Go to All Forums

Toronto probe using source IPs not listed on the published monitoring IP page

Hi!

  We monitor a website from the Toronto – CA location. Our origin sits behind a WAF/CDN, and we allowlist your published monitoring source IPs so your probes aren't blocked.

  We reference this page for the current IP list:
  https://www.site24x7.com/multi-location-web-site-monitoring.html

  Recently our monitor went DOWN with the reason "This url is forbidden." This is a WAF block, which means the probe reached us from a source IP that is not on the published list for the Toronto location.

  From our logs, the probe appeared to originate from addresses such as 2600:3c04::f03c:92ff:fe3e:a3d8, 2001:19c0:1::3102, 2001:19c0:1::2802, or 2602:fec3:200::2. We can't be certain these are yours, precisely because they are not listed on the page above.

  Could you please:

  1. Update the published page with the complete, current set of source IPs for the Toronto – CA location, and
  2. Confirm whether you maintain a canonical, machine-readable list (e.g. JSON/API) we can pull so our allowlist stays in sync as your probe IPs change.

  This would let us keep your probes allowlisted and avoid false DOWN alerts. Thanks!

Like (1) Reply
Replies (1)

Hi Guillaume,

Thank you for bringing this to our attention.

The below IPv6 addresses are associated with the Toronto – CA monitoring location:

2600:3c04::f03c:92ff:fe3e
2001:19c0:1::2802
2001:19c0:1::3102

A few servers in the Toronto location are configured with a dual IP stack setup, where both IPv4 and IPv6 are enabled. Currently, only the IPv4 addresses are published on the monitoring source IP page.

For browser-based monitoring types such as RBM or WPA, the browser may resolve the domain using either IPv4 or IPv6 when both are available, which could explain the observed WAF block.

The possibility of either disabling the IPv6 stack on those servers or updating the published page with the IPv6 addresses is being evaluated. Additionally, the request regarding a canonical machine-readable IP list (JSON/API) has been noted for further review.

Regards,
Jenzo
Site24x7
Like (0) Reply
Was this post helpful?

Statistics

1 Replies
89 Views
0 Followers

Tags