Whitelist Kuality on Amazon CloudFront

Allow our IPs in CloudFront / AWS WAF

1. CloudFront blocks bot traffic via AWS WAF Web ACLs, not CloudFront itself. Open the AWS console and go to WAF & Shield → Web ACLs.
2. Find the Web ACL attached to your CloudFront distribution and open Rules → Add rule → Add my own rules and rule groups.
3. Create an IP set named "Kuality Scanners". Add the IPs above with a /32 suffix (e.g. 174.50.237.98/32).
4. Add a rule that matches that IP set and sets the action to Allow. Set the rule priority above any "Bot Control" or "Anonymous IP list" managed rule groups so it short-circuits them.
5. Save the Web ACL. Changes propagate to all CloudFront edge locations within a couple of minutes.

After you've added the rule

Allow a minute for the rule to propagate, then re-run any failed scan from your reports page. The "we can't reach your site" banner will clear automatically as soon as a scan succeeds.

Still stuck?

Amazon CloudFront's UI changes occasionally — if these steps don't match what you see, reply to the "we can't reach your site" email or open a support ticket and we'll walk through it with you.