Whitelisting StackPath's IP blocks ensures StackPath edge servers can pull data from your origin server. Needing to whitelist StackPath's IP's in firewalls and security systems is the most common reason behind 502 errors.
This article will show you how to use the StackPath API to pull the most up to date IP block list at any time. You can use this guide to apply these IPs to the whitelist on your origin.
This guide assumes you have already taken the steps to set up API Access for your StackPath account. StackPath RESTful API calls can be made either directly through a terminal with curl, or your favorite API REST client.
Step 1: Get an Auth Token
This request also requires obtaining an authorization prior to making the call. These tokens expire every hour, so this process will likely need to be repeated with every use of these API Calls.
To obtain your authorization token, generate a POST request toward https://gateway.stackpath.com/identity/v1/oauth2/token with the body that contains the following information:
{
"client_id": "client_id",
"client_secret": "client_secret",
"grant_type": "client_credentials"
}
Remember to replace client_id and client_secret with your actual client id and the sercret key generated when setting up API access
This should produce a response with the following JSON object:
{
"access_token":"this_is_your_token_and_its_around_700_characters",
"token_type":"bearer",
"expires_in":3600
}
This contains your 700 character Authorization token that will be used to validate the request later in this session.
Step 2: Request the CDN and WAF IP List
The CDN and WAF IP blocks can be pulled with a GET request toward https://gateway.stackpath.com/cdn/v1/ips that contain the following header:
Authorization: Bearer <your_access_token>
This should produce a response with the following JSON object, that contains all of the IPs used by the CDN and WAF to pull content from your origin(truncated) :
{
"results": [
"2a0a:e200:1a00::/40",
"2a0a:e200:1c00::/40",
"2a0a:e200:1100:1100::/64",
"2a0a:e200:1100::/40",
"2a0a:e200:1200:1100::/64",
"2a0a:e200:1200::/40",
"2a0a:e200:1300::/40",
"2a0a:e200:1400::/40",
"2a0a:e200:1500::/40",
.... ]
}
You can also adjust the scope for this pull by attached the following queries to the request in order to obtain the information in a format other than JSON, or to separate out the IPV4 and IPV6 addresses using the following:
https://gateway.stackpath.com/cdn/v1/ips?response_type=PLAIN_TEXT - to force the output to plain text format instead of JSON.
https://gateway.stackpath.com/cdn/v1/ips?filter=IPV4 - to specify only IPV4 addresses
https://gateway.stackpath.com/cdn/v1/ips?filter=IPV6 - to specify only IPV6 addresses
Step 3: Request the Monitoring service IPs
When Monitoring is enabled for your stack, the Monitoring service IP address can be pulled with a GET request to
https://gateway.stackpath.com/monitoring/v1/stacks/<stack_id>/locations.
This will also need to be sent with the following header:
Authorization: Bearer <your_access_token>
Remember to replace <stack_id> with your actual Stack ID, this can be found here.
This call should produce a JSON object that lists out every location used by our monitoring service, with information about each location, including the field "ipAdresses" that contains the IP address used to make requests toward your origin.
This will be the in the following format:
...
{
"id": "dal-srv",
"name": "USA: Dallas",
"city": "Dallas",
"country": "USA",
"provider": "StackPath",
"ipAddresses": [
"209.107.216.205",
"209.107.216.206"
]
},
{
"id": "lax-vul",
"name": "USA: Los Angeles",
"city": "Los Angeles",
"country": "USA",
"provider": "Vultr",
"ipAddresses": [
"45.32.69.31",
"45.32.94.5",
"2001:19f0:6000:9301:5400:ff:fe1c:85",
"2001:19f0:6000:95c5:5400:ff:fe1c:88"
]
},
...
You can also call just the locations used by your monitor by making a GET request to
https://gateway.stackpath.com/monitoring/v1/stacks/<stack_id>/http_monitors.
Remember to include the Authorization header:
Authorization: Bearer <your_access_token>
Remember to replace <stack_id> with your actual Stack ID, this can be found here.
This call will return all the information about each monitor in use on your stack, with an included JSON object called "locations" that contains similar formatting as the previous call, but will only include the monitoring locations enabled for your specific monitor:
"results": [
{
"id": "eaf2ffa0-2afb-4351-a344-937bc471bba8",
"remoteId": "5b393a24b03e85ff038b456b",
"name": "Testing",
"url": "https://www.stackpath.com",
"currentStatus": "slow",
"uptime": 1,
"avgResponseTime": 0.37663442459657215,
"method": "GET",
"timeout": 10,
"ipVersion": "IPV4",
"locations": [
{
"id": "fra-edi",
"name": "Germany: Frankfurt",
"city": "Frankfurt",
"country": "Germany",
"provider": "EDIS GmbH",
"ipAddresses": [
"149.154.159.21",
"151.236.15.26",
"2a03:f80:49:149:154:159:21:1",
"2a03:f80:49:151:236:15:26:1"
]
},
...