This document describes how to add the monitoring IPs of VSS to the allowlist.
Overview
VSS simulates hacker intrusion attacks to conduct asset discovery and risk monitoring over the public network. If your server has security protection or monitoring services such as WAF and SOC deployed, we recommend you add the monitoring IPs of VSS to the allowlist and grant them scanning access, so that the monitoring service can work smoothly. Such service node scanning IPs include:
129.211.162.110
129.211.162.87
129.211.163.253
129.211.164.19
129.211.166.123
129.211.167.182
129.211.167.200
129.211.167.70
129.211.162.158
129.211.162.23
129.211.166.134
129.211.167.108
129.211.167.181
129.211.166.142
129.211.166.163
129.211.167.128
129.211.167.166
43.139.244.231
43.139.243.246
119.28.101.45
119.28.101.51
150.109.12.53
129.226.197.194
129.226.197.196
129.226.197.199
129.226.197.200
129.226.197.201
129.226.197.204
129.226.197.205
129.226.197.207
129.226.197.209
129.226.197.21
43.134.229.58
101.33.220.146
182.254.192.73
175.178.79.94
106.55.172.224
119.91.226.99
43.139.53.159
106.55.100.23
106.53.104.226
123.207.45.218
43.136.98.102
43.139.150.105
175.178.22.156
122.152.222.70
159.75.140.45
193.112.176.100
43.136.103.134
101.33.244.20
114.132.180.83
159.75.80.121
43.136.56.35
106.52.219.11
42.193.249.24
43.136.123.68
123.207.72.172
43.139.233.146
119.91.227.203
175.178.108.10
43.136.85.179
111.230.104.109
119.91.226.24
119.91.48.196
101.33.203.139
134.175.222.22
175.178.72.188
175.178.90.4
119.29.244.62
123.207.72.179
175.178.79.108
111.230.243.60
43.138.175.184
134.175.53.125
43.139.204.202
122.152.233.202
175.178.176.234
43.139.244.105
43.139.188.254
159.75.154.2
106.52.244.65
43.138.233.4
159.75.110.155
134.175.248.145
If your website can be accessed only after login, you need to suspend the security policy (to ensure that the website can be accessed from all IPs) and resume it after your cookie validity is verified.
Directions
Method 1: allow IPs through IP query
1. Log in to the WAF console and select IP Management > IP Query on the left sidebar to enter the IP query page.
2. On the IP query page, enter the IP address to be queried, click Query, and the query result will be displayed.
3. Click Add to Blocklist/Allowlist to enter the Add Blocked/Allowed IP page, where you can manually add IPs to the allowlist. Select Allowlist as the category, enter the IP address to be allowed, select the expiration time of the allowlist, and click Add.
Method 2: add IPs directly to the allowlist
Log in to the WAF console and select IP Management > IP Blocklist/Allowlist on the left sidebar to enter the IP blocklist/allowlist page.
Method 1: manually add IPs to the allowlist.
1.1 On the IP blocklist/allowlist page, click Add to Blocklist/Allowlist, and the Add Blocked/Allowed IP window will pop up.
1.2 In the Add Blocked/Allowed IP window, select Allowlist as the category, copy the scanning node IPs of VSS into the IP address input box, select the expiration time of the allowlist, and click Add.
Note:
Up to 100 IP addresses can be entered and separated by line break.
Method 2: batch import IPs to the allowlist.
1.1 On the IP blocklist/allowlist page, click Import Data, and the Import IP List window will pop up.
1.2 In the Import IP List window, click Import, select the allowlist file to be imported, and click Confirm Import after successful upload.
Note:
Import file format: only .xlsx and .xls files are supported.
Quantity: currently, only one single file can be uploaded.
Content: the file must include three columns: category, IP address, and end time. For more information on the format, see the exported Excel file.
The end time must be before 2033/12/30 23:59:59 in the format of YYYY/MM/DD HH:MM:SS.
Method 3: add blocked IPs to the allowlist.
1. Log in to the WAF console and select IP Management > IP Blocking Status on the left sidebar to enter the IP blocking status page.
2. On the IP blocking status page, enter the relevant information, click Query to query the relevant IPs of VSS, and then add them to the allowlist.
