FixWeb

// docs / domains

Sehatra

A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.

Fanamarinana domain

Ampio hostname ao amin’ny Dashboard → Domains. Mifidiana iray amin’ny fomba fanamarinana roa:

  • DNS TXT: ampio record ao amin’ny _fixweb.<hostname> miaraka amin’ny token vokarinay. Averinay vahana avy amin’ny server anay izy, fa tsy avy aminao, ka tsy manelingelina ny SPF / DMARC settings. Propagation mahazatra: 1-5 minitra; averinay jerena isaky ny 30 segondra mandritra ny 10 minitra.
  • Rakitra HTTP: apetraho rakitra text kely ao amin’ny /.well-known/fixweb-verification.txt misy ilay token. Alainay amin’ny HTTPS amin’ny request path voaaro amin’ny SSRF.

Averina jerena isan’andro amin’ny cron domain-reverify ny fanamarinana. Raha domain efa voamarina teo aloha no tsy mamaha intsony ilay token (ohatra, nesorinao ny DNS record), esorina ny fanamarinana ary miverina ho verify_required ny scan active aminy mandra-pamerinao azy.

Re-scan voalahatra Pro+

Ny drafitra Pro dia afaka mamerina mitily domain voamarina amin'ny cadence ≥3h; ny drafitra Unlimited amin'ny ≥1h. Sokafy ny Dashboard → Domains → Fandaharam-potoana, alefaso ny toggle, mifidiana cadence:

  • 1 ora — misy ihany amin'ny drafitra Unlimited
  • 3h, 6h, 12h, isan’andro, isaky ny 2 andro, isan-kerinandro

Isaky ny cron tick (isaky ny 15 minitra), maka schedules efa tokony handeha ny scheduler, milaza azy amin’ny optimistic compare-and-swap amin’ny next_run_at (ka tsy afaka mampiditra indroa ny crons roa), mampitombo ny scan-usage counter-nao, ary mampiditra scan passive vaovao. Mandova ny attestation fanamarinana domain-nao ilay scan; tsy mila re-attest isaky ny run ianao, ka vonoy ny schedule raha hanafoana.

Rehefa vita, alefa ny email scan-completed araka ny preference scheduled_scan_email (tantano ao amin’ny Kaonty → Settings).

Fitiliana fandrahonana mivantana Unlimited+

Ny drafitra Unlimited dia manaraka ho azy ny domain voamarina tsirairay ho an'ny famantarana telo eo anelanelan'ireo fitiliana voalamina:

  • Certificate transparency: isaky ny 30 minitra izahay manontany crt.sh hahitana certs vaovao misy ny hostname-nao na subdomain rehetra. Ny certs vaovao dia mamoaka alert new_certificate.
  • DNS diff: isaky ny 30 minitra izahay mamaha A, AAAA, MX, TXT, NS, CNAME ary mampitaha amin’ny snapshot farany. Ny fiovana dia mamoaka alert dns_change.
  • Threat-intel: isaky ny ora izahay mijery Spamhaus DBL sy URLhaus raha voasoratra ao ny apex hostname. Ny lisitra hita dia mamoaka alert threat_intel_listing.

Atao dedupe amin’ny signature content-hash ny alerts ka tsy hamerina handefa alert ny fahitana indray fiovana mitovy. Jereo / esory alerts ao amin’ny Dashboard → Domains → [domain] → Monitor. Manaraka ny preference threat_alert_email ny fampandrenesana email.

Retention an’ny snapshot

Esorina ho azy aorian’ny 7 andro ny monitor snapshots, afa-tsy ny baseline farany indrindra isaky ny pair (domain, signal-type): mijanona io na firy taona aza mba ho marina ny diff manaraka. Esorina aorian’ny 90 andro ny alerts efa dismissed.

Ampandehano avy amin’ny API na MCP

Amin’izao, UI-only ny fitantanana domain: tsy misy API surface ho an’ny fanamarinana na fanovana schedule. Raha hanomboka scan amin’ny domain efa voamarina amin’ny API, ampiasao POST /api/v1/scans:

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'
Sehatra — Docs · FixWeb