Whitelist Kuality on Amazon CloudFront
Amazon CloudFront blocks automated traffic by default. Add a small allow rule so our scanner can reach your site.
Scanner IPs
Add these IPs to your allow-list on Amazon CloudFront. Copy each row, or grab them all at once with the button below.
| 174.50.237.98 | |
| 99.43.242.58 | |
| 172.235.167.199 | |
| 45.79.196.106 |
Allow our IPs in CloudFront / AWS WAF
- CloudFront blocks bot traffic via AWS WAF Web ACLs, not CloudFront itself. Open the AWS console and go to WAF & Shield → Web ACLs.
- Find the Web ACL attached to your CloudFront distribution and open Rules → Add rule → Add my own rules and rule groups.
-
Create an IP set
named "Kuality Scanners". Add the IPs above with a /32
suffix (e.g.
174.50.237.98/32). - Add a rule that matches that IP set and sets the action to Allow. Set the rule priority above any "Bot Control" or "Anonymous IP list" managed rule groups so it short-circuits them.
- Save the Web ACL. Changes propagate to all CloudFront edge locations within a couple of minutes.
After you've added the rule
Allow a minute for the rule to propagate, then re-run any failed scan from your reports page. The "we can't reach your site" banner will clear automatically as soon as a scan succeeds.
Still stuck?
Amazon CloudFront's UI changes occasionally — if these steps don't match what you see, reply to the "we can't reach your site" email or open a support ticket and we'll walk through it with you.