Articles on: FAQs

Whitelisting Xap Domains for Secure Access

Whitelisting Xap Domains for Secure Access


Xap uses an advanced Web Application Firewall (WAF) through Amazon Web Services (AWS) to keep your data safe and secure.



Why Use Domain Whitelisting?


Some customers may choose to use a Whitelist (also called an Allow list) on their network. 

Xap strongly recommends whitelisting domains instead of static IP addresses because:


  • Our WAF uses dynamic IP addresses, which change periodically.
  • IP-based rules can break when IPs rotate.



Critical Domains to Whitelist

Domain

Purpose

www.xap.rocks

Main web portal

id.xap.rocks

Identity/Authentication – login will fail without this

webgateway.xap.rocks

API Gateway – app functionality depends on this

cdn.xap.rocks

CDN for static assets (JS, CSS, images)


Xap Public Websites

www.xap.com.au

www.xap.net.au



How to Retrieve Current IPs


If you need to check the latest IP addresses, use the nslookup command from your terminal:


nslookup www.xap.rocks
nslookup id.xap.rocks
nslookup webgateway.xap.rocks
nslookup cdn.xap.rocks
nslookup www.xap.net.au
nslookup www.xap.com.au



Non-authoritative answer:
Name:    k8s-eksprod-xxxxxxxxx-xxxxxxxxx.ap-southeast-2.elb.amazonaws.com
Addresses:  xx.xxx.xxx.xx
            xx.xx.xx.xx
            xxx.xxx.xxx.xxx


Important Notes


  • IP addresses are dynamic and change regularly.
  • Always whitelist the domains listed above, not IP addresses.
  • For environments requiring IP-based rules, consider automating DNS lookups.


Updated on: 27/11/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!