-
Notifications
You must be signed in to change notification settings - Fork 797
-
Notifications
You must be signed in to change notification settings - Fork 797
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automattic IP Ranges: offer IP list via API endpoint. #1719
Comments
Our list of IP ranges do change, so I really couldn't recommend whitelisting. Nearly all of our requests do come in with the Plus, you can use the |
Here are the IPs you can use: Overall, we don't suggest this approach since our IP block will change over time, changing the possible IP addresses and this would prevent any of the mobile apps or other desktop clients from working. Alternatively, Jetpack requests are routed to I believe iThemes Security includes an option to block XML-RPC pingback requests only. Since this is the most common vector of attack to XML-RPC today, you could block only that while still allowing other XML-RPC requests from plugins and mobile apps. |
@jeherve I'm not too good at regex, could you maybe share a snippet to effectively match the string, so I can also use that method, rather then IPs? |
@Jany-M This should help: http://www.analyticsmarket.com/freetools/ipregex |
@jeherve I think the link only helps with IP ranges, am I mistaken? I meant a snippet to match the |
That's correct. Overall, we don't recommend that approach though. You can check a possible alternative in my comment above. |
How about a dynamic endpoint somewhere that could be polled? With this, everyone could programatically maintain their whitelists.. 👌 |
I like that idea. That's not on our roadmap right now, but I'll reopen that issue so we can go back to it later. |
Hi! Any news on this request? |
@MarceloPedra `
` |
What's the status of this issue ? As IP range might change over time, any doable solution to block all xml-rpc requests except from automattic? |
We have not made any progress on this, but will update this issue when we do. |
Looks like the IPs have a changed a bit, just posting in case anyone was about to copy from the other list. Only way to know for sure is to go to http://whois.arin.net/rest/org/AUTOM-93/nets Automatic CIDR ranges as of March 20th 2018
Cloudflare offers dynamic plain text endpoints here: https://www.cloudflare.com/ips-v4 +1 to Automatic getting something like this! Thanks. |
+1 A plaintext file like Cloudflare would be extremely useful for automation |
This issue has been marked as stale. This happened because:
No further action is needed. But it's worth checking if this ticket has clear reproduction steps and it is still reproducible. Feel free to close this issue if you think it's not valid anymore — if you do, please add a brief explanation. |
This would be extremely beneficial to hosts trying to help their customers. |
in case anyone's interested, i made a little script that pulls the ip addresses using ARIN's api: stephengroat/clacl@bb0874f |
This issue has been marked as stale. This happened because:
No further action is needed. But it's worth checking if this ticket has clear reproduction steps and it is still reproducible. Feel free to close this issue if you think it's not valid anymore — if you do, please add a brief explanation. |
This page includes details about IPs: https://jetpack.com/support/hosting-faq/ And also mentions two endpoints that can be used: https://jetpack.com/ips-v4.json The caveat noted on the page is important:
|
Thank you! |
This is confusing |
In case that someone comes here via Google and needs the latest lists of official IP addresses:
|
Hello guys. I was under a heavy xmlrpc attack, and had to block access to xmlrpc.php using the iThemes Security plugin. But to allow JetPack to work in the meantime, I allowed this IP range:
My question is: is there any other IP range that should be allowed for JetPack to work properly?
Thank you!
The text was updated successfully, but these errors were encountered: