Back to Blog Home

Notice of (Internet) Address Change

James Cunningham image

James Cunningham -

As part of continuing projects to increase the reliability of sentry.io,
the IP addresses associated with the service will be changing soon.
These changes may require customer-side updates to firewall rules to
continue uninterrupted service.

Specifically, firewall rules that restrict traffic based on IP addresses
will have to be changed for the following circumstances:

  • Firewalls between an application monitored by Sentry and the Sentry
    service (sentry.io)

  • Firewalls between Sentry’s service and:

    • web servers or CDNs that serve JavaScript source and/or source map
      files

    • servers configured to receive webhook HTTP requests

If neither of these apply, no changes are needed. We hope you continue
to use and enjoy Sentry!

We plan to migrate all traffic to the addresses below, starting on June
21, 2017.

Inbound Address

  • 35.188.42.15

When a Sentry client SDK transmits errors to sentry.io, DNS will return
the above IP address alongside the existing service addresses. If you
have previously configured network rules between your application
servers and the Internet to limit outbound requests, those rules will
need to be updated to add this new address.

Outbound Addresses

  • 35.184.238.160

  • 104.155.159.182

  • 104.155.149.19

  • 130.211.230.102

When configured by customers, sentry.io also sends web requests to its
customers’ servers. The most frequent requests Sentry makes are to fetch
JavaScript source files and source
maps
, but we
also connect using webhooks and other integrations.  If you have
configured network rules that only allow inbound requests from specific
addresses,  you will need to update those rules to include the
additional addresses.

Alternative Methods of Authentication

In order to alleviate some of the pains caused with updating these
addresses, Sentry provides the ability to append a token to our outbound
request headers. You may configure this token by going to your
Project Settings, and scrolling down to “Security Token” where you’ll
find the following form:

By default, all outbound requests are appended with the X-Sentry-Token
header using the security token as the value. This token can be verified
by a webserver or a proxy, denying all traffic that does not match.
Here’s an example for using nginx to deny unauthorized requests:

map $http_x_sentry_token $from_sentry { f48e8f0eb1c911e493090025902d9efc 1; default 0; } location / { if ($from_sentry = '0') { return 403; } }

Note that both the header name and token value can be configured to suit
your preferences.

Moving forward, we strongly encourage your organization to use this
authentication method instead of IP whitelisting.

Share

Share on Twitter
Share on Bluesky
Share on HackerNews
Share on LinkedIn

Published

Sentry Sign Up CTA

Code breaks, fix it faster

Sign up for Sentry and monitor your application in minutes.

Try Sentry Free

Topics

Sentry

New product releases and exclusive demos

Listen to the Syntax Podcast

Of course we sponsor a developer podcast. Check it out on your favorite listening platform.

Listen To Syntax
© 2024 • Sentry is a registered Trademark of Functional Software, Inc.