As a user of Qualys WAS, you may occasionally see a scan end with "No Web Service" status. It occurs more commonly when scanning an internal web application using a scanner appliance. This status typically means one of two things.
- The host name could not be resolved to an IP address.
- The specified port on the target host is not listening for HTTP requests.
When you see "No Web Service", the first thing to do is inspect the target URL in your web app profile and verify the host name, domain, and port number are correct (keep in mind the default port is 443 for "https" and 80 for "http"). You may be able to spot the problem right away. If not, the next step is to select "View Report" on the scan and look at QID 150111, which is an informational finding and will have more detail about the nature of the problem. To find QID 150111 in the report, scroll down to the Results section and expand Information Gathered.
Open QID 150111 and you should see one of three different messages:
- "Couldn't resolve host"
- "Port closed"
- "Port service unknown"
Couldn't resolve host - this indicates a DNS problem. The host name was unable to be resolved to an IP address. Without that, the WAS engine has no idea where to send requests and cannot perform the scan. If the host name is correct and you're using a scan appliance, it could mean the DNS settings on the appliance aren't configured properly and need to be adjusted. Or it could mean there is simply no DNS entry for the host name. This latter problem can be solved by using a DNS override within WAS.
Port closed - this means the port on the target host did not respond to HTTP requests from the WAS engine. It could be that the port number in your URL is wrong or that the web server (Apache, IIS, nginx, etc.) was down at the time of the scan. However, this message might also occur if the underlying IP address could not be reached at all. Try doing some basic DNS troubleshooting to see if the host resolves to the IP address you expect. If everything looks correct, the most likely explanation is that the scan appliance you selected for the scan can't reach the target due to the network configuration. This could happen if the scanner and target reside on different VLANs for example. Another possible explanation is that the scanner's requests are being blocked by some sort of device on your network (e.g., a network firewall, web app firewall, or IPS).
Port service unknown - again, this means the port on the target host did not respond to HTTP requests. This message is less common. It means that the target host is up, but the port is running a protocol other than HTTP. Check if you have specified the right port in your web app target URL. You may need to do some basic DNS troubleshooting here as well.
I hope this information has been helpful.