How to Run a Vulnerability Scan or Pentest on a Private Staging Environment That Requires VPN Access?

Last updated: June 6, 2026

Yes, Astra fully supports vulnerability scanning and penetration testing on private staging environments that require VPN access. Here's how to get set up.

Step 1: Whitelist Astra's Scanner IP Addresses

To allow Astra's scanner to access your private environment, you'll need to whitelist Astra's IP addresses in your VPN or firewall configuration. The full list of Astra's scanner IP addresses can be found in the [Astra IP Ranges] help article.

All requests originating from Astra's scanner will exclusively use this defined set of static IPs, 

making it straightforward to configure access rules in your environment.

Step 2: Configure Access for the Scanner

Depending on how your private environment is secured, you may need to apply one or more of the following configurations:

HTTP Basic Authentication

If your staging environment is protected with HTTP Basic Authentication, you can pass the credentials directly in the target URL using the following format:

https://username:password@yourstagingdomain.com

Custom HTTP Header

If you prefer not to expose credentials in the URL, you can configure a custom HTTP header token instead:

  1. Navigate to the Target Settings page in your Astra dashboard.

  2. Go to Advanced SettingsExtra HTTP Headers.

  3. Add a custom header name and a secure token value.

  4. Update your staging environment's access rules to allow requests containing this header.

This ensures that only Astra's scanner, which will include the custom header in every request, can access the restricted environment.

Step 3: Inform Our Team of Any Special Requirements

If your staging environment has any specific configurations, restrictions, or requirements that may affect the scan, please let our team know in advance. You can do this by:

  • Adding details in the Additional Notes section during target setup

  • Creating a support ticket from your Astra dashboard

Need Help?

If you have any questions or need further assistance with setting up access for a private staging environment, please reach out to our support team by raising a ticket from your Astra dashboard or contacting your account manager directly.