Infrastructure Hygiene
120 points total
Examines the health and exposure of your internet-facing infrastructure — subdomain resolution, dangling CNAMEs, stale DNS records, WAF/CDN coverage, origin IP exposure, and HTTPS consistency.
Checks
| Check | Weight | What it measures |
|---|---|---|
Dangling CNAME Detection subdomain_dangling_cname | 35 pts | Identifies CNAME records pointing to deprovisioned services, which are vulnerable to subdomain takeover. |
Stale A Record Detection stale_a_record_detection | 25 pts | Detects A records pointing to IP addresses that no longer serve content or return errors. |
Subdomain Resolution subdomain_resolution | 20 pts | Resolves discovered subdomains and assesses the overall health of subdomain DNS. |
WAF/CDN Detection waf_cdn_detection | 15 pts | Checks whether web-facing hosts are served through a WAF or CDN, indicating a protection layer. |
Origin IP Exposure origin_ip_exposure | 15 pts | Checks whether the real origin server IP is exposed despite WAF/CDN usage, allowing direct access. |
HTTPS Consistency https_consistency | 10 pts | Verifies that all discovered hosts consistently serve traffic over HTTPS. |
Pass / Warn / Fail Logic
Dangling CNAME Detection
Pass if no dangling CNAMEs; fail if any are detected.
Stale A Record Detection
Pass if all A records resolve to active hosts; fail if stale records found.
Subdomain Resolution
Pass if subdomains resolve normally; warn/fail on resolution anomalies.
WAF/CDN Detection
Pass if WAF/CDN detected on all hosts; warn on partial coverage; fail on none.
Origin IP Exposure
Pass if origin is not exposed; fail if origin IP is directly reachable.
HTTPS Consistency
Pass if all hosts use HTTPS; warn on mixed; fail on HTTP-only.
Findings & How to Fix Them
These are the specific findings RedScore may report for this category, along with remediation guidance.
origin_ip_exposedConfigure your WAF/CDN to prevent direct access to origin server IPs. Restrict origin firewall rules to only accept traffic from your CDN's IP ranges.
no_httpsEnable HTTPS on all internet-facing hosts. Use automated certificate issuance (e.g. Let's Encrypt) if cost is a concern.
mixed_scheme_infrastructureStandardize all hosts on HTTPS and redirect HTTP to HTTPS. Ensure certificates are valid on every endpoint.
no_waf_cdn_detectedPlace web-facing hosts behind a WAF or CDN to add a protection layer and reduce direct exposure.
infra_probe_missingEnsure that infrastructure hosts are reachable for scanning. Unreachable hosts cannot be evaluated.
partial_waf_coverageExtend WAF/CDN coverage to all public-facing hosts, not just the primary site.