FixWeb

// docs / domains

Ama-domain

A domain is a verified hostname you own. Verifying once unlocks owner-depth scans, scheduled re-scans, and live website monitoring on that hostname.

Ukuqinisekisa i-domain

Engeza i-hostname ku-Dashboard β†’ Domains. Khetha enye yezindlela ezimbili zokuqinisekisa:

  • DNS TXT β€” engeza i-record ku-_fixweb.<hostname> enetoken esiyikhiqizayo. Siyiresolve kabusha kusuka server yethu, hhayi kweyakho, ngakho izilungiselelo ze-SPF / DMARC aziphazamisi. Ukusabalala okuvamile: imizuzu engu-1-5; sihlola kabusha njalo ngemizuzwana engu-30 imizuzu engu-10.
  • Ifayela le-HTTP β€” hosta ifayela lombhalo elincane ku-/.well-known/fixweb-verification.txt elinetoken. Siyalifetch nge-HTTPS ngendlela yesicelo evikelwe ku-SSRF.

Ukuqinisekisa kuhlolwa kabusha nsuku zonke yi-cron ye-domain-reverify. Uma i-domain ebikade iqinisekisiwe iyeka ukuresolve token (isib. ususe i-DNS record), ukuqinisekiswa kuyahoxiswa futhi ukuskena okusebenzayo kuyo kubuyela ku-verify_required uze uyengeze futhi.

Ukuskena kabusha okuhleliwe Pro+

Uhlelo lwe-Pro lungaphinde lihlole isizinda esiqinisekisiwe ngamadensi we β‰₯3h; uhlelo lwe-Unlimited nge-β‰₯1h. Vula I-Dashboard β†’ Izizinda β†’ Ishedyuli, vula i-toggle, khetha idensi:

  • 1 ihora β€” itholakala kuphela kuhlelo lwe-Unlimited
  • 3h, 6h, 12h, nsuku zonke, njalo ezinsukwini 2, masonto onke

Ku-cron tick ngayinye (njalo ngemizuzu engu-15) i-scheduler ithatha amashejuli asefikile, iwaclaim nge-optimistic compare-and-swap ku-next_run_at (ukuze ama-cron amabili angakwazi uku-enqueue kabili), yandise i-counter yakho yokusebenzisa ukuskena, bese i-enqueue ukuskena okusha okuthule. Ukuskena kuzuza i-attestation yakho ye-domain-verification β€” awu-attest kabusha ku-run ngayinye β€” ngakho khubaza ishejuli ukuze uyihoxise.

Uma sekuqediwe, i-email ye-scan-completed ithunyelwa isebenzisa preference ye-scheduled_scan_email (yiphatha ku-Account β†’ Settings).

Ukutholwa kwezinsongo bukhoma Unlimited+

Uhlelo lwe-Unlimited libuka ngokuzenzakalelayo zonke izizinda eziqinisekisiwe ngamasignali amathathu phakathi kwama-skena ahlelelwe:

  • Certificate transparency β€” njalo ngemizuzu engu-30 sibuza i-crt.sh nge-certs ezintsha eziqukethe i-hostname yakho noma noma iyiphi i-subdomain. Ama-certs amasha adala alert ye-new_certificate.
  • DNS diff β€” njalo ngemizuzu engu-30 siresolve A, AAAA, MX, TXT, NS, CNAME bese siqhathanisa ne-snapshot yokugcina. Izinguquko zidala alert ye-dns_change.
  • Threat-intel β€” njalo ngehora sihlola i-Spamhaus DBL ne-URLhaus ngezinhlu ze-apex hostname. Izinhlu zidala alert ye-threat_intel_listing.

Ama-alerts adedupe nge-signature ye-content-hash ukuze ukuthola ushintsho olufanayo futhi kungaphinde kudubule. Buka / dismiss alerts ku-Dashboard β†’ Domains β†’ [domain] β†’ Monitor. Izaziso ze-email zilandela i-pref ye-threat_alert_email.

Ukugcinwa kwama-snapshot

Ama-monitor snapshots aprunwa ngokuzenzakalelayo ngemva kwezinsuku 7, ngaphandle kwe-baseline yakamuva kakhulu ku-pair ngayinye ye-(domain, signal-type) β€” yona ihlala kungakhathaliseki iminyaka ukuze i-diff elandelayo ibe ilungile. Ama-alerts adismissiwe apurge ngemva kwezinsuku 90.

Qalisa kusuka ku-API noma MCP

Ukuphathwa kwama-domain okwamanje kuyi-UI-only β€” akukho API surface yokuqinisekisa noma ukushintsha amashejuli. Ukuqala ukuskena kwi-domain esivele iqinisekisiwe nge-API, sebenzisa POST /api/v1/scans:

curl
curl -X POST https://fixweb.app/api/v1/scans \
  -H "Authorization: Bearer fxw_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://example.com"}'
Ama-domain β€” Docs Β· FixWeb