Access requirements
XBOW’s testing infrastructure originates from specific IP addresses. Configure your firewall or web application firewall (WAF) to allow traffic from these addresses.
IP addresses used by XBOW
Update your server configuration to allow traffic from these IP addresses during testing.
- 3.18.165.130
- 3.21.131.137
- 3.21.217.89
- 3.22.165.38
- 3.131.87.64
- 3.137.71.91
- 13.59.171.92
- 18.220.171.27
DNS hostnames
For advanced firewall configurations that support hostname-based rules, you can use these DNS entries:
| DNS hostname | Resolved IP address |
|---|---|
| attack-1-1.deployment.eng.xbow.com | 18.220.171.27 |
| attack-1-2.deployment.eng.xbow.com | 3.131.87.64 |
| attack-1-3.deployment.eng.xbow.com | 13.59.171.92 |
| attack-1-4.deployment.eng.xbow.com | 3.18.165.130 |
| attack-2-1.deployment.eng.xbow.com | 3.22.165.38 |
| attack-2-2.deployment.eng.xbow.com | 3.21.217.89 |
| attack-2-3.deployment.eng.xbow.com | 3.21.131.137 |
| attack-2-4.deployment.eng.xbow.com | 3.137.71.91 |
Note: DNS entries may have a time-to-live (TTL) of approximately 280 seconds. Ensure your firewall configuration accounts for DNS caching behavior.
Alternative access methods
If you cannot configure IP-based access, see Configure your server to allow XBOW requests for alternative methods such as custom bypass headers.