Adding QUIC.cloud IPs to an Allowlist¶
QUIC.cloud CDN acts as a proxy service for your domain, and requires access to your origin server for uncached requests. However, various firewalls may potentially block QUIC.cloud IP addresses, either outright, or when making a frequent amount of requests.
To ensure QUIC.cloud is not blocked by your origin server, you'll need to add the QUIC.cloud IPs to your firewall's ignore-list or allowlist.
Important
This is not a set-it-and-forget-it kind of thing. In order to optimize global performance, we add and remove nodes frequently, which means the list of IP addresses also will change frequently.
Here is the current list, in various formats:
- Text: https://www.quic.cloud/ips?ln
- Trusted IPs: https://www.quic.cloud/ips?trusted
- JSON: https://www.quic.cloud/ips?json
- HTML: https://www.quic.cloud/ips
Please keep your server-level and application-level allowlists updated. Some of the firewalls listed below will do this for you, but others require you to manually maintain the list. If you don't have access to your domain's firewall solutions, please forward this documentation to your hosting provider.
LiteSpeed Web Server¶
IP List Automatically Updated
The latest versions of LiteSpeed Web Server will automatically update the QUIC.cloud IPs for you. You don't have to do anything.
v5.4.11 and older¶
IP List Requires Manual Update
In older versions of LSWS, we recommend that you add the IPs as “Trusted” in your LiteSpeed WebAdmin Console. Navigate to Configuration > Server > Security, scroll down to Access Control, click the Edit button and add the IPs to the Allowed List. The letter T added after the IP (no space) indicates that it is Trusted. So, your list would look something like this:
ALL,192.0.2.0T,192.0.2.1T,192.0.2.3T
OpenLiteSpeed¶
IP List Automatically Updated
The latest versions of OpenLiteSpeed will automatically update the QUIC.cloud IPs for you. You don't have to do anything.
v1.7.12 and older¶
IP List Requires Manual Update
In older versions of OLS, we recommend that you add the IPs as “Trusted” in your LiteSpeed WebAdmin Console. Navigate to Server Configuration > Security, scroll down to Access Control, click the Edit button and add the IPs to the Allowed List. The letter T added after the IP (no space) indicates that it is Trusted. So, your list would look something like this:
ALL,192.0.2.0T,192.0.2.1T,192.0.2.3T
Imunify360¶
IP List Automatically Updated
With Imunify360, the QUIC.cloud IPs are automatically included on the allowlist. You shouldn't have to do anything manually. To verify, you can find the IPs located in /etc/imunify360-webshield/common-proxies.conf and /etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-litespeed/rbl_whitelist. The latter path may vary depending on the web server and control panel used.
BitNinja¶
IP List Automatically Updated, But Should be Verified
BitNinja maintains a list of allowed IPs, but we recommend you verify that this is actually true for your server. If necessary, you can allow the QUIC.cloud IPs manually.
Config Server Firewall (or) CSF¶
IP List Requires Manual Update
If CSF is your primary firewall, there are three ways to allow QUIC.cloud IPs:
- Add them to the csf.ignore file in the lfd- Login Failure Daemon section within the CSF Dashboard (accessible from the Plugins section in WHM/Plesk).
- Add the list directly to the
/etc/csf/csf.ignorefile, and restart CSF to allow the changes to take effect. - Use our script, either as needed, or on a daily basis via cron, like so: More info here.
wget -q https://raw.githubusercontent.com/QuicCloud/scripts/main/csf/csf-auto-update.sh -P /opt/ chmod +x /opt/csf-auto-update.sh 0 0 * * * /opt/csf-auto-update.sh
Cloudflare¶
Requires One-Time Configuration
Our Auto-Update Script for Cloudflare automates the process of allowlisting our IPs for Cloudflare. If you have a Cloudflare account with an API key, you can download the script and run it daily via cron.
Other Server-Level Firewalls¶
IP List Requires Manual Update
You can use cron to schedule a script that will automatically update other server-level firewalls on a daily or at least bi-weekly basis. If you use a server-level firewall not listed here, let us know. We may be able to help automate allowlist updates.
Wordfence¶
Requires One-Time Configuration
As of December 2023, you can set QUIC.cloud as a trusted proxy, and Wordfence will automatically update the IP list.
- Make sure that you are running the latest version of Wordfence.
- Navigate to Wordfence Dashboard > Global Options. Expand the General Options section, then expand Edit trusted proxies. Select
Quic.cloudfrom the Trusted Proxy Preset list. - Click Save Changes.
Other Application-Level Firewalls¶
IP List Requires Manual Update
Be sure to check any application-level firewalls that may be in use, such as Sucuri for WordPress. Such solutions should include a similar allowlist function, and it may be necessary to add QUIC.cloud IPs.
Next Step¶
If you are currently setting up your CDN for the first time, please see Verify the CDN is Working to continue.