HTTP-Connectivity-Tester icon indicating copy to clipboard operation
HTTP-Connectivity-Tester copied to clipboard
verified publisher icon nsacyber

Add known cloud provider/CDN/loading balancing IP range look ups

Open iadgovuser1 opened this issue 7 years ago • 1 comments

Addresses and Aliases property on the connectivity object are useful, but could be better. Combine them per URL:

  • URL
  • DNS aliases
  • IP addresses for those aliases
  • Boolean to denote if the IP address is part of a known cloud provider or CDN
  • If boolean is true, then the name of the provider
  • If boolean is true, then the address ranges that would need to be unblocked

This feature would help those who can't do URL or URL pattern name based unblocks and can only do IP address based unblocks.

Need a function to test if an IP address is in a known range specified in CIDR notation. Could take a dependency on a library or create needed functionality in pure PowerShell.

  • https://stackoverflow.com/questions/9622967/how-to-see-if-an-ip-address-belongs-inside-of-a-range-of-ips-using-cidr-notation
  • https://github.com/lduchosal/ipnetwork (IPNetwork.Parse, IPAddress.Parse, ipnetwork.Contains)
  • https://www.nuget.org/packages/IPNetwork2/
  • https://stackoverflow.com/questions/32028166/convert-cidr-notation-into-ip-range?rq=1

Need to gather address ranges of common/popular providers or download at runtime ( -IncludeProviders option?)

Amazon AWS

  • https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/
  • https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
  • https://docs.aws.amazon.com/quicksight/latest/user/regions.html
  • https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html

Microsoft Azure

  • https://www.microsoft.com/en-us/download/details.aspx?id=41653
  • https://azurerange.azurewebsites.net/ and https://github.com/fchapleau/AzureRange
  • https://www.danielstechblog.io/azure-services-urls-and-ip-addresses-for-firewall-or-proxy-whitelisting/
  • https://docs.microsoft.com/en-us/azure/cdn/cdn-pop-list-api
  • http://vijayjt.blogspot.com/2017/05/azure-public-ip-ranges-and-whitelisting.html
  • https://blogs.msdn.microsoft.com/nicole_welch/2017/02/azure-ip-ranges/ (Gov and O365)

Google Compute Engine

  • https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges

Apple

  • 17.0.0.0/8
  • https://www.richard-purves.com/2016/09/10/apple-services/
  • https://www.richard-purves.com/2016/09/10/apple-services/
  • https://stackoverflow.com/questions/10688852/ip-address-ranges-for-apns-servers

Akamai

  • https://security.stackexchange.com/questions/38658/firewall-defined-akamai-ip-range

Cloudflare

  • https://www.cloudflare.com/ips/

iadgovuser1 avatar Jul 20 '18 16:07 iadgovuser1

leaseweb: https://kb.leaseweb.com/customer-portal/cdn/cdn-ip-ranges

vpiserchia avatar Oct 16 '19 13:10 vpiserchia