Workers

Last updated:

Locations

As of today, uptime and certificate checks are performed from the following locations:

  • Northern Virginia, US
  • Northern California, US
  • Tokyo, Japan
  • London, UK

IP addresses

The full list of IP addresses from where uptime and certificate checks are performed:

3.229.127.34
54.215.211.56
54.250.58.166
18.130.94.137
2600:1f18:64a1:8f00:9471:4ca7:2abd:a742
2600:1f1c:a6d:e600:29be:d84b:cb82:bad2
2406:da14:c68:e201:4da5:6f49:a741:7c25
2a05:d01c:db:c101:9e5c:2aed:c051:76f1

As a convenience, these lists are also available in the following formats:

If your firewall blocks incoming connections, make sure to whitelist these IP addresses to avoid false positives. For example, to whitelist IPv4 addresses in iptables, you can run the following idempotent bash script on most Unix systems (requires root privileges):

#!/bin/bash

wget -qO /tmp/ipv4.txt https://tryhexadecimal.com/assets/plain/ipv4.txt

for ip in $(cat /tmp/ipv4.txt)
do
  if ! iptables -L INPUT -nv | grep -q $ip ; then
    iptables -I INPUT -p tcp -s $ip -j ACCEPT
  fi
done

Note that these IP addresses might get updated from time to time. To ensure that you are automatically getting updates, run this script as a daily cron job as a root user. Since iptables rules do not persist through the server reboot, it is highly recommended to define a @reboot cron job as well.

User agent

Every HTTP request that workers send has a user agent string which is set to:

Hexadecimal/1.0 (+https://tryhexadecimal.com/docs/workers)

This header can't be overwritten, by design.

If you are seeing any malicious traffic coming from this user agent, please get in touch.

Analytics

If you track visitor data in your web analytics, you might want to exclude requests originating from workers' IP addresses to get more accurate reporting. Alternatively, you can filter out requests by the user agent since it is immutable.