Skip to content
PageLens AI
Get started
Help Center

Troubleshooting

Allow AWS scan traffic

How to prepare firewalls, CDNs, WAFs, and bot protection so PageLens scans can reach your site from the selected AWS region.

6 min read

PageLens scans run from Amazon Web Services (AWS) in the scan region you choose. The default region is London (eu-west-2). If your firewall, CDN, WAF, or bot-protection provider blocks AWS traffic, a scan may fail, miss pages, or show network errors.

When you need this

You may need to allow scan traffic if:

  • your site blocks cloud provider IP ranges by default
  • your CDN or WAF has strict bot rules
  • your staging environment only accepts known IPs
  • scans fail with 403, 401, 429, timeout, or connection errors
  • the scan finds fewer pages than expected even though the site works for normal visitors

Current PageLens scan region

The active production scan region is