Well Known IP Ranges
The Well Known IP Ranges integration provides a list of IP address ranges for various service providers.
[
{
"$index": {"cidr": "1.0.0.0/24"},
"id": "1.0.0.0/24",
"as_number": "13335",
"country_code": "US",
"as_name": "CLOUDFLARENET"
},
{
"$index": {"cidr": "1.0.4.0/23"},
"id": "1.0.4.0/23",
"as_number": "38803",
"country_code": "AU",
"as_name": "WPL-AS-AP"
},
{
"$index": {"cidr": "1.0.6.0/23"},
"id": "1.0.6.0/23",
"as_number": "38803",
"country_code": "AU",
"as_name": "WPL-AS-AP"
}
]
The external data sources we provide are meant to be examples and inspiration for users to create their own data sources. We won't maintain these integrations in perpetuity, and changes to the APIs they interact with may break them in the future.
The datasource project is open-source, and if the community wishes to provide contributions to keep it working in the future, we will shepherd those updates.
Install
- Docker Compose
- Local Binary
These instructions assume a local testing environment using Docker Compose. Adjust as needed for your deployment environment.
-
Add the datasource docker image to Docker Compose:
services:
wellknownipranges:
image: pomerium/datasource:latest
command:
- well-known-ips
ports:
- 8080:8080 -
Bring up the new container.
-
Download the latest release of the Pomerium datasource project and extract it.
-
Change directory and run the binary:
cd datasource-v*
./datasource well-known-ipsThe output should resemble:
<nil> INF starting well-known-ips http server address=:8080 ip2asn-url=https://iptoasn.com/data/ip2asn-v4.tsv.gz
Configure External Data Source
Create an external data source:
-
In the Pomerium Enterprise Console, navigate to CONFIGURE → External Data and click + ADD EXTERNAL DATA SOURCE.
-
Fill out the following fields:
Field | Content | Notes |
---|---|---|
URL | http://localhost:8080 | If you configured the service in Docker Compose with a set container name, you can use that instead. |
Record type | pomerium.io/WellKnownIPRange | |
Foreign Key | request.ip | |
Polling Min Delay | 1h | Minimum poll interval |
Polling Max Delay | 4h | Maximum poll interval |
Configure Pomerium Enterprise Console
A policy requiring a well known IP address would look something like this:
- Builder
- Editor
deny:
or:
- record:
is: '36459'
field: as_number
type: pomerium.io/WellKnownIPRange
Reference
- It has an optional flag
--address
, to change the listening port from the default:8080
.