Update: Source IP Changes for Public Locations

What is happening?
An updated synthetics runtime for public locations is planned to be released on April 7, 2022 that includes support for new versions of Chrome, Selenium WebDriver, and Node.js. Any new monitors created or monitors upgraded to use this runtime will use a new IP space.

These new IP address ranges have been added to our public IP documentation in a new IP range list document.

While this new IP space will initially only be used for new and upgraded monitors, all public ping, simple browser, certificate check, broken link monitors, and step monitors will start migrating to this new IP range on May 2, 2022. Migration timelines for existing scripted API and scripted browser monitors will be shared in the future.

Do I need to do anything?

  • If the endpoint or webpage that your monitor checks is restricted, you’ll need to add the IP address ranges above to your allow list. This may include firewall rules, bot detection software, or similar configurations
  • If your team allows traffic from any IP, no action is required.

How do I identify synthetic monitoring requests?
Synthetic monitoring requests include x-abuse-info request headers so that they can be easily identified.

7 Likes

The release date of the updated synthetics runtime for public locations has been changed from April 7, 2022 to April 8, 2022. Sorry for any inconvenience this may cause.

It seems as if the old/current IP ranges have been replaced by the new list in the documentation. Are they still available for reference?

Both the old/current and the new IPs are available in public minion IP documentation.

The old/current IPs are listed in the IP and DNS name list. The new IP ranges are listed in the IP range list, which applies to both US and EU accounts.

2 Likes

Ah, that’s grand, thank you @bpeck.

Hello!

Thank you for the documentation. Can you confirm the JSON files mentioned in this Synthetic monitor public minion IPs | New Relic Documentation will be edited to reflect the new IPs on May 2nd?
We use this one specifically https://s3.amazonaws.com/nr-synthetics-assets/nat-ip-dnsname/production/ip.json, and whitelist according to the content of this. So can you confirm the endpoint will remain the same, but the content be updated with the new IPs only?

Thank you!
Jules

The files that list individual IPs, like https://s3.amazonaws.com/nr-synthetics-assets/nat-ip-dnsname/production/ip-dnsname.json, will not be updated to include all possible IP addresses in the new IP range. A new file is being used due to potential impact from breaking any automations that cannot handle an IP range instead of a list of individual IPs.

CIDR ranges will be published to the ip-ranges.json file:
https://s3.amazonaws.com/nr-synthetics-assets/nat-ip-dnsname/production/ip-ranges.json

1 Like

Thank you for detailed answer!
Have a nice day,
Jules

Hey @jules.claussen,

We are glad that @bpeck was able to provide you with an answer! Please let us know if there is anything else we can do for you, we are always happy to help.

Take care and have a great day!

Hello,

We are in the process of restricting our endpoint to specific IPs. We have whitelisted all the IP ranges in this list - https://s3.amazonaws.com/nr-synthetics-assets/nat-ip-dnsname/production/ip-ranges.json

But the checks are failing. Are you still in process of migrating old monitors to these new IP ranges? Do we need to whitelist individual IPs in https://s3.amazonaws.com/nr-synthetics-assets/nat-ip-dnsname/production/ip.json also ?

Thanks!

Yes, this migration is still in progress. Both lists would be required for now. We are moving ping monitors first, but at a certain percentage per day to limit risk.

2 Likes