The AcuSensor agent file should be in a location where it can be accessed by the
web server software. Acunetix AcuSensor Technology works on websites using PHP
version 5 and up.
2. There are 2 methods to install the AcuSensor agent, one method can be used for
Apache servers, and the other method can be used for both IIS and Apache servers.
Method 1: Apache .htaccess file
Create a .htaccess file in the website directory and add the following directive:
php_value auto_prepend_file ‘[path to acu_phpaspect.php file]’.
Note: For Windows use ‘C:\sensor\acu_phpaspect.php’ and for Linux use
‘/Sensor/acu_phpaspect.php’ path declaration formats. If Apache does not execute .htaccess
files, it must be configured to do so. Refer to the following configuration guide:
. The above directive can also be
configured in the httpd.conf file.
Method 2: IIS and Apache php.ini
1. Locate the file ‘php.ini’ on the server by using phpinfo() function.
2. Search for the directive auto_prepend_file, and specify the path to the
acu_phpaspect.php file. If the directive does not exist, add it in the php.ini file:
auto_prepend_file=”[path to acu_phpaspect.php file]”
3. Save all changes and restart the web server for the above changes to take effect.
Testing your AcuSensor Agent
To test if the AcuSensor agent is working properly on the target website, do the following:
1. In the Tools Explorer, Navigate to ‘Configuration > Scan Settings’ node and select
the AcuSensor node.
2. Enter the password of the AcuSensor agent file which was copied to the target
3. Click Test AcuSensor installation on a Specific URL. A dialog will prompt you to
submit the URL of the target website where the AcuSensor Agent file is installed.
Enter the desired URL and click OK.
Changing the AcuSensor Password
If you need to change the password used by the AcuSensor agent on your website, you will
need to regenerate the AcuSensor Files and reinstall them on your website.
Perform the following if you are using a .NET website:
1. Use the procedure in the next section to Disable and Uninstall the AcuSensor agent.
2. Configure a new password.
This step can be omitted if you are using Acunetix Online Vulnerability Scanner, since
a new unique and secure password is automatically generated each time the
AcuSensor files are generated. The unique password is stored with the Scan Target’s
3. Click on Generate AcuSensor installation files.
4. Proceed with installing the new AcuSensor files. If you are using a PHP web
application, you will just need to overwrite the old acu_phpaspect.php with the new