Skip to main content

Supported Cloud Providers

Caddy Defender includes comprehensive IP range coverage for all major cloud providers. These ranges are fetched from official sources and updated at build time.

Amazon Web Services (AWS)

Global AWS Ranges

aws
string
All AWS IP ranges across all regions and services.Source: AWS IP Ranges JSONFetcher: aws.AWSFetcher in ranges/fetchers/aws/aws.go:14-17
defender block {
    ranges aws
}

Regional AWS Ranges

You can also target specific AWS regions:
aws-us-east-1
string
AWS IP ranges for the us-east-1 region only.Fetcher: aws.RegionFetcher{Region: "us-east-1"} in ranges/fetchers/aws/aws_region.go:18-21
defender block {
    ranges aws-us-east-1
}
aws-us-west-1
string
AWS IP ranges for the us-west-1 region only.Fetcher: aws.RegionFetcher{Region: "us-west-1"} in ranges/fetchers/aws/aws_region.go:18-21
defender block {
    ranges aws-us-west-1
}
Regional fetchers use the same source data as global AWS ranges but filter by region. You can add more regions by modifying ranges/main.go:45-47.

Google Cloud Platform (GCP)

gcloud
string
All Google Cloud Platform IP ranges across all regions and services.Source: GCP IP Ranges JSONFetcher: fetchers.GCloudFetcher in ranges/fetchers/gcloud.go:39-69Includes: Both IPv4 and IPv6 prefixes
defender block {
    ranges gcloud
}

Microsoft Azure

azurepubliccloud
string
Azure Public Cloud IP ranges for Azure services.Source: Azure Download CenterFetcher: fetchers.AzurePublicCloudFetcher in ranges/fetchers/azure.go:23-84Note: The fetcher automatically discovers the latest JSON download URL by scraping the download page, then filters for ActionGroup platform IPs.
defender block {
    ranges azurepubliccloud
}

Oracle Cloud Infrastructure (OCI)

oci
string
Oracle Cloud Infrastructure IP ranges across all regions.Source: Oracle Public IP Ranges JSONFetcher: fetchers.OracleFetcher in ranges/fetchers/oracle.go:21-52
defender block {
    ranges oci
}

Cloudflare

cloudflare
string
Cloudflare’s edge network IP ranges (both IPv4 and IPv6).Source: Cloudflare APIFetcher: fetchers.CloudflareFetcher in ranges/fetchers/cloudflare.go:20-51Use Case: Useful for blocking Cloudflare proxied requests or ensuring requests come through Cloudflare.
defender block {
    ranges cloudflare
}

Alibaba Cloud (Aliyun)

aliyun
string
Alibaba Cloud (Aliyun) IP ranges.Source: GitHub IP Prefix ListFetcher: fetchers.AliyunFetcher in ranges/fetchers/aliyun.go:24-79Sample Ranges: The generated data includes extensive ranges like 8.208.0.0/16, 47.52.0.0/16, etc. (See ranges/data/generated.go:6-1820)
defender block {
    ranges aliyun
}

DigitalOcean

digitalocean
string
DigitalOcean datacenter IP ranges.Source: DigitalOcean CSVFetcher: fetchers.DigitalOceanFetcher in ranges/fetchers/digitalocean.go:21-55Format: Parses CSV format with IP ranges in the first column.
defender block {
    ranges digitalocean
}

Linode

linode
string
Linode datacenter IP ranges.Source: Linode GeoIPFetcher: fetchers.LinodeFetcher in ranges/fetchers/linode.go:24-79Note: The fetcher filters out comment lines (starting with #) before parsing the CSV data.
defender block {
    ranges linode
}

Vultr

vultr
string
Vultr Cloud IP ranges.Source: Vultr Geofeed JSONFetcher: fetchers.VultrFetcher in ranges/fetchers/vultr.go:20-59Data Structure: Parses JSON with subnet information including geolocation data.
defender block {
    ranges vultr
}

Huawei Cloud

huawei
string
Huawei Cloud IP ranges for Huawei Cloud services.Source: Huawei Cloud IP RangesFetcher: fetchers.HuaweiCloudFetcher in ranges/fetchers/huawei.go
defender block {
    ranges huawei
}

VPN Services

vpn
string
Known VPN service provider IP ranges.Source: Curated list of known VPN provider IP rangesFetcher: fetchers.VPNFetcher in ranges/fetchers/vpn.goUse Case: Block or rate-limit traffic from VPN services.
defender block {
    ranges vpn
}

Combining Multiple Providers

You can combine multiple cloud provider ranges in a single configuration: 
defender block {
    # Block all major cloud providers
    ranges aws gcloud azurepubliccloud oci digitalocean linode vultr cloudflare aliyun huawei
}

Common Use Cases

Prevent requests from cloud hosting providers (often used by scrapers and bots):
defender block {
    ranges aws gcloud azure digitalocean linode vultr
}
Ensure requests come through Cloudflare’s CDN:
defender block {
    ranges all
    whitelist cloudflare
}
This example blocks all IPs but whitelists Cloudflare ranges.
Block specific AWS regions while allowing others:
defender block {
    ranges aws-us-east-1 aws-us-west-1
}

Data Freshness

All cloud provider ranges are fetched from official sources during the build process. To ensure up-to-date ranges:
  1. Rebuild the IP ranges data regularly
  2. Integrate range updates into your CI/CD pipeline
  3. Monitor cloud provider announcements for IP range changes
Most cloud providers announce IP range changes in advance. AWS, for example, provides an SNS topic for IP range updates.

Build docs developers (and LLMs) love

Get started for freeTalk to us