All Collections
External vulnerability scanning
Allowlisting
What IPs do I need to add to my allowlist?
What IPs do I need to add to my allowlist?

Select your scan region for the exact IPs you need to allow for scanning of your targets

Patrick Craston avatar
Written by Patrick Craston
Updated over a week ago

⚠️ If you use Cloudflare, please follow these instructions for allowlisting

If you are on Essential, only one range needs to be allowlisted: 203.12.218.0/24

If you have geo-fencing in place, please note that *203.12.218.0/24 is a UK-based scanning range we use for all network scanning and web-app/API scanning.
To ensure optimal scanning, UK-based traffic from this IP range must be able to reach your target.


Full list of Intruder's scanning IPs

If you haven't updated your scan region in the portal (we explain how to do that below), then for:

  • Existing customers (pre-May 2023) πŸ‘‰ default regions are London and Frankfurt

  • New customers (post-May 2023) πŸ‘‰ we run a geo-IP check on the first person to login and set the scan region based on that, though the first user is given the option to amend this during onboarding.

If you need it, below is a list of all our scanner IPs, organised by region (for Essential users, you just need to allow one range:: 203.12.218.0/24).

Scan region

IP Ranges

Asia Pacific (Tokyo)

*203.12.218.0/24,

13.115.104.128/25,

35.73.219.128/25

Asia Pacific (Singapore)

*203.12.218.0/24,

13.213.79.0/24,

18.139.204.0/25,

54.255.254.0/26

Asia Pacific (Sydney)

*203.12.218.0/24,

13.210.1.64/26,

3.106.118.128/25,

3.26.100.0/24

Asia Pacific (Mumbai)

*203.12.218.0/24,

3.108.37.0/24

Canada (Central)

*203.12.218.0/24,

3.98.92.0/25,

35.182.14.64/26

Europe (Ireland)

*203.12.218.0/24,

3.251.224.0/24

Europe (London)

*203.12.218.0/24,

18.168.180.128/25,

18.168.224.128/25,

3.9.159.128/25,

35.177.219.0/26

Europe (Frankfurt)

*203.12.218.0/24,

18.194.95.64/26,

3.124.123.128/25,

3.67.7.128/25,

54.93.254.128/26

South America (SΓ£o Paulo)

*203.12.218.0/24,

15.228.125.0/24

US West

*203.12.218.0/24,

13.56.21.128/25,

34.223.64.0/25,

35.82.51.128/25,

35.86.126.0/24,

44.242.181.128/25

US East

*203.12.218.0/24,

34.201.223.128/25,

44.192.244.0/24,

44.206.3.0/24,

54.175.125.192/26,

13.59.252.0/25,

18.116.198.0/24,

3.132.217.0/25

Updating your scan region

The above IPs can also be found in the portal: Settings > Scans > Scan location. To view them just select the region, but to ensure that the scans originate from there, you must hit Save scan region.


FAQs

Where should I add these IPs?

You should add the appropriate IPs to any WAF, IPS or IDS you have enabled.

Some cloud providers might also ask you for the source IPs from which our scans will be originating. You should also consider if you have any additional DDoS Protection Systems, or Web Application Firewalls or Content Delivery Networks that could be applying IPS/IDS technology, for example some edge routers now include this as standard.

Should I add your IPs to my perimeter firewall?

We recommend you add our scanning IPs to the allowlist in any IPS, IDS or WAFs you have enabled; but do not to give us access straight through the perimeter firewall – we don't need to see your internal systems if they aren't normally exposed – we just need to see what's normally accessible from the internet.

What if I have assets in more than one region?

We'd recommend selecting the region where most of your targets are hosted. Don't worry though, it's not an exact science; so long as you allow the IPs for the scan region selected, you should be fine.

What is the purpose of an allowlist?

Our scans rely on checking you for tens of thousands of possible weaknesses - and we do it in as short a space of time as possible (that said, there's no quick way of checking for tens of thousands of things, it still takes a while).

Because of this, our approach to testing is very obvious to any Intrusion Protection Systems and it's highly likely that if our scanner encounters one, we'll be blocked.

The problem with this, is that if we're blocked, we're unable to detect any weaknesses, which could leave you exposed to sneaky attackers who fly under IPS radars by only checking for single weaknesses at a time.

Can scan regions help with geo-fencing?

Yes! All you need to do is select a compatible scan region, hit save and add the required IPs to your allowlist. No longer will our Infrastructure scanners be blocked from reaching your targets.

As above, it's worth noting that our authenticated web application scans originate from a UK-based *203.12.218.0/24 range. If you are running API and/or authenticated web app scans, you will need to ensure that UK-based traffic from this specific IP range, will be able to reach your target.

Did this answer your question?