Use Known IPs in Web App Scanning

Objective

This article describes how to ensure that traffic sent by F5® Distributed Cloud Web App Scanning will originate from known static IP addresses.

This option is useful in the following types of scenarios:

  • Scanning web applications and APIs protected by firewalls or security groups that restrict incoming HTTP(S) traffic.
  • Identifying requests sent by F5® Distributed Cloud Web App Scanning in your HTTP server logs.
  • Disabling your web application firewall for traffic sent by F5® Distributed Cloud Web App Scanning.

F5® Distributed Cloud Web App Scanning's known static IP addresses are:

  • 34.140.183.146
  • 35.241.176.167
  • 34.77.66.77
  • 34.140.250.140
  • 34.22.187.249

When scanning your web application, F5® Distributed Cloud Web App Scanning will launch a virtual machine in the cloud and request an ephemeral IP address. Unless you have a specific reason for making use of our known IP addresses, we recommend leaving the option at its default value and allow us to use ephemeral IP addresses.

List of ephemeral IP addresses

If you do not enable the option to use our known IP addresses, F5® Distributed Cloud Web App Scanning will launch a virtual machine to scan your web application using an IP address from one of the following ranges.

  • 8.34.208.0/23
  • 8.34.211.0/24
  • 8.34.220.0/22
  • 23.251.128.0/20
  • 34.22.112.0/20
  • 34.22.128.0/17
  • 34.34.128.0/18
  • 34.38.0.0/16
  • 34.76.0.0/14
  • 34.118.254.0/23
  • 34.140.0.0/16
  • 35.187.0.0/17
  • 35.187.160.0/19
  • 35.189.192.0/18
  • 35.190.192.0/19
  • 35.195.0.0/16
  • 35.205.0.0/16
  • 35.206.128.0/18
  • 35.210.0.0/16
  • 35.220.96.0/19
  • 35.233.0.0/17
  • 35.240.0.0/17
  • 35.241.128.0/17
  • 35.242.64.0/19
  • 104.155.0.0/17
  • 104.199.0.0/18
  • 104.199.66.0/23
  • 104.199.68.0/22
  • 104.199.72.0/21
  • 104.199.80.0/20
  • 104.199.96.0/20
  • 130.211.48.0/20
  • 130.211.64.0/19
  • 130.211.96.0/20
  • 146.148.2.0/23
  • 146.148.4.0/22
  • 146.148.8.0/21
  • 146.148.16.0/20
  • 146.148.112.0/20
  • 192.158.28.0/22

Using Known IP Addresses

To enable the option of using our known IP addresses when scanning your application, follow the steps outlined below.

Step 1: Log into the Distributed Cloud Web App Scanning Console and navigate to your application.

  1. Log into the Distributed Cloud Web App Scanning Console.

  2. Click on Applications in the menu.

Figure: Applications

Figure: Applications

  1. Click on the application you would like configure.

  2. Click on Manage.

  3. Click on Profiles.

Figure: Profiles

Figure: Profiles

Step 2: Select your test profile and enable Use Known IP Address.

  1. Select the test profile you would like to configure. If you have not created any additional profiles, the only option will be your Default Profile.

  2. Enable the option Use Known IP Address.

Figure: Use Known IP Address

Figure: Use Known IP Address

  1. Next time you start a penetration test of your application, the traffic sent by F5® Distributed Cloud Web App Scanning will originate one of our known IP addresses.
On this page: