Whitelisting Fabric & Crashlytics IP

Asked 25/4, 2017 at 8:11 Answered 25/4, 2017 at 13:32

Solved firewall crashlytics google-fabric crashlytics-android

Question - would like to allow access to Fabric & Crashlytics from our server which means that we need to allow it through our firewall for access. Can anyone share the domains or IPs that we should allow through ?

Secondly, we would also like the fabric plugin for Android Studio and Xcode to work, would the above domains and IPs also apply ?

Surgical answered 25/4, 2017 at 8:11 Comment(0)

Mike from Fabric and Firebase here. We don't support IP whitelisting as our IP addresses can and do change quite frequently. You should whitelist the following domains:

*.crashlytics.com
*.fabric.io

Update as of July 2020:

From the recent contact with the Firebase team, we got the following details:

You can whitelist the following domains on ports 80 and 443:

For Firebase Crashlytics (SDK versions 4.x and up):

*.crashlytics.com
crashlyticsreports-pa.googleapis.com

For Fabric Crashlytics (SDK versions 3.x):

*.crashlytics.com
*.fabric.io

For Firebase Crashlytics, there's one more domain which needs to be whitelisted even though it's not officially informed by Firebase team

firebasecrashlyticssymbols.googleapis.com

Creatinine answered 25/4, 2017 at 13:32 Comment(10)

Is this still the case since the acquisition by Firebase? – Olszewski 24/5, 2018 at 17:2

Correct, no changes. – Creatinine 24/5, 2018 at 17:26

@MikeBonnell what ports/protocols are used? 443-TCP? – Climacteric 2/7, 2018 at 19:25

Ports 80 and 443. – Creatinine 9/7, 2018 at 15:57

Hey, can anyone confirm that opening these domains is sufficient for proper crash reporting? – Misogyny 18/7, 2018 at 13:51

Mike, is this answer still correct after the Firebase migration? – Micamicaela 20/9, 2018 at 11:13

Yes, still true. – Creatinine 20/9, 2018 at 14:3

Is this true for debugging symbols upload as per firebase.google.com/docs/crashlytics/get-deobfuscated-reports? – Palaeobotany 7/1, 2020 at 2:10

Update: yes it is (still) true. Whitelist ports 80 and 443 for the above 2 domains as well. – Palaeobotany 3/2, 2020 at 2:34

Is anyone else seeing requests to firebaselogging-pa.googleapis.com? – Prokopyevsk 7/4, 2021 at 0:44

From what I understand a firewall usually blocks incoming connections, fabric just requires outgoing, so no need for whitelisting.

If you have a strict situation, just inpect the firewall logs with your sysadmin and make the whitelist entries, it can be different over time and you should be able to update it, so this way you know how to obtain it.

Franny answered 25/4, 2017 at 8:13 Comment(3)

That's not what quite I'm after. I'd like a list so we can add to the list in a very conclusive manner rather than provide ad-hoc entries into the firewall when something doesn't work. – Surgical 25/4, 2017 at 8:17

Well it's a third party company, they can change domains as they like, so you have to be ready to change it ad-hoc. Personally I recommend Little Snitch, install it on an OS X machine and it will let you inspect the connections outgoing from Fabric & Crashlytics – Franny 25/4, 2017 at 9:7

Not true, firewall can be easily configured to block outgoing connections unless they are whitelisted, and this is actually done in many private networks. – Misogyny 18/7, 2018 at 13:58

Recommended topics

Hot tags