Blog
ArchiveTwitterFeed
Share on Twitter
Share on Facebook
Share on HackerNews
Share on LinkedIn

Notice of (Internet) Address Change

As part of continuing projects to increase the reliability of sentry.io, the IP addresses associated with the service will be changing soon. These changes may require customer-side updates to firewall rules to continue uninterrupted service.

Specifically, firewall rules that restrict traffic based on IP addresses will have to be changed for the following circumstances:

  • Firewalls between an application monitored by Sentry and the Sentry service (sentry.io)
  • Firewalls between Sentry’s service and:
    • web servers or CDNs that serve JavaScript source and/or source map files
    • servers configured to receive webhook HTTP requests

If neither of these apply, no changes are needed. We hope you continue to use and enjoy Sentry!

We plan to migrate all traffic to the addresses below, starting on June 21, 2017.

Inbound Address

  • 35.188.42.15

When a Sentry client SDK transmits errors to sentry.io, DNS will return the above IP address alongside the existing service addresses. If you have previously configured network rules between your application servers and the Internet to limit outbound requests, those rules will need to be updated to add this new address.

Outbound Addresses

  • 35.184.238.160
  • 104.155.159.182
  • 104.155.149.19
  • 130.211.230.102

When configured by customers, sentry.io also sends web requests to its customers’ servers. The most frequent requests Sentry makes are to fetch JavaScript source files and source maps, but we also connect using webhooks and other integrations. If you have configured network rules that only allow inbound requests from specific addresses, you will need to update those rules to include the additional addresses.

Alternative Methods of Authentication

In order to alleviate some of the pains caused with updating these addresses, Sentry provides the ability to append a token to our outbound request headers. You may configure this token by going to your Project Settings, and scrolling down to “Security Token” where you’ll find the following form:

security headers

By default, all outbound requests are appended with the X-Sentry-Token header using the security token as the value. This token can be verified by a webserver or a proxy, denying all traffic that does not match. Here’s an example for using nginx to deny unauthorized requests:

    map $http_x_sentry_token $from_sentry {
      f48e8f0eb1c911e493090025902d9efc 1;
      default 0;
    }

    location / {
      if ($from_sentry = '0') { return 403; }
    }

Note that both the header name and token value can be configured to suit your preferences.

Moving forward, we strongly encourage your organization to use this authentication method instead of IP whitelisting.

Your code is broken. Let's Fix it.
Get Started

More from the Sentry blog

ChangelogCodecovDashboardsDiscoverDogfooding ChroniclesEcosystemError MonitoringEventsGuest PostsMobileOpen SourcePerformance MonitoringRelease HealthResourceSDK UpdatesSentry
© 2024 • Sentry is a registered Trademark
of Functional Software, Inc.