OFFICE365 IP LIST
-
Hello everyone, we were using in the past the following list: https://support.content.office.net/en-us/static/O365IPAddresses.xml
now seems that microsoft, that seems haves nothing better to do, bring down that service and its forcing us to use a new one:
<update>
Office 365 network IP Addresses and URLs are no longer available in XML format. You should transition to accessing the data in JSON format as described at http://aka.ms/ipurlblog. This was first announced on 2 April 2018 and the XML file was last updated on 22 September 2018.
</update>anyone already found a solution for this?
-
Theres a windows script:
https://github.com/pandrew1/Office365-IPURL-SamplesGenerate-OldFirewall-XML.ps1 This sample is for customers who have a dependency on one of the old XML downloads that was provided for Office 365.
maybe we can take this idea to generate a bsd script.....
-
i made a custom php script to parse all ip addresses, but im having troubles to get into pfblocker i try as source http://127.0.0.1/o365.txt when script writes to /usr/local/www/o365.txt, even try http://FIREWALLIP/o365.txt, i can get the file from the lan, seems having no errors:
13.107.6.152/31
13.107.9.152/31
13.107.18.10/31
13.107.19.10/31
13.107.128.0/22
23.103.160.0/20
23.103.224.0/19
40.96.0.0/13
40.104.0.0/15
52.96.0.0/14
111.221.112.0/21
131.253.33.215/32
132.245.0.0/16
134.170.68.0/23
150.171.32.0/22
157.56.232.0/21
157.56.240.0/20
191.232.96.0/19
191.234.140.0/22
204.79.197.215/32[ pfB_OFFICE365 - O365 ] Download FAIL
Firewall and/or IDS are not blocking download.any clue?
-
i sorted and removed duplicates seems to be working now:
[ O365 ] Downloading update .. completed ..
Updating: pfB_OFFICE365
1 addresses added.68 addresses deleted. -
You can simply use:
https://endpoints.office.com/endpoints/worldwide?noipv6&ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7
as the URL in pfBlockerNG and get all worldwide IPv4 Addresses in JSON format. pfBlocker can actually parse that and extracts the IPs from it. Could be more IPs then you need in that case, but they are refreshed automatically and you won't have to maintain the list via custom scripts and/or API changes from MS ;)
If someone knows how to edit that parameters to only get IPs related to Exchange/Office365 instead of including Sharepoint or other services, would be nice to know :)
-
@jegr said in OFFICE365 IP LIST:
https://endpoints.office.com/endpoints/worldwide?noipv6&ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7
Thanks, good to know!
-
With pfBlockerNG-devel, it includes the
jq
json parsing application.You can use that tool to slice and dice that
O365
JSON file into a list of IPs:Download the file:
fetch -o /tmp/o365 "https://endpoints.office.com/endpoints/worldwide?noipv6&ClientRequestId=b10c5ed1-bad1-445f-b386-b919946339a7"
List all O365 ServiceAreas:
jq -r '.[].serviceArea' /tmp/o365 | sort | uniq
Common Exchange SharePoint Skype
Collect all IPs for the Exchange Service Area and aggregate the IPs using iprange:
jq -r '.[] | select(.serviceArea=="Exchange") | select(.ips) .ips[]' /tmp/o365 | iprange
These are just examples... you can modify the commands to suit your needs.
-
Similar approach is available for Amazon AWS:
https://www.reddit.com/r/pfBlockerNG/comments/9vwkmm/ip_ranges_for_amazon_aws/
-
@bbcan177 Hi, thanks for the pointer to the command to fetch and filter the json file. I was not able to work out how to use the commands in an IP alias in the firewall. Does it need to be used within the source for a pfBlockerNG > IP > IPv4 > "IPv4 Source Definitions" entry? If so, do you have any links to documentation that explains how to use it? Thanks,