1. Home
  2. Docs
  3. Getting Started
  4. Adding QUIC.cloud IPs to Allowlist

Adding QUIC.cloud IPs to Allowlist

QUIC.cloud CDN acts as a proxy service for your domain, and requires access to your origin server for uncached requests. However, various firewalls may potentially block QUIC.cloud IP addresses, either outright, or when making a frequent amount of requests.

To ensure QUIC.cloud is not blocked by your origin server, you’ll need to add the QUIC.cloud IPs to your firewall’s ignore-list or allowlist.

NOTE: This is not a set-it-and-forget-it kind of thing. In order to optimize global performance, we add and remove nodes frequently, which means the list of IP addresses also will change frequently.

Here is the current list, in various formats:

Please keep your server-level and application-level allowlists updated. Some of the firewalls listed below will do this for you, but others require you to manually maintain the list. If you don’t have access to your domain’s firewall solutions, please forward this documentation to your hosting provider.

LiteSpeed Web Server

Starting with v5.4.12 and later, LiteSpeed Web Server will automatically update the QUIC.cloud IPs for you.  If using a different version, we recommend that you add the IPs as “Trusted” in your LiteSpeed WebAdmin Console. Navigate to Configuration > Server > Security, scroll down to Access Control, click the Edit button and add the IPs to the Allowed List. The letter T added after the IP (no space) indicates that it is Trusted. So, your list would look something like this:

ALL,54.252.210.186T,35.178.212.86T,13.233.85.71T,37.120.131.40T,5.134.119.194T

OpenLiteSpeed

Starting with v1.7.13 and later, OpenLiteSpeed will automatically update the QUIC.cloud IPs for you. If using a different version, we recommend that you add the IPs as “Trusted” in your LiteSpeed WebAdmin Console. Navigate to Server Configuration > Security, scroll down to Access Control, click the Edit button and add the IPs to the Allowed List. The letter T added after the IP (no space) indicates that it is Trusted. So, your list would look something like this:

ALL,54.252.210.186T,35.178.212.86T,13.233.85.71T,37.120.131.40T,5.134.119.194T

Imunify360

With Imunify360, the QUIC.cloud IPs are automatically included on the allowlist. You shouldn’t have to do anything manually. To verify, you can find the IPs located in /etc/imunify360-webshield/common-proxies.conf and /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-litespeed/rbl_whitelist.

The latter path may vary depending on the web server and control panel used.

BitNinja

BitNinja maintains a list of allowed IPs, but we recommend you verify that this is actually true for your server. If necessary, you can allow the QUIC.cloud IPs manually.

Config Server Firewall (or) CSF

If CSF is your primary firewall, there are three ways to allow QUIC.cloud IPs:

  1. Add them to the csf.ignore file in the lfd- Login Failure Daemon section within the CSF Dashboard (accessible from the Plugins section in WHM/Plesk).
  2. Add the list directly to the /etc/csf/csf.ignore file, and restart CSF to allow the changes to take effect.
  3. Use our script, either as needed, or on a daily basis via cron.

Other Server-Level Firewalls

You can use cron to schedule a script that will automatically update other server-level firewalls on a daily or at least bi-weekly basis. If you use a server-level firewall not listed here, let us know. We may be able to help automate allowlist updates.

Application-Level Firewalls

Be sure to check any application-level firewalls that may be in use, such as Wordfence or Securi for WordPress. These solutions should include a similar allowlist function, and it may be necessary to add QUIC.cloud IPs.

Status Updates

To keep up on the latest node, IP and other service-related changes:

Tags , ,
Was this article helpful to you? Yes 8 No 2