Cloudflare's published IPv4 IP list no longer works

According to https://www.cloudflare.com/en-gb/ips/, the authoritative URLs for Cloudflare’s list of IPv4 and IPv6 addresses are:

However, the IPv4 URL no longer works with the trailing slash:

○ → curl -I https://www.cloudflare.com/ips-v4/
HTTP/2 404 
date: Wed, 07 Feb 2024 19:53:57 GMT
content-type: text/html; charset=utf-8
cf-ray: 851e2e963b4f711b-YYZ
cf-cache-status: HIT
age: 324
cache-control: max-age=600
expires: Wed, 07 Feb 2024 19:48:48 GMT
last-modified: Wed, 07 Feb 2024 19:24:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-rm: RDWD
x-xss-protection: 1; mode=block
…

EDIT: also seeing this happen sometimes for the IPv6 list as well

It’s ok for me…

curl -I https://www.cloudflare.com/ips-v4/
HTTP/2 200
date: Wed, 07 Feb 2024 20:06:14 GMT
content-type: text/plain;charset=UTF-8
content-length: 230
cf-ray: 851e40936c723691-LHR
cf-cache-status: HIT
accept-ranges: bytes
age: 5903
cache-control: max-age=600
last-modified: Wed, 07 Feb 2024 18:27:51 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=GSJuAmWPTBPZuRjpft4i0F_gFp49cEHpKUZdDImrwsM-1707336374-1-AfxP/6CnUYrULFdsSRtU8Svnb5NyFaNkmpn29cTyXtoo1ew/sFZI/k48IbNdgYl13v+ZMw3yESjlMoc1zieR88hlmWlz1SxqH9siqan3dDX5; path=/; expires=Wed, 07-Feb-24 20:36:14 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Uc3lH0CXb6zTE42ZXV1E8jXZmuYFDON8cpuZygVbKxIKO9rQ3ZAEJZDnzZ03%2FwWqY9xGOq3b15qy27Nh1GBCBlUfGeTJTTzDye5zA2JMy4KAW1KZxx6Xqw7er%2BtNZBFZRUopg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400
2 Likes

We saw this in a few locales, but evidently this was nothing but a brief oops on Cloudflare’s end and the canonical URLs should continue to operate.

1 Like

We have the same issue with the IPv6 list from multiple clients and locations:


# curl -I https://www.cloudflare.com/ips-v6/
HTTP/2 404
date: Fri, 23 Feb 2024 07:56:22 GMT
content-type: text/html; charset=utf-8
cf-ray: 859de971cc2f160d-DUS
cf-cache-status: HIT
age: 1
cache-control: max-age=600
expires: Fri, 23 Feb 2024 07:56:36 GMT
last-modified: Fri, 23 Feb 2024 07:41:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-rm: RDWD
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=2EPLTgUpjTmA4L2wKXadUqLieqNoDSdkq1tpfMhSwDc-1708674982-1.0-Aez1O6rNz/P5miPpIIzBJgokcxUgwHmoxyOB8tFqu/dGl8IjsCQypYF+5bUZdt72JREdMbTY39zbTbMXprG9TFomIq8KWIsFzdbIwd7C2TLv; path=/; expires=Fri, 23-Feb-24 08:26:22 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WzMswDAVkY96FoV3oKe3C3aO8A2HrEj4dxDaqXCM8pIHz3QQIAmLTkOJXEFVICngAwvjIbXmE9CsD%2FfBlHOCguectTzg%2BOZevVHBNNc4E3ycFNf8TnkFm4o6k5gTSCZliiZYOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400

Thanks for reporting this - I am checking internally and we’ll take a look.

As a sidenote, there is an API exposed for this you can use for now as a workaround or permanent alternative:

2 Likes

Hi, I dont know what you changed but the URL redirects without the trailing slash.
While perhaps being the intended way it’s supposed to work. Users who do “curl https://www.cloudflare.com/ips-v4” will have to update their scripts with -L to run “curl -L https://www.cloudflare.com/ips-v4” to allow redirects or set it to “curl https://www.cloudflare.com/ips-v4/

This breaks some firewall scripts until they fix their URLs or curl parameters.

2 Likes

Something has changed since this morning about the text IPs list links, that causes them to no longer work without the trailing slash at the end, which breaks many scripts in many repositories across GitHub and others, all using links without the trailing slash and curl without -L option.
https://www.cloudflare.com/ips-v4 → now redirects to https://www.cloudflare.com/ips-v4/
This causes scripts to download an empty file and firewalls to delete existing rules, but not insert any other IPs, thus sites using these scripts will run into connection timed out error at the origin.

Hi folks,

This should be resolved now and https://www.cloudflare.com/ips-v4 and https://www.cloudflare.com/ips-v6 should load consistently without any redirects.

Thanks for reporting this!

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.