IP addresses to allowlist

If your environment restricts communications by allowing only known IP addresses, you need to allowlist Coveo’s IP addresses. This is however optional to use Coveo.

The addresses listed on this page should rarely change. Should a change be required, Coveo would inform its customers in advance.

Inbound communication

Inbound communication with Coveo takes place when the Coveo cloud-based crawlers access your on-premises content to index it.

Salesforce customers should allowlist Coveo IP addresses when using trusted IP ranges to restrict access to your organization.

US organizations

The following IP addresses are used by most Coveo organizations, namely those deployed in the United States:

  • 54.84.109.253

  • 54.84.122.250

  • 54.84.126.201

  • 54.84.126.206

  • 54.89.203.159

  • 34.228.114.92

  • 52.1.174.164

  • 34.206.208.119

  • 54.147.101.56

  • 3.143.63.87

  • 18.218.102.25

  • 18.218.142.66

  • 3.129.199.205

  • 18.222.105.207

  • 3.143.72.156

Canadian organizations

The following IP addresses are used by organizations deployed in Canada:

  • 3.98.234.162

  • 15.156.144.217

  • 35.182.150.88

  • 99.79.134.66

  • 3.98.11.182

  • 3.97.174.104

European organizations

The following IP addresses are used by organizations deployed in Ireland:

  • 34.242.107.147

  • 54.170.3.6

  • 54.170.30.39

  • 54.228.23.165

  • 79.125.87.0

  • 52.38.148.217

Australian organizations

The following IP addresses are used by organizations deployed in Australia:

  • 13.236.154.182

  • 13.211.9.156

  • 3.106.44.249

  • 54.206.25.172

  • 52.65.144.94

  • 54.252.102.158

HIPAA organizations

The following IP addresses are used by Coveo HIPAA organizations only:

  • 52.207.117.192

  • 34.197.57.255

  • 34.198.140.110

  • 34.200.73.232

  • 52.55.181.180

  • 34.199.215.203

  • 18.214.193.57

  • 54.211.244.247

  • 52.4.190.210

When these IP addresses aren’t allowlisted, you’ll see error codes such as SALESFORCE_UNABLE_TO_AUTHENTICATE_IP_RESTRICTED for Salesforce sources.

Outbound communication

Sometimes, you may also have to restrict the list of IP addresses with which your server can communicate with Coveo. If you use the Push API or the Coveo Crawling Module, or if your server needs to perform queries, navigate to the AWS IP Ranges JSON and allowlist all IP address ranges that are associated with CloudFront edge servers and all ranges from your primary deployment region:

  • us-east-1 and us-east-2 for organizations whose primary deployment is in the US region.

  • ca-central-1 for organizations whose primary deployment region is in the Canada region.

  • eu-west-1 for organizations whose primary deployment is in the Ireland region.

  • ap-southeast-2 for organizations whose primary deployment is in the Australia region.

Coveo for Sitecore customers should allowlist all necessary IP address ranges for the various services this product calls.