Egress
This section describes the high-level architecture
for the Egress connection
used by Fluid Attacks
as well as its minimum requirements
and limitations.
This solution relies on Cloudflare Dedicated Egress.
High-level architecture
We use public Egress for accessing your resources.
These IP addresses are static, which means they never change.
You can whitelist the Egress on your firewall
so Fluid Attacks can access the resources it requires
through the Internet.
Below is a high-level diagram that shows how the Egress scheme works.
Minimum requirements
-
Give firewall permissions to the
Fluid Attacks'Egressso they can reach your resources.Below is the list of
Egressthat need to be whitelisted:IPv4:
104.30.132.78104.30.134.27
IPv6:
2a09:bac0:1000:252::/642a09:bac0:1001:1cb::/64
-
Fill out the following form in order to provide us with the required details for setting up the Egress connection. Once submitted, the connection will be set in less than 8 office hours.
Limiting access to the Egress
Fluid Attacks uses the provided Egress
for accessing your resources.
We recommend creating minimum privilege firewall rules in order to only expose those resources that are necessary.
Service limitations
Using self-signed certificates
When using self-signed SSL certificates for your sites, HTTPS traffic going through it will not be inspected, reducing the log detail that can be collected.
This is caused by the fact that the Cloudflare network does not trust certificates signed by non-trusted certificate authorities.
We recommend using SSL certificates signed by a valid certificate authority so navigation logs are fully detailed.
Authentication
The authentication mechanisms available for this method are as follows:
| OAuth | SSH | HTTPS |
|---|---|---|
| ❌ | ✅ | ✅ |