To enhance and make our routing more efficient, we have acquired additional IP Blocks. Please, make sure that you have following blocks white listed in your firewall system(s) in order to prevent any 502 response codes being generated unexpectedly.

You can download full list of ip addresses in text file/format formed in a single column.

108.161.176.0/20 64.125.78.224/27 185.18.207.64/26 119.81.131.130/32
94.46.144.0/20 64.125.102.32/27 50.31.249.224/27 119.81.131.131/32
146.88.128.0/20 64.125.102.64/27 50.31.251.32/28 216.12.211.59/32
198.232.124.0/22 64.125.102.96/27 119.81.42.192/27 216.12.211.60/32
23.111.8.0/22 94.31.27.64/27 119.81.104.96/28 37.58.110.67/32
217.22.28.0/22 94.31.33.128/27 119.81.67.8/29 37.58.110.68/32
64.125.76.64/27 94.31.33.160/27 119.81.0.104/30 158.85.206.228/32
64.125.76.96/27 94.31.33.192/27 119.81.1.144/30 158.85.206.231/32
64.125.78.96/27 94.31.56.160/27 27.50.77.226/32 174.36.204.195/32
64.125.78.192/27 177.54.148.0/24 27.50.79.130/32 174.36.204.196/32
151.139.0.0/19 94.46.144.0/21 103.66.28.0/22 103.228.104.0/22

 

Complete iptables list

iptables -I INPUT -s 108.161.176.0/20 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.46.144.0/20 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 146.88.128.0/20 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 198.232.124.0/22 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 23.111.8.0/22 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 217.22.28.0/22 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.76.64/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.76.96/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.78.96/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.78.192/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.78.224/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.102.32/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.102.64/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.102.96/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.31.27.64/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.31.33.128/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.31.33.160/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.31.33.192/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.31.56.160/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 177.54.148.0/24 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 185.18.207.64/26 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 50.31.249.224/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 50.31.251.32/28 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 119.81.42.192/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 119.81.104.96/28 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 119.81.67.8/29 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 119.81.0.104/30 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 119.81.1.144/30 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 27.50.77.226/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 27.50.79.130/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 119.81.131.130/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 119.81.131.131/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 216.12.211.59/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 216.12.211.60/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 37.58.110.67/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 37.58.110.68/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 158.85.206.228/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 158.85.206.231/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 174.36.204.195/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 174.36.204.196/32 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 151.139.0.0/19 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.46.144.0/21 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 103.66.28.0/22 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 103.228.104.0/22 -p tcp -m multiport --dports 80,443 -j ACCEPT
  • http://www.culture-and-current-affairs.com/ Mark D Worthen PsyD

    I use WordFence on my WordPress blog. Their instructions for whitelisting IPs state: “Whitelisted IP’s must be separated by commas. You can specify ranges using the following format: 123.23.34.[1-50]”

    I used the online tool that converts CIDR to IP range [http://www.ipaddressguide.com/cidr].

    Here are the results for 108.161.176.0/20:

    108.161.176.0/20
    CIDR Range 108.161.176.0/20
    Netmask 255.255.240.0
    Wildcard Bits 0.0.15.255
    First IP 108.161.176.0
    Last IP 108.161.191.255
    Total Host 4096

    What is the correct format for entering this range into the WordFence form? I am guessing it would be: 108.161.176.[0-255]. Is that correct?

    • Ivan Maria Spadacenta

      Same question for me….

  • Akihiro HARAI

    `185.18.207.65/26` doesn’t seem to be a correct IP range.

    • nikolamaxcdn

      Hello Akihiro,

      Thank you for your finding. The IP range would actually need to be 185.18.207.64/26

      Let us know if you need anything else.

      Regards

  • Rachel

    How do I white list IP address on WordPress?

  • http://www.krishnandusarkar.com/ Krishnandu Sarkar

    Do I need to do anything regarding this if I’m using shared hosting? As I do not have permission to whitelist IP’s in shared hosting

  • Blob Loblaw

    I don’t really understand what any of this means. Is it important, and if so, why? And how do I whitelist these blocks?

    Please understand that not all you customers are techies, so maybe explain it in a bit more in layman’s terms 😉

    • Stefan

      Hello there!

      IP blocks found on this page are used on our edge locations in order to fetch files from your Origin server. To ensure that our datacenters always have access to your files, as a precautionary measure you can whitelist our IP blocks, since firewalls or traffic throttling mechanisms can sometimes block our IP addresses and cause some interruption.

      If you are running any kind of security firewall or plugin, you should whitelist these IP ranges there but I would also recommend providing this article to your hosting provider.

