Unable to access ZAP API remotely

[Zhafran]

Hi, 

We have installed ZAP within a Linux Desktop and we already tested the API within localhost by accessing "localhost:[port]". So far the API works fine, however when we try to access the API from a remote host using "[ZAP machine IP]:[port]" we could not get a connection. The browser from the remote host return us "This site can’t be reached" 

We already add the remote host IP address into list of permitted address to use API, and we also checked that both machine can ping with each other.

[thc...@gmail.com]

Hi.

Did you check ZAP logs? Does ZAP know that the IP being used is itself?

For the latter see Aliases:
https://www.zaproxy.org/docs/desktop/addons/network/options/localservers/#aliases


Best regards.

[Simon Bennetts]

Just to double check - you have looked at https://www.zaproxy.org/faq/how-can-i-connect-to-zap-remotely/ ?

[Zhafran]

Yes we already looked at  https://www.zaproxy.org/faq/how-can-i-connect-to-zap-remotely/

As for the ZAP logs, we already enable API logging, however we didn't get any logs related to the API when accessing from remote machine.

(for your context we are using Public IP to access the API)

For the Aliases we added the public IP of the machine where the ZAP is installed, however so far we still could not connect to the ZAP API from remote machine.

[Zhafran]

Hello,

After some troubleshooting, we found out that the issue was actually a misconfiguration, overall we did these 3 things to make it work:

• Add remote host IP to API IP list
• Configure aliases to ZAP machine IP
• Add ZAP machine IP Local Servers/Proxies

Thank You.

[Simon Bennetts]

Thanks for letting us know!