Overview
To ensure MindFort can properly assess your web applications, you need to whitelist our IP addresses in your Web Application Firewall (WAF). This prevents the WAF from blocking our security testing traffic, allowing us to test your actual application instead of your security perimeter.Important: Whitelisting MindFort IPs allows our security assessments to bypass WAF protection and test your underlying application. This is intentional - we want to test your app’s security, not your WAF’s effectiveness.
MindFort IP Addresses
Add these IP addresses to your WAF allowlist:- 54.201.16.113
- 54.245.116.141
- 44.241.142.189
Always verify the current IP list in your MindFort dashboard at Settings > WAF Configuration before making changes.
Cloudflare WAF Configuration
Cloudflare offers two methods for IP whitelisting. We recommend IP Access Rules for simplicity.Method 1: IP Access Rules (Recommended)
1
Access Security Settings
- New Dashboard: Go to Security → Security rules → Create rule → IP access rules
- Classic Dashboard: Navigate to Security → WAF → Tools → IP Access Rules
2
Add MindFort IPs
For each MindFort IP address:
- Value: Enter the IP address with
/32suffix (e.g.,54.201.16.113/32) - Action: Select “Allow”
- Zone: Choose “This website” (or appropriate zone)
- Note: Add “MindFort Security Assessment” for reference
- Click “Add” or “Create”
3
Verify Configuration
Confirm all three IP addresses are listed with “Allow” action
Method 2: WAF Custom Rules (Advanced)
For more granular control:1
Create IP List
- Go to Manage Account → Configurations → Lists
- Create a new IP list named “MindFort Assessment IPs”
- Add all three MindFort IP addresses
2
Create Custom Rule
- Navigate to Security → WAF → Custom rules
- Create rule with field: “IP Source Address”
- Operator: “is in list”
- Value: Select your MindFort IP list
- Action: “Skip” → Select relevant rule types
Rule Placement: Ensure IP access rules or custom rules are positioned before other blocking rules to take precedence.
AWS WAF Configuration
AWS WAF uses IP sets and rules to manage IP-based access control.Step 1: Create IP Set
1
Open AWS WAF Console
Navigate to the AWS WAF console and select your region
2
Create IP Set
- Go to IP sets → Create IP set
- Name:
mindfort-assessment-ips - Description: “MindFort Security Assessment IP Addresses”
- Region: Choose Global (CloudFront) or specific region
- IP Version: IPv4
3
Add IP Addresses
In the IP addresses text box, enter each IP with
/32 notation:4
Review and Create
Verify the configuration and click “Create IP set”
Step 2: Create WAF Rule
1
Access Web ACL
- Go to Web ACLs and select your web ACL
- Click “Rules” tab → “Add rules” → “Add my own rules and rule groups”
2
Configure Rule
- Rule type: Rule builder
- Name:
allow-mindfort-assessment - Type: Regular rule
3
Set Conditions
- If a request: matches the statement
- Inspect: Source IP address
- Match type: Originates from an IP address in
- IP address to match: Select your
mindfort-assessment-ipsIP set
4
Configure Action
- Action: Allow
- Priority: Set to 0 or low number (high priority)
- Click “Add rule”
Priority Matters: AWS WAF evaluates rules by priority (lowest number first). Ensure your allow rule has higher priority than blocking rules.
