What does a network config scanner check?

It reviews web server, reverse proxy, and firewall configs for overly permissive rules and missing encryption.

Which network formats does misconfigs support?

NGINX, Apache, HAProxy, Envoy-style configs, iptables, and related .conf or .yaml files.

NGINX & network config scanner
before misconfigs reach production.

Upload firewall rules, NGINX, Apache, HAProxy, Envoy, load balancer, and reverse proxy configs. network auto-detects the format and scans for any-any rules, missing TLS, weak ciphers, exposed admin interfaces, and internal service exposure — plus intent vs. reality gaps where names claim internal-only access but rules allow any source.

Run security scan Learn more API quickstart

7 Scanners

.conf · .cfg · .yaml Formats

PDF Assessment report

What we scan

Firewall Rule Scanner

Any-any rules, exposed management ports, and shadowed deny rules in iptables, cloud SGs, and UFW configs.

NGX

NGINX Scanner

Missing TLS, internal service exposure via proxy_pass, dangerous rewrites, and missing security headers.

APA

Apache Scanner

Directory listing, weak TLS protocols/ciphers, and missing security headers in VirtualHost configs.

HAP

HAProxy Scanner

Insecure frontend binds, exposed stats/admin interfaces, and weak cipher configuration.

Load Balancer Scanner

Weak ciphers, plaintext listeners, and open admin endpoints on ELB/ALB and similar configs.

RPX

Reverse Proxy Scanner

Internal application exposure through public proxies and TLS termination issues on upstream connections.

Envoy Scanner

Admin interface exposure, missing TLS on listeners, insecure CORS, and excessive X-Forwarded-For trust.

API quickstart

Scan via REST with your API key — same engines as the upload form.

Endpoints

NGINX Firewall Apache HAProxy LB Proxy Envoy

Example request

curl -X POST "http://api.misconfigs.com/api/v1/network?format=json&fail_on=critical,high" \
  -H "X-API-Key: mc_your_key" \
  -F "file=@sample/network/nginx-bad.conf"

Run a network security scan

Upload firewall, web server, proxy, or load balancer configs — or zip them together

Drag & drop your network configs here

iptables · NGINX · Apache · HAProxy · Envoy · LB · .zip · max 10 MB

Ignore markdown files (README.md, etc.)

Automated scans only — not a penetration test, compliance audit, or professional security advice. Results may contain false positives or miss issues. You are responsible for validating findings before acting. Terms · Privacy

The optional scan assistant and Explain actions use Google Gemini (a third-party AI). Responses are generated automatically and may be inaccurate or incomplete — not security, legal, or professional advice. Chat sends finding details, scan summaries, and your messages to Google for processing. Do not include secrets you cannot afford to disclose. Official Terms (AI section) and Privacy Policy (AI section) are the source of truth, not assistant replies.

NGINX & network config scannerbefore misconfigs reach production.