CommunityTemplates

Network/Email Firewall Configuration

Information on configuring enterprise network and email firewalls for use with PixieBrix

This documentation is intended for Enterprise IT Administrators. If you are a user seeing network connection errors, please get in touch with your IT Administrator and provide this page. Questions? Contact [email protected]

Network Firewall Configuration

PixieBrix initiates outgoing HTTPS network connections. PixieBrix does not use/require incoming requests.

Outgoing Network Traffic Allowlist

For PixieBrix to function properly, outgoing traffic to the following origins must be allowlisted:

  • https://*.pixiebrix.com, or the specific origins:

    • https://app.pixiebrix.com: required for all users

    • https://docs.pixiebrix.com: documentation portal, recommended for mod developers and admins

    • https://www.pixiebrix.com: website and templates, recommended for mod developers

  • https://*.browser-intake-datadoghq.com: error telemetry endpoint required for all users

  • https://*.cloudflare-ech.com : Cloudflare Encrypted Client Hello (ECH) endpoint. Read more about ECH for security here

  • https://cdn.jsdelivr.net : CDN serving Bootstrap and Simple Icon libraries. Required for mods that use built-in icons

If you are automatically installing via a Browser Extension Installation Policy, you must allowlist access to the Chrome extension update site and content CDN:

  • https://clients2.google.com/service/update2/crx

  • https://clients2.googleusercontent.com/*

If your users are performing a manual browser extension install from the Chrome Web Store, you must also allow traffic to the following Chrome Web Store listing URLs and the Chrome extension update site:

  • Chrome Web Store Download Endpoints

    • https://clients2.google.com/service/update2/crx

    • https://clients2.googleusercontent.com/*

  • Chrome Web Store Listing URLs

    • Extension Release Channel - Stable

      • https://chrome.google.com/webstore/detail/pixiebrix/mpjjildhmpddojocokjkgmlkkkfjnepo

      • https://chromewebstore.google.com/detail/pixiebrix/mpjjildhmpddojocokjkgmlkkkfjnepo

    • Extension Release Channel - BETA

      • https://chrome.google.com/webstore/detail/pixiebrix-beta/mpapkmgkphbggmlekkfnoilmafnbfile

      • https://chromewebstore.google.com/detail/pixiebrix-beta/mpapkmgkphbggmlekkfnoilmafnbfile

Email Firewall

Email is required for admins/managers to receive system alerts. Additionally, PixieBrix sends emails to team members when using Login with Email (aka "Magic Links")

Incoming Email Domain Allowlist

The following domains must be allowlisted:

  • pixiebrix.com

Incoming System Email IP Address Allowlist

System emails are sent from the following IP addresses (updated July 1, 2023):

  • 149.72.154.34

Frequently Asked Questions (FAQs)

Is PixieBrix compatible with ZScaler?

PixieBrix is compatible with ZScaler. However, you must allowlist the outgoing traffic domains listed above under Outgoing Network Traffic. ZScaler’s authentication header/URL re-writing is known to intermittently break request authentication.

PreviousBrowser Extension SecurityNextCustom Branding and Themes

Last updated