlimited yana sa ido kai tsaye akan kowane yankin da aka tabbatar don sigina uku tsakanin scans da aka tsara:

  • Certificate transparency — kowane minti 30 muna tambayar crt.sh don sabbin certs da ke ɗauke da hostname ɗinka ko kowane subdomain. Sabbin certs suna tayar da alert new_certificate.
  • DNS diff — kowane minti 30 muna resolve A, AAAA, MX, TXT, NS, CNAME sannan mu kwatanta da snapshot na ƙarshe. Canje-canje suna tayar da alert dns_change.
  • Threat-intel — kowane awa muna duba Spamhaus DBL da URLhaus don listings na apex hostname. Listings suna tayar da alert threat_intel_listing.

Alerts suna dedupe ta content-hash signature don sake gano canji ɗaya kada ya sake firing. Duba / dismiss alerts a Dashboard → Domains → [domain] → Monitor. Email notifications suna bin pref threat_alert_email.

Riƙe snapshots

Monitor snapshots suna auto-prune bayan kwanaki 7, sai baseline mafi sabo per (domain, signal-type) pair; wannan yana zama ko da ya tsufa don diff na gaba ya zama daidai. Dismissed alerts suna purge bayan kwanaki 90.

Tayarwa daga API ko MCP

Domain management a yanzu UI-only ne; babu API surface don verification ko sauya schedule. Don fara scan a kan domain da aka riga aka verified ta API, yi amfani da POST /api/v1/scans:

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'
Yankuna — Docs · FixWeb