Alternative: Bypass Specific Rules
For more targeted control, use the Skip action instead of Allow:- Action: Count or Skip
- Skip: Select specific managed rule groups to bypass
- This allows MindFort through specific protections while maintaining others
Vercel WAF Configuration
Vercel offers different IP management approaches based on your plan and requirements.Method 1: Project-Level IP Allowlist (All Plans)
1
Access Project Settings
- Go to your Vercel project dashboard
- Navigate to Settings → Firewall
2
Configure Firewall Rules
- Click “Configure” under WAF settings
- Select “Custom Rules” for IP-based access
3
Create Allow Rule
For each MindFort IP:
- Field: IP Address
- Operator: equals
- Value: Enter IP address (e.g.,
54.201.16.113) - Action: Allow
- Add Host if targeting specific domains
Method 2: Trusted IPs (Enterprise Only)
For Enterprise plans, use Trusted IPs for more comprehensive control:1
Access Team Settings
- Go to Team Dashboard → Settings → Security
- Find “Trusted IPs” section
2
Configure Trusted IPs
- Add each MindFort IP address
- Specify applicable deployment environments
- Choose “Add to existing allowlist” option
3
Apply to Deployments
- Select relevant deployments or apply globally
- Save configuration changes
Vercel Recommendation: For complex IP-based rules, Vercel recommends using Custom Rules rather than simple IP blocking for better flexibility.
Method 3: Account-Level Configuration (Enterprise)
1
Account-Level Access
- Navigate to Team Settings → Firewall
- Access Account-level IP Blocking
2
Create Allow Ruleset
- Create new rule set for MindFort IPs
- Add IP addresses with “Allow” action
- Specify target hosts/domains
Verification and Testing
Test WAF Configuration
After configuring your WAF, verify the setup:1
Initiate Test Assessment
- Start a Turbo assessment in MindFort
- Monitor for immediate connectivity
2
Check WAF Logs
- Review your WAF logs for MindFort IP traffic
- Ensure requests are allowed rather than blocked
- Look for successful assessment activity
3
Monitor Assessment Progress
- Confirm assessment progresses normally
- Watch for any stuck or cancelled assessments
- Check findings are being discovered appropriately
Common Issues and Solutions
Assessment Still Blocked
Symptoms: Assessment gets stuck, no progress, or fails immediately Solutions:- Verify IP addresses are entered correctly with proper CIDR notation
- Check rule priority - allow rules must come before block rules
- Confirm rules are applied to correct domains/zones
- Review WAF logs for continued blocking events
Partial Assessment Coverage
Symptoms: Assessment completes but finds fewer issues than expected Solutions:- Ensure all three MindFort IPs are whitelisted
- Verify rules apply to all relevant subdomains
- Check if additional security layers (CDN, load balancer) need configuration
- Consider Deep assessment method for more comprehensive testing
WAF Logs Show Continued Blocks
Symptoms: WAF logs still show blocked requests from MindFort IPs Solutions:- Double-check IP address accuracy
- Verify rule syntax and configuration
- Ensure proper rule priority/precedence
- Contact MindFort support to confirm current IP addresses
Best Practices
Security Considerations
- Temporary Configuration: Consider if whitelist rules should be temporary or permanent
- Scope Limitation: Apply rules only to specific domains being assessed if possible
- Audit Trail: Document when and why WAF rules were modified
- Regular Review: Periodically verify MindFort IPs haven’t changed
Maintenance
- IP Address Updates: Check for MindFort IP changes quarterly
- Rule Cleanup: Remove temporary rules after assessment completion if desired
- Documentation: Maintain records of WAF modifications for security audits
- Team Communication: Notify security team of assessment schedules and WAF changes
Monitoring
- Assessment Quality: Compare results before/after WAF configuration
- Security Posture: Ensure core WAF protections remain active
- False Positive Reduction: Monitor if proper whitelisting reduces assessment interference
- Performance Impact: Verify WAF rule additions don’t affect site performance
Automation Opportunity: Consider using infrastructure-as-code (Terraform, CloudFormation) to manage WAF rule changes for consistent, repeatable deployments.
Need Help?
If you encounter issues configuring your WAF for MindFort assessments:- Platform Support: Use the in-app chat in MindFort for real-time assistance
- Email Support: Contact support@mindfort.ai with WAF configuration questions
- Documentation: Always verify current IP addresses in Settings > WAF Configuration
Security Reminder: Only whitelist MindFort IPs for applications you own and have authorization to test. Ensure your organization’s security policies permit penetration testing activities.