Skip to main content

Well Known IP Ranges

The Well Known IP Ranges integration provides a list of IP address ranges for various service providers.

Example
[
{
"$index": {"cidr": "1.0.0.0/24"},
"id": "1.0.0.0/24",
"as_number": "13335",
"country_code": "US",
"as_name": "CLOUDFLARENET"
},
{
"$index": {"cidr": "1.0.4.0/23"},
"id": "1.0.4.0/23",
"as_number": "38803",
"country_code": "AU",
"as_name": "WPL-AS-AP"
},
{
"$index": {"cidr": "1.0.6.0/23"},
"id": "1.0.6.0/23",
"as_number": "38803",
"country_code": "AU",
"as_name": "WPL-AS-AP"
}
]
caution

The external data sources we provide are meant to be examples and inspiration for users to create their own data sources. We won't maintain these integrations in perpetuity, and changes to the APIs they interact with may break them in the future.

The datasource project is open-source, and if the community wishes to provide contributions to keep it working in the future, we will shepherd those updates.

Install

These instructions assume a local testing environment using Docker Compose. Adjust as needed for your deployment environment.

  1. Add the datasource docker image to Docker Compose:

    services:
    wellknownipranges:
    image: pomerium/datasource:latest
    command:
    - well-known-ips
    ports:
    - 8080:8080
  2. Bring up the new container.

Configure External Data Source

Create an external data source:

  1. In the Pomerium Enterprise Console, navigate to CONFIGUREExternal Data and click + ADD EXTERNAL DATA SOURCE.

  2. Fill out the following fields:

FieldContentNotes
URLhttp://localhost:8080If you configured the service in Docker Compose with a set container name, you can use that instead.
Record typepomerium.io/WellKnownIPRange
Foreign Keyrequest.ip
Polling Min Delay1hMinimum poll interval
Polling Max Delay4hMaximum poll interval

Configure Pomerium Enterprise Console

A policy requiring a well known IP address would look something like this:

WellKnownIPRange Policy in the Builder view

Reference

  • It has an optional flag --address, to change the listening port from the default :8080.