https://discord.cloudflare.com logo
Join Discord
Powered by
What IPs do I whitelist for API connection?
# pages-help
m
I am working with a third party and they have requested my page's server's IP address for an API connection setup. I am using Cloudflare Pages so my page does not have a static IP (right?). I told them this and they told me to send them all the IP addresses that my website connection could be coming from. I have found this website (https://www.cloudflare.com/en-gb/ips/) but I do not think it is exhaustive. When I use 
nslookup
or 
host
in terminal, I get 188.114.96.13 and 188.114.97.13 as my page's IP addresses. There seem to be A records point my page to these IP addresses, I'm guessing CF is automatically adding these? By using 
nslookup
and 
dig
I also get 8.8.8.8#53 as my server address, whatever that is. By using who.is, however, I can see that there's A record pointing to two completely different IP addresses: 104.21.44.210 and 172.67.203.182. Neither of these are found in the ip tables linked above. All the API does is return an XML of a list of products. Ideally I wouldn't fetch this file every time the page loads. Would a worker be more useful in that case (fetch from the API through a worker, store the parsed data in a Cloudflare Workers KV namespace, render stored data to the page)? And if so, what IP or IP ranges would the worker be requesting from?
h
The IP ranges posted above are a list of Cloudflare's Egress IP ranges(i.e. the IPs Cloudflare will use to access your backend if you add an A/AAAA record, for example). IIRC, Cloudflare doesn't publish a list of its ingress IPs anywhere, so you could either update the whitelist from the ones you get from the A/AAAA record lookup, or whitelist the entirety of https://bgp.tools/as/13335
w
You shouldn't need ingress since well, this is requests to an API. Egress IPs + the Worker IP is good
h
Oh, I thought they needed to whitelist the Ingress IPs since their firewall would block browsers on the network from connecting to non-trusted IPs. Is this not what they meant?
m
And what are the egress IPs cloudflare would assign to my worker?
w
Any of the IPs on that page
Or the Worker IP in some cases
h
Doesn’t Workers run through Egress IPs too?
Or wait
I’m confuzzled now…
w
Yes exactly my point
m
And is that list exhaustive? I also don't know how to get my worker IP.
w
Yes.
Worker IP is 
2a06:98c0:3600::103
m
I somehow missed this message. So basically the IP ranges I posted are IPs CF will use to send requests outwards?
w
Yes
PreviousNext
Powered by