Allowlist Cloud Engine IPs
Some firewalls may block attack traffic and prevent InsightAppSec from testing your application for vulnerabilities. In such cases, you must allowlist the IP addresses of the InsightAppSec cloud engines to scan your web applications. The following table provides the IP addresses of the InsightAppSec engines based on the region where your platform account is hosted. When you log in to InsightAppSec, the region is the first sub-domain in the URL. For example, if the url is
https://us.appsec.insight.rapid7.com then your region is US.
Consult the following table to determine which IPs must be allowlisted according to your region.
IPs to Whitelist