In order to test the Open Graph API on our preview environment, we need to poke a hole in our firewall to allow Facebook to scrape our object pages. What IP ranges should we allow?

EDIT

Facebook has been showing some love and is now making the IP block public for anyone to have

http://developers.facebook.com/docs/ApplicationSecurity/#facebook_scraper https://developers.facebook.com/docs/sharing/best-practices#crawl

Facebook Scraper

A number of Platform services such as Social Plugins and the Open Graph require our systems to be able to reach your Web Pages. We recognize that there are situations where you might not want these pages on the public Internet, during testing or for other security reasons.

To facilitate this, you should make exceptions in your security systems to allow Facebook to scrape these pages by adding the following IP ranges, accurate as of April 2012.

31.13.24.0/21
31.13.64.0/18
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
173.252.64.0/18
204.15.20.0/22

Instead of IP, you can also use the user agent for your firewall.

http://developers.facebook.com/docs/reference/plugins/like/

When does Facebook scrape my page?

Facebook needs to scrape your page to know how to display it around the site.

Facebook scrapes your page every 24 hours to ensure the properties are up to date. The page is also scraped when an admin for the Open Graph page clicks the Like button and when the URL is entered into the Facebook URL Linter. Facebook observes cache headers on your URLs - it will look at "Expires" and "Cache-Control" in order of preference. However, even if you specify a longer time, Facebook will scrape your page every 24 hours.

The user agent of the scraper is: "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"

whois -h whois.radb.net -- '-i origin AS32934' | grep ^route to see all ranges.

• 66.220.144.0/20

• 66.220.144.0/21

• 66.220.152.0/21
• 66.220.159.0/24

• 69.63.176.0/20

• 69.63.176.0/21

• 69.63.176.0/24

• 69.63.184.0/21

• 69.171.224.0/19

• 69.171.224.0/20
• 69.171.239.0/24
• 69.171.240.0/20
• 69.171.255.0/24
• 74.119.76.0/22
• 103.4.96.0/22
• 173.252.64.0/18
• 173.252.64.0/19
• 173.252.70.0/24
• 173.252.96.0/19

• 204.15.20.0/22

• 31.13.24.0/21

• 31.13.64.0/18
• 31.13.64.0/19
• 31.13.64.0/24
• 31.13.65.0/24
• 31.13.66.0/24
• 31.13.67.0/24
• 31.13.68.0/24
• 31.13.69.0/24
• 31.13.70.0/24
• 31.13.71.0/24
• 31.13.72.0/24
• 31.13.73.0/24
• 31.13.74.0/24
• 31.13.75.0/24
• 31.13.76.0/24
• 31.13.77.0/24
• 31.13.96.0/19

Facebook now publishes their IP range.

As of April 2012, it is:

31.13.24.0/21
31.13.64.0/18
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
173.252.64.0/18
204.15.20.0/22

New information is listed on the following URL & yes, they do have this info public.

• https://developers.facebook.com/docs/sharing/webmasters

Run this command to get a current list of IP addresses the crawler uses.

whois -h whois.radb.net -- '-i origin AS32934' | grep ^route

Such as

# For example only - over 100 in total
31.13.24.0/21 
66.220.144.0/20    
2401:db00::/32  
2620:0:1c00::/40  
2a03:2880::/32 

So yeah, the ones mentioned by DMCS, stand correct. Just wanted to verify & found this info.

Thanks

Facebook does not publish their crawler source address range officially, but you can look at the list of all their IP ranges in the publicly available BGP routing table:

• http://www.robtex.com/as/as32934.html#bgp

We're currently using this list:

• 69.171.224.0/19
• 74.119.76.0/22
• 204.15.20.0/22
• 66.220.144.0/20
• 69.63.176.0/20
• 173.252.64.0/18