      Please feel free to ask if you have any question. You may come to our live chat for more easier interaction or send us an e-mail to support@maxcdn.com .

  • http://singularity.nl/ Singularity

    What Bob Loblaw says goes for me too.

  • Valerie Maes

    Hi, did I understand correctly I have to whitelist these IP’s in my Sucuri firewall dashboard? I’m having trouble with adding the ranges though. Could you tell me what the correct format is please? When copy in the IP’s as stated above I get an ‘invalid IP’ error. Thanks!

  • Kyle

    This is what wordfence tells me.
    Please make sure you separate your IP addresses with commas. The following whitelisted IP addresses are invalid: 108.161.176.0/20, 94.46.144.0/20146.88.128.0/20198.232.124.0/2223.111.8.0/22217.22.28.0/2264.125.76.64/27, 64.125.76.96/27, 64.125.78.96/27, 64.125.78.192/27, 64.125.78.224/27, 64.125.102.32/27, 64.125.102.64/27, 64.125.102.96/27, 94.31.27.64/27, 94.31.33.128/27, 94.31.33.160/27, 94.31.33.192/27, 94.31.56.160/27, 177.54.148.0/24, 185.18.207.64/26, 50.31.249.224/27, 50.31.251.32/28, 119.81.42.192/27, 119.81.104.96/28, 119.81.67.8/29, 119.81.0.104/30, 119.81.1.144/30, 27.50.77.226/32, 27.50.79.130/32, 119.81.131.130/32, 119.81.131.131/32, 216.12.211.59/32, 216.12.211.60/32, 37.58.110.67/32, 37.58.110.68/32, 158.85.206.228/32, 158.85.206.231/32, 174.36.204.195/32, 174.36.204.196/32, 151.139.0.0/19, 94.46.144.0/21, 103.66.28.0/22, 103.228.104.0/22

  • Rob Dobson

    Hi there, can you please provide this list in IP ranges that can be copied into Wordfence? Thanks in advance.

  • Terry

    MaxCDN you have created a lot of headaches for many users, including me! Us non-techies are struggling with this information.

    I sent in a support request to Wordfence and was basically told to go elsewhere for help. I doubt that Hostgator will be any more cooperative, so I’m stuck.

  • Terry

    I have reformatted the IP list to suit Wordfence, according to the information I have. If anyone knows this is incorrect, please let me (and others) know. Otherwise, just copy this list and paste it into the Wordfence|Options|Other Options “Whitelisted IP addresses that bypass all rules:” box.

    108.161.176.[0-20]
    94.46.144.[0-20]
    146.88.128.[0-20]
    198.232.124.[0-22]
    23.111.8.[0-22]
    217.22.28.[0-22]
    64.125.76.[64-27]
    64.125.76.[96-27]
    64.125.78.[96-27]
    64.125.78.[192-27]
    64.125.78.[224-27]
    64.125.102.[32-27]
    64.125.102.[64-27]
    64.125.102.[96-27]
    94.31.27.[64-27]
    94.31.33.[128-27]
    94.31.33.[160-27]
    94.31.33.[192-27]
    94.31.56.[160-27]
    177.54.148.[0-24]
    185.18.207.[64-26]
    50.31.249.[224-27]
    50.31.251.[32-28]
    119.81.42.[192-27]
    119.81.104.[96-28]
    119.81.67.[8-29]
    119.81.0.[104-30]
    119.81.1.[144-30]
    27.50.77.[226-32]
    27.50.79.[130-32]
    119.81.131.[130-32]
    119.81.131.[131-32]
    216.12.211.[59-32]
    216.12.211.[60-32]
    37.58.110.[67-32]
    37.58.110.[68-32]
    158.85.206.[228-32]
    158.85.206.[231-32]
    174.36.204.[195-32]
    174.36.204.[196-32]
    151.139.0.[0-19]
    94.46.144.[0-21]
    103.66.28.[0-22]
    103.228.104.[0-22]

    • Rob Dobson

      Nice one Terry.

  • Ivan Dabić

    My 2 cents:
    As experience has shown, if your hosting has never blocked MaxCDN you might ignore this article, however, to be safe, let me first explain why is this article here.
    Sometimes, when CDN is purged or higher cache MISS traffic is generated hosting server can potentially think it’s an attack instead of CDN trying to cache all non-cached files asked from it. To prevent any potential blockage you can use above ip blocks and add it in the WHITE list of your:
    1. hosting server firewall
    2. security plugin
    3. WAF system you use to protect the origin

    All of the above systems use different notation thus, confusions can be created. We have composed an example for people who use iptables firewall (most of requests came from clients who use this type of firewall so we created example) but, wordfence or some WAF systems (Web Application Firewalls – like sucuri) expect actual list of ip addresses in list of regex format (comma separated or wildacrd’ed: [0-123]).
    If you need to calculate the ranges you can use this tool: http://www.ipaddressguide.com/cidr or you can contact our support so we can explain the process.

    As you can see, we can’t cover all of the systems out there and their syntax but, given that we had so many different comments on this topic we will make sure to create examples for all mentioned systems in this thread.

    I hope this helped.

    Best!

  • Boian Georgiev

    These are the correct IP ranges for Wordfence:
    (thanks to the CIDR to IP ranges tool)

    108.161.[176-191].[0-255]
    94.46.[144-159].[0-255]
    146.88.[128-143].[0-255]
    198.232.[124-127].[0-255]
    23.111.[8-11].[0-255]
    217.22.[28-31].[0-255]
    64.125.76.[64-95]
    64.125.76.[96-127]
    64.125.78.[96-127]
    64.125.78.[192-223]
    64.125.78.[224-255]
    64.125.102.[32-63]
    64.125.102.[64-95]
    64.125.102.[96-127]
    94.31.27.[64-95]
    94.31.33.[128-159]
    94.31.33.[160-191]
    94.31.33.[192-223]
    94.31.56.[160-191]
    177.54.148.[0-255]
    185.18.207.[64-127]
    50.31.249.[224-255]
    50.31.251.[32-47]
    119.81.42.[192-223]
    119.81.104.[96-111]
    119.81.67.[8-15]
    119.81.0.[104-107]
    119.81.1.[144-147]
    27.50.77.226
    27.50.79.130
    119.81.131.130
    119.81.131.131
    216.12.211.59
    216.12.211.60
    37.58.110.67
    37.58.110.68
    158.85.206.228
    158.85.206.231
    174.36.204.195
    174.36.204.196
    151.139.[0-31].[0-255]
    94.46.[144-151].[0-255]
    103.66.[28-31].[0-255]
    103.228.[104-107].[0-255]

  • Sreekandh Balakrishnan

    Wont the following be the right format for Wordfence ? Am not sure. Pasting it here to get more feedback on the same.

    108.161.[176-191].[0-255]
    94.46.[144-159].[0-255]
    146.88.[128-143].[0-255]
    192.232.[124-127].[0-255]
    23.111.[8-11].[0-255]
    217.22.[28-31].[0-255]
    64.125.76.[64-95]
    64.125.76.[96-127]
    64.125.78.[96-127]
    64.125.78.[192-223]
    64.125.78.[224-255]
    64.125.102.[32-63]
    64.125.102.[64-95]
    64.125.102.[96-127]
    94.31.27.[64-95]
    94.31.33.[128-159]
    94.31.33.[160-191]
    94.31.33.[192-223]
    94.31.56.[160-191]
    177.54.148.[0-255]
    185.18.207.[64-127]
    50.31.249.[224-255]
    50.31.251.[32-47]
    119.81.42.[192-223]
    119.81.104.[96-111]
    119.81.67.[8-15]
    119.81.0.[104-107]
    119.81.1.[144-147]
    27.50.77.[226-226]
    27.50.79.[130-130]
    119.81.131.[130-130]
    119.81.131.[131-131]
    216.12.211.[59-59]
    216.12.211.[60-60]
    37.58.110.[67-67]
    37.58.110.[68-68]
    158.85.206.[228-228]
    158.85.296.[231-231]
    174.36.204.[195-195]
    174.36.204.[196-196]
    151.139.[0-31].[0-255]
    94.46.[144-151].[0-255]
    103.66.[28-31].[0-255]
    103.228.[104-107].[0-255]

  • HipHopFan

    So I have to whitelist all of these ips in cloudflare alot to whitelist I wish I coulold do it all at once thanks.

    • Stefan

      Hello there. Thanks for reaching out to us!

      Can you please e-mail us at support@maxcdn.com or start a live chat directly from our website so we can review this case thoroughly. It is possible that your issue is not related to IP tables.

      Please keep us updated.

  • https://www.salobby.net Adzkii

    hello, do we have too add these to our cloudflare firewall or is it okay?

    • Bojan

      Hey, whitelisting of newly added IP addresses is only needed if you already have some firewall rules in place on your server. If you don’t have them, you can safely ignore this message, but if you are managing any firewall rules on your server and have a specific list of IP’s that can access your website and hosting server, you can double check the IP addresses there with the IP’s from our updated list.