27

We want to use Slack Webhook (Outgoing Webhook) with an internal web service.

Our company is behind a firewall, so outside connections must be whitelisted.

It appears that Slack has multiple addresses it will send the API request from, and they don't seem to be documented.

Which IPs/Ports should we open in the firewall (whitelist) in order to allow slack's outgoing webhooks to connect to our internal web service?

Mr. Tim
  • 886
  • 8
  • 18
Sahar Menashe
  • 1,945
  • 2
  • 18
  • 17
  • 3
    Went upon the same issue, can only whitelist IP ranges. Unfortunately, according to this [tweet from Slack API](https://twitter.com/slackapi/status/567110311476350976?lang=en) the platform is in AWS and doesn't have a fixed IP range. I may have to use some kind of proxy to get through... – Cebe Jun 07 '17 at 07:27
  • @Sahar Menashe did you find a solution for this? I'm experiencing the same issue. – fuzzi Mar 11 '19 at 19:35

3 Answers3

4

I know this is an old question, but I was looking for something like this myself. I think the one answer thats there doesnt really understand the question as such.

ngrok could sort-of solve an issue here, but its not quite what was asked.

Mapping ports from external to internal on a firewall that would be at a company is trivial. What I think the originator was asking was "what IP addresses do slack use when calling our service" so that you can firewall the service off to only allow access from those IP's (hence the whole white listing thing).

Simple answer as far as i can see is they are basically using lambda and various sources within AWS which makes that rather hard

Takigama
  • 93
  • 1
  • 7
1

An alternative could be using a VPN tunnel service to expose your internal webserver the Internet, e.g. with ngrok. I can confirm it works with Slack (I use it every day for Slack developing) and its also recommended as solution for a local development environment in the Slack tutorials.

Erik Kalkoken
  • 30,467
  • 8
  • 79
  • 114
  • 1
    Can ngrok be used on non-local servers? – fuzzi Mar 11 '19 at 18:11
  • I am not sure. but I would not see any reason why not – Erik Kalkoken Mar 12 '19 at 01:50
  • Internal web service can be exposed, so that is not a problem. Ngrok could compromise company network security and could be disallowed in enterprise. – Ondrej Galbavý Feb 25 '20 at 08:48
  • ngrok is a professional product used by many companies to create secure VPN connections to the Internet. Whether or not it "could compromises network security" depends mostly on specific security requirements and should be evaluated on a case-by-basis basis for a company. With that in mind it a valid solution for OP's problem. – Erik Kalkoken Feb 25 '20 at 15:04
-1

The IP addresses are different for every region. I run into the same issue, and wrote this simple pyhton script to collect the addresses:

https://github.com/CanBeBlamed/fqdn_ip/blob/main/fqdn_ip.py

Just run it for a while, and it will collect all the IP addresses for your region.

ZoltanTheHun
  • 1
  • 1