Network/Email Firewall Configuration

Information on configuring enterprise network and email firewalls for use with PixieBrix

PreviousBrowser Extension Security NextCustom Branding and Themes

Last updated 28 minutes ago

Was this helpful?

Network/Email Firewall Configuration

Information on configuring enterprise network and email firewalls for use with PixieBrix

This documentation is intended for Enterprise IT Administrators. If you are a user seeing network connection errors, please get in touch with your IT Administrator and provide this page. Questions? Contact

Network Firewall Configuration

PixieBrix initiates outgoing HTTPS network connections. PixieBrix does not use/require incoming requests.

Outgoing Network Traffic Allowlist

For PixieBrix to function properly, outgoing traffic to the following origins must be allowlisted:

https://*.pixiebrix.com, or the specific origins:
- https://app.pixiebrix.com: required for all users
- https://docs.pixiebrix.com: documentation portal, recommended for mod developers and admins
- https://www.pixiebrix.com: website and templates, recommended for mod developers
https://*.browser-intake-datadoghq.com: error telemetry endpoint required for all users
https://*.cloudflare-ech.com : Cloudflare . Read more about
https://cdn.jsdelivr.net : CDN serving and libraries. Required for mods that use built-in icons

If you are automatically installing via a Browser Extension Installation Policy, you must allowlist access to the Chrome extension update site and content CDN:

https://clients2.google.com/service/update2/crx
https://clients2.googleusercontent.com/*

If your users are performing a manual browser extension install from the Chrome Web Store, you must also allow traffic to the following Chrome Web Store listing URLs and the Chrome extension update site:

Chrome Web Store Download Endpoints
- https://clients2.google.com/service/update2/crx
- https://clients2.googleusercontent.com/*
Chrome Web Store Listing URLs
- Extension Release Channel - Stable
  - https://chrome.google.com/webstore/detail/pixiebrix/mpjjildhmpddojocokjkgmlkkkfjnepo
  - https://chromewebstore.google.com/detail/pixiebrix/mpjjildhmpddojocokjkgmlkkkfjnepo
- Extension Release Channel - BETA
  - https://chrome.google.com/webstore/detail/pixiebrix-beta/mpapkmgkphbggmlekkfnoilmafnbfile
  - https://chromewebstore.google.com/detail/pixiebrix-beta/mpapkmgkphbggmlekkfnoilmafnbfile

IP Address Ranges

PixieBrix uses Cloudflare as a Content Delivery Network (CDN) and for DDoS protection. Therefore, PixieBrix does not make static IP addresses available for outgoing calls to https://app.pixiebrix.com .

Email Firewall

Email is required for admins/managers to receive system alerts. Additionally, PixieBrix sends emails to team members when using Login with Email (aka "Magic Links")

Incoming Email Domain Allowlist

The following domains must be allowlisted:

pixiebrix.com

Incoming System Email IP Address Allowlist

System emails are sent from the following IP addresses (updated July 1, 2023):

149.72.154.34

Frequently Asked Questions (FAQs)

Is PixieBrix compatible with ZScaler?

PixieBrix is compatible with ZScaler. However, you must allowlist the outgoing traffic domains listed above under Outgoing Network Traffic. ZScaler’s authentication header/URL re-writing is known to intermittently break request authentication.