Giosg's Domains and IP addresses in use¶
Giosg's public IP addresses¶
Since 27th of August 2020 the following IP addresses are considered as Giosg public addresses.
| Host | IP | Purpose |
|---|---|---|
| service.giosg.com | 178.63.128.65 178.63.179.193 178.63.219.113 178.63.227.217 |
HTTP(s) traffic |
| api.giosg.com | 178.63.128.65 178.63.179.193 178.63.219.113 178.63.227.217 |
HTTP(s) traffic |
| *.giosgusercontent.com | No predefined IPs. IP can change during usage | HTTP(s) traffic |
| messagerouter.giosg.com | 178.63.128.66 178.63.179.194 178.63.219.114 178.63.227.218 |
HTTP(s) / Websocket traffic |
| visitorcalls.giosg.com | 195.201.60.87 | HTTP(s) / Websocket traffic |
| out.giosg.com | 178.63.128.65 | Connections from giosg to out |
IP addresses of all domains mentioned above will be dynamically picked from the following subnets and may change without preliminary notice in bounds of the following subnets:
| Subnet |
|---|
| 178.63.128.64/29 |
| 178.63.179.192/29 |
| 178.63.219.112/29 |
| 178.63.227.216/29 |
If your organization is using outbound IP filtering, please add all the IP addresses and subnets listed above to the outbound firewall's allowed IP list in order to use Giosg services.
If your organization has set up a service accepting HTTP queries from Giosg in automated manner (e.g. webhooks), please allow also inbound traffic coming from out.giosg.com domain's IP address(es) to that service.
In case your firewall/IPS supports filtering based on domains rather than IP addresses, please allow outbound traffic to the domains mentioned above and inbound traffic from out.giosg.com for the services requiring that.
DPI and domain-based firewall users¶
If your organization is using domain-based firewall or DPI, e.g. checking Host HTTP header and/or SNI in TLS negotiation, you must allow the following domain zones for the giosg services to function correctly:
| Domain zone | IP addresses |
|---|---|
| *.giosg.com. | CNAME service.giosg.com, if not separately mentioned in the previous section (e.g. messagerouter.giosg.com) |
| *.giosg.app. | CNAME service.giosg.com |
Giosg may deploy functional microservices to any of these domain zones without a preliminary notice, however the IP addresses won't change, the domains listed are handled with the same loadbalancers mentioned in the previous section.
Please take into account that Giosg is using HTTP/2, and therefore the SNI of the open connection may not match the Host header of the request, which is a normal situation because of the connection multiplexing functionality: the browser will try to reuse the existing connection with the same IP and port signature instead of negotiating a new one.
Giosg CDN domains in use¶
For the sake of better speed of loading, Giosg is serving its static files from CDN. Also, all the user-defined interactive content as custom chat windows and interactions are served from the unique subdomains to avoid XSS attacks.
| Domain | Purpose |
|---|---|
| static.giosg.com | CDN address for static file delivery |
| cdn.giosgusercontent.com | CDN address for user asset delivery |
| *.interactions.giosgusercontent.com | CDN address for interaction iframes. Each interaction has its own subdomain expressed with its UUID. |
| *.clients.giosgusercontent.com | CDN address for company-defined chat window iframe. Each window iframe has its own subdomain expressed with company numeric ID. |