17

I'm working with a third party webservice who requires that all calls to their service are made from whitelisted IP addresses. That is, I must give them IP addresses from which I will be making calls to their service.

Problem is I'm using Google Appengine. Is there any way to get a static IP address when making outgoing http requests from Appengine? Failing that - is there a block of IP addresses that all requests will come from? I could get the entire bloc whitelisted. If this exists, how likely is it to change?

I know I could setup a simple Amazon EC2 instance to use as a proxy (will ask another question for how to do this specifically) but just wanted to make sure there was no other way.

Improve this question
1

3 Answers 3

Reset to default
16

I had the same problem a couple of weeks ago connecting via Urlfetch from Google App Engine to the Stack Exchange API (The team has promptly fixed the problem whitelisting all the GAE IPs).

The range of IP addresses that urlfetch connections may come from, can be found by performing the following DNS lookup:

dig -t TXT _netblocks.google.com @ns1.google.com
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

do you know how stable that list of IP Addresses is? I.e. how often does it change?
@aloo no I don't and I believe it's not predictable.
I just ran this command and got a list of IP addresses. But I now see AppEngine connections coming from other IP addresses that are not listed here. Are you sure this is complete? Also, this appears to be just the incoming IP addresses, not the outgoing ones made from urlfetch.
1

Last I checked this wasn't possible. You can get the current IP address dynamically, but it isn't predictable.

Improve this answer

2 Comments

how can you get ips dynamically ??
Sorry -- it's been too many years since I used AppEngine, and I don't recall how I achieved this.
0

Please note: _netblocks.google.com is apparently not accurate. Currently I have noticed that GAE connects from addresses not listed when you dig _netblocks, for example from 8.35.201.166.

This range is not listed in _netblocks, _netblocks2 or _netblocks3.

Current dig output: ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16

Improve this answer

1 Comment

I think this is out of date.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.