Use Known IP Addresses in Web App Scanning

Published April 5, 2023 | Last modified April 13, 2026

Objective

This guide describes how to ensure that traffic sent by F5® Distributed Cloud Web App Scanning originates from known static IP addresses.

This option is useful for the following types of scenarios:

  • Scanning web applications and APIs protected by firewalls or security groups that restrict incoming HTTP(S) traffic.
  • Identifying requests sent by F5® Distributed Cloud Web App Scanning in your HTTP server logs.
  • Disabling your web application firewall for traffic sent by F5® Distributed Cloud Web App Scanning.

Known Static IP Addresses

F5® Distributed Cloud Web App Scanning's known static IP addresses are:

  • 34.140.183.146
  • 35.241.176.167
  • 34.77.66.77
  • 34.140.250.140
  • 34.22.187.249
  • 34.76.63.69
  • 35.240.12.220
  • 35.189.201.255
  • 34.140.113.67
  • 34.79.111.124

When scanning your web application, F5® Distributed Cloud Web App Scanning launches a virtual machine in the cloud and requests an ephemeral IP address. Unless you have a specific reason for making use of the known IP addresses, F5 recommends that you leave the option at its default value and allow F5 to use ephemeral IP addresses.

Ephemeral IP Addresses

If you do not enable the option to use the F5 known IP addresses, F5® Distributed Cloud Web App Scanning launches a virtual machine to scan your web application using an IP address from one of the following ranges:

  • 8.34.208.0/23
  • 8.34.211.0/24
  • 8.34.220.0/22
  • 23.251.128.0/20
  • 34.22.112.0/20
  • 34.22.128.0/17
  • 34.34.128.0/18
  • 34.38.0.0/16
  • 34.76.0.0/14
  • 34.118.254.0/23
  • 34.140.0.0/16
  • 35.187.0.0/17
  • 35.187.160.0/19
  • 35.189.192.0/18
  • 35.190.192.0/19
  • 35.195.0.0/16
  • 35.205.0.0/16
  • 35.206.128.0/18
  • 35.210.0.0/16
  • 35.220.96.0/19
  • 35.233.0.0/17
  • 35.240.0.0/17
  • 35.241.128.0/17
  • 35.242.64.0/19
  • 104.155.0.0/17
  • 104.199.0.0/18
  • 104.199.66.0/23
  • 104.199.68.0/22
  • 104.199.72.0/21
  • 104.199.80.0/20
  • 104.199.96.0/20
  • 130.211.48.0/20
  • 130.211.64.0/19
  • 130.211.96.0/20
  • 146.148.2.0/23
  • 146.148.4.0/22
  • 146.148.8.0/21
  • 146.148.16.0/20
  • 146.148.112.0/20
  • 192.158.28.0/22

Using Known IP Addresses

To enable the option of using the F5 known IP addresses when scanning your application, follow the steps below.

Step 1: Log into the Distributed Cloud Web App Scanning Console and navigate to your application.

  1. Log into the Distributed Cloud Web App Scanning Console.

  2. Click on Applications in the menu.

    Figure: Applications

    Figure: Applications

  3. Click on the application you would like configure.

  4. Click Manage.

  5. Click Profiles.

Figure: Profiles

Figure: Profiles

Step 2: Select your test profile and enable known IP addresses.

  1. Select the test profile you would like to configure. If you have not created any additional profiles, the only option is your Default Profile.

  2. Enable the option Use Known IP Address. Next time you start a penetration test of your application, the traffic sent by F5® Distributed Cloud Web App Scanning will originate from one of the known IP addresses.

Figure: Use Known IP Address

Figure: Use Known IP Address

On this page: