IP addresses to allowlist

This is for:

Developer System Administrator

If your environment restricts communications by allowing only known IP addresses, you must allowlist Coveo’s IP addresses. This is however optional to use Coveo.

The addresses listed on this page should rarely change. Should a change be required, Coveo would inform its customers in advance by contacting the administrators of all impacted organizations.

Inbound communication

Inbound communication with Coveo takes place when the Coveo cloud-based crawlers access your on-premises content to index it.

Salesforce customers should allowlist Coveo IP addresses when using trusted IP ranges to restrict access to your organization.

The addresses to allowlist depend on the region where your Coveo organization is deployed. Jump to the section that corresponds to your organization:

US organizations

The following IP addresses are used by most Coveo organizations, namely those deployed in the United States:

IP addresses CIDR notation

  • 54.84.109.253

  • 54.84.122.250

  • 54.84.126.201

  • 54.84.126.206

  • 54.89.203.159

  • 34.228.114.92

  • 52.1.174.164

  • 34.206.208.119

  • 54.147.101.56

  • 3.143.63.87

  • 18.218.102.25

  • 18.218.142.66

  • 3.129.199.205

  • 18.222.105.207

  • 3.143.72.156

  • 54.84.109.253/32

  • 54.84.122.250/32

  • 54.84.126.201/32

  • 54.84.126.206/32

  • 54.89.203.159/32

  • 34.228.114.92/32

  • 52.1.174.164/32

  • 34.206.208.119/32

  • 54.147.101.56/32

  • 3.143.63.87/32

  • 18.218.102.25/32

  • 18.218.142.66/32

  • 3.129.199.205/32

  • 18.222.105.207/32

  • 3.143.72.156/32
Important

If you enter IP addresses using the CIDR notation, make sure to use the /32 suffix to restrict the CIDR to a single IP address.

Using a suffix lower than /32 would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo’s specific IPs.

Canadian organizations

The following IP addresses are used by organizations deployed in Canada:

IP addresses CIDR notation

  • 3.98.234.162

  • 15.156.144.217

  • 35.182.150.88

  • 99.79.134.66

  • 3.98.11.182

  • 3.97.174.104

  • 3.98.234.162/32

  • 15.156.144.217/32

  • 35.182.150.88/32

  • 99.79.134.66/32

  • 3.98.11.182/32

  • 3.97.174.104/32
Important

If you enter IP addresses using the CIDR notation, make sure to use the /32 suffix to restrict the CIDR to a single IP address.

Using a suffix lower than /32 would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo’s specific IPs.

European organizations

The following IP addresses are used by organizations deployed in Ireland:

IP addresses CIDR notation

  • 34.242.107.147

  • 54.170.3.6

  • 54.170.30.39

  • 54.228.23.165

  • 79.125.87.0

  • 52.38.148.217

  • 34.242.107.147/32

  • 54.170.3.6/32

  • 54.170.30.39/32

  • 54.228.23.165/32

  • 79.125.87.0/32

  • 52.38.148.217/32
Important

If you enter IP addresses using the CIDR notation, make sure to use the /32 suffix to restrict the CIDR to a single IP address.

Using a suffix lower than /32 would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo’s specific IPs.

Australian organizations

The following IP addresses are used by organizations deployed in Australia:

IP addresses CIDR notation

  • 13.236.154.182

  • 13.211.9.156

  • 3.106.44.249

  • 54.206.25.172

  • 52.65.144.94

  • 54.252.102.158

  • 13.236.154.182/32

  • 13.211.9.156/32

  • 3.106.44.249/32

  • 54.206.25.172/32

  • 52.65.144.94/32

  • 54.252.102.158/32
Important

If you enter IP addresses using the CIDR notation, make sure to use the /32 suffix to restrict the CIDR to a single IP address.

Using a suffix lower than /32 would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo’s specific IPs.

HIPAA organizations

The following IP addresses are used by Coveo HIPAA organizations only:

IP addresses CIDR notation

  • 52.207.117.192

  • 34.197.57.255

  • 34.198.140.110

  • 34.200.73.232

  • 52.55.181.180

  • 34.199.215.203

  • 18.214.193.57

  • 54.211.244.247

  • 52.4.190.210

  • 52.207.117.192/32

  • 34.197.57.255/32

  • 34.198.140.110/32

  • 34.200.73.232/32

  • 52.55.181.180/32

  • 34.199.215.203/32

  • 18.214.193.57/32

  • 54.211.244.247/32

  • 52.4.190.210/32

When these IP addresses aren’t allowlisted, you’ll see error codes such as SALESFORCE_UNABLE_TO_AUTHENTICATE_IP_RESTRICTED for Salesforce sources.

Important

If you enter IP addresses using the CIDR notation, make sure to use the /32 suffix to restrict the CIDR to a single IP address.

Using a suffix lower than /32 would result in allowing a larger range of IP addresses, that is, allowing other AWS clients along with Coveo’s specific IPs.

Outbound communication

Sometimes, you may also have to restrict the list of IP addresses with which your server can communicate with Coveo. If you use the Push API or the Coveo Crawling Module, or if your server needs to perform queries, navigate to the AWS IP Ranges JSON and allowlist all IP address ranges that are associated with CloudFront edge servers and all ranges from your primary deployment region:

  • us-east-1 and us-east-2 for organizations whose primary deployment is in the US region.

  • ca-central-1 for organizations whose primary deployment region is in the Canada region.

  • eu-west-1 for organizations whose primary deployment is in the Ireland region.

  • ap-southeast-2 for organizations whose primary deployment is in the Australia region.

Coveo for Sitecore customers should allowlist all necessary IP address ranges for the various services this product calls.