Skip to content

Adding QUIC.cloud IPs to an Allowlist

QUIC.cloud CDN acts as a proxy service for your domain, and requires access to your origin server for uncached requests. However, various firewalls may potentially block QUIC.cloud IP addresses, either outright, or when making a frequent amount of requests.

To ensure QUIC.cloud is not blocked by your origin server, you'll need to add the QUIC.cloud IPs to your firewall's ignore-list or allowlist.

Important

This is not a set-it-and-forget-it kind of thing. In order to optimize global performance, we add and remove nodes frequently, which means the list of IP addresses also will change frequently.

Here is the current list, in various formats:

Please keep your server-level and application-level allowlists updated. Some of the firewalls listed below will do this for you, but others require you to manually maintain the list. If you don't have access to your domain's firewall solutions, please forward this documentation to your hosting provider.

LiteSpeed Web Server

IP List Automatically Updated

The latest versions of LiteSpeed Web Server will automatically update the QUIC.cloud IPs for you. You don't have to do anything.

v5.4.11 and older

IP List Requires Manual Update

In older versions of LSWS, we recommend that you add the IPs as “Trusted” in your LiteSpeed WebAdmin Console. Navigate to Configuration > Server > Security, scroll down to Access Control, click the Edit button and add the IPs to the Allowed List. The letter T added after the IP (no space) indicates that it is Trusted. So, your list would look something like this:

ALL,54.252.210.186T,35.178.212.86T,13.233.85.71T,37.120.131.40T,5.134.119.194T

OpenLiteSpeed

IP List Automatically Updated

The latest versions of OpenLiteSpeed will automatically update the QUIC.cloud IPs for you. You don't have to do anything.

v1.7.12 and older

IP List Requires Manual Update

In older versions of OLS, we recommend that you add the IPs as “Trusted” in your LiteSpeed WebAdmin Console. Navigate to Server Configuration > Security, scroll down to Access Control, click the Edit button and add the IPs to the Allowed List. The letter T added after the IP (no space) indicates that it is Trusted. So, your list would look something like this:

ALL,54.252.210.186T,35.178.212.86T,13.233.85.71T,37.120.131.40T,5.134.119.194T

Imunify360

IP List Automatically Updated

With Imunify360, the QUIC.cloud IPs are automatically included on the allowlist. You shouldn't have to do anything manually. To verify, you can find the IPs located in /etc/imunify360-webshield/common-proxies.conf and /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-litespeed/rbl_whitelist. The latter path may vary depending on the web server and control panel used.

BitNinja

IP List Automatically Updated, But Should be Verified

BitNinja maintains a list of allowed IPs, but we recommend you verify that this is actually true for your server. If necessary, you can allow the QUIC.cloud IPs manually.

Config Server Firewall (or) CSF

IP List Requires Manual Update

If CSF is your primary firewall, there are three ways to allow QUIC.cloud IPs:

  1. Add them to the csf.ignore file in the lfd- Login Failure Daemon section within the CSF Dashboard (accessible from the Plugins section in WHM/Plesk).
  2. Add the list directly to the /etc/csf/csf.ignore file, and restart CSF to allow the changes to take effect.
  3. Use our script, either as needed, or on a daily basis via cron, like so:
    wget -q https://raw.githubusercontent.com/QuicCloud/scripts/main/csf/csf-auto-update.sh -P /opt/
    chmod +x /opt/csf-auto-update.sh
    0 0 * * * /opt/csf-auto-update.sh
    
    More info here.

Other Server-Level Firewalls

IP List Requires Manual Update

You can use cron to schedule a script that will automatically update other server-level firewalls on a daily or at least bi-weekly basis. If you use a server-level firewall not listed here, let us know. We may be able to help automate allowlist updates.

Wordfence

Requires One-Time Configuration

As of December 2023, you can set QUIC.cloud as a trusted proxy, and Wordfence will automatically update the IP list.

  1. Make sure that you are running the latest version of Wordfence. 
  2. Navigate to General Options, and choose QUIC.cloud in the Trusted Proxies section.
  3. Click Save.

Other Application-Level Firewalls

IP List Requires Manual Update

Be sure to check any application-level firewalls that may be in use, such as Sucuri for WordPress. Such solutions should include a similar allowlist function, and it may be necessary to add QUIC.cloud IPs.

Next Step

If you are currently setting up your CDN for the first time, please see Verify the CDN is Working to continue.


Last update: January 19, 2024