# Network/Email Firewall Configuration {% hint style="info" %} This documentation is intended for Enterprise IT Administrators. If you are a user seeing network connection errors, please get in touch with your IT Administrator and provide this page.\ \ Questions? Contact {% endhint %} ## Network Firewall Configuration PixieBrix initiates outgoing HTTPS network connections. PixieBrix does not use/require incoming requests. ### Outgoing Network Traffic Allowlist For PixieBrix to function properly, outgoing traffic to the following origins must be allowlisted: * `https://*.pixiebrix.com`, or the specific origins: * `https://app.pixiebrix.com`: *required for all users* * `https://static.pixiebrix.com`: *required for all users* * `https://docs.pixiebrix.com`: documentation portal, recommended for mod developers and admins * `https://www.pixiebrix.com`: website and templates, recommended for mod developers * `https://*.browser-intake-datadoghq.com`: error telemetry endpoint required for all users * `https://*.cloudflare-ech.com` : Cloudflare [Encrypted Client Hello (ECH) endpoint](https://developers.cloudflare.com/ssl/edge-certificates/ech/). Read more about [ECH for security here](https://blog.cloudflare.com/announcing-encrypted-client-hello/) * `https://cdn.jsdelivr.net` : CDN serving [Bootstrap](https://www.jsdelivr.com/package/npm/bootstrap-icons) and [Simple Icon](https://www.jsdelivr.com/package/npm/simple-icons) libraries. Required for mods that use built-in icons **If you are automatically installing via a** [Browser Extension Installation Policy](/enterprise-it-setup/browser-extension-installation-and-configuration/browser-extension-installation-policy.md), **you must allowlist access to the Chrome extension update site and content CDN:** * `https://clients2.google.com/service/update2/crx` * `https://clients2.googleusercontent.com/*` **If your users are performing a manual browser extension install from the Chrome Web Store, you must also allow traffic to the following Chrome Web Store listing URLs and the Chrome extension update site:** * **Chrome Web Store Download Endpoints** * `https://clients2.google.com/service/update2/crx` * `https://clients2.googleusercontent.com/*` * **Chrome Web Store Listing URLs** * **Extension Release Channel - Stable** * `https://chrome.google.com/webstore/detail/pixiebrix/mpjjildhmpddojocokjkgmlkkkfjnepo` * `https://chromewebstore.google.com/detail/pixiebrix/mpjjildhmpddojocokjkgmlkkkfjnepo` * **Extension Release Channel - BETA** * `https://chrome.google.com/webstore/detail/pixiebrix-beta/mpapkmgkphbggmlekkfnoilmafnbfile` * `https://chromewebstore.google.com/detail/pixiebrix-beta/mpapkmgkphbggmlekkfnoilmafnbfile` #### IP Address Ranges PixieBrix uses Cloudflare as a Content Delivery Network (CDN) and for DDoS protection. As of August 2025, PixieBrix utilizes the following IPv4/IPv6 addresses: ``` 162.159.142.40 172.66.2.36 2606:4700:7::21c 2a06:98c1:58::21c ``` ## Email Firewall Email is required for admins/managers to receive system alerts. Additionally, PixieBrix sends emails to team members when using Login with Email (aka "Magic Links") ### Incoming Email Domain Allowlist The following domains must be allowlisted: * `pixiebrix.com` ### Incoming System Email IP Address Allowlist System emails are sent from the following IP addresses (updated July 1, 2023): * `149.72.154.34` ## Frequently Asked Questions (FAQs) ### Is PixieBrix compatible with ZScaler? PixieBrix is compatible with ZScaler. However, you must allowlist the outgoing traffic domains listed above under Outgoing Network Traffic. ZScaler’s authentication header/URL re-writing is known to intermittently break request authentication. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pixiebrix.com/enterprise-it-setup/network-email-firewall-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.