Slack webhook - Which IPs should I open?
Asked Answered
F

3

28

We want to use Slack Webhook (Outgoing Webhook) with an internal web service.

Our company is behind a firewall, so outside connections must be whitelisted.

It appears that Slack has multiple addresses it will send the API request from, and they don't seem to be documented.

Which IPs/Ports should we open in the firewall (whitelist) in order to allow slack's outgoing webhooks to connect to our internal web service?

Faulk answered 4/8, 2016 at 6:6 Comment(2)
Went upon the same issue, can only whitelist IP ranges. Unfortunately, according to this tweet from Slack API the platform is in AWS and doesn't have a fixed IP range. I may have to use some kind of proxy to get through...Voluptuous
@Sahar Menashe did you find a solution for this? I'm experiencing the same issue.Weixel
C
5

I know this is an old question, but I was looking for something like this myself. I think the one answer thats there doesnt really understand the question as such.

ngrok could sort-of solve an issue here, but its not quite what was asked.

Mapping ports from external to internal on a firewall that would be at a company is trivial. What I think the originator was asking was "what IP addresses do slack use when calling our service" so that you can firewall the service off to only allow access from those IP's (hence the whole white listing thing).

Simple answer as far as i can see is they are basically using lambda and various sources within AWS which makes that rather hard

Conventual answered 19/10, 2020 at 14:41 Comment(0)
M
1

An alternative could be using a VPN tunnel service to expose your internal webserver the Internet, e.g. with ngrok. I can confirm it works with Slack (I use it every day for Slack developing) and its also recommended as solution for a local development environment in the Slack tutorials.

Minx answered 8/11, 2017 at 11:1 Comment(4)
Can ngrok be used on non-local servers?Weixel
I am not sure. but I would not see any reason why notMinx
Internal web service can be exposed, so that is not a problem. Ngrok could compromise company network security and could be disallowed in enterprise.Fitly
ngrok is a professional product used by many companies to create secure VPN connections to the Internet. Whether or not it "could compromises network security" depends mostly on specific security requirements and should be evaluated on a case-by-basis basis for a company. With that in mind it a valid solution for OP's problem.Minx
L
-1

The IP addresses are different for every region. I run into the same issue, and wrote this simple pyhton script to collect the addresses:

https://github.com/CanBeBlamed/fqdn_ip/blob/main/fqdn_ip.py

Just run it for a while, and it will collect all the IP addresses for your region.

Logography answered 5/5, 2023 at 9:5 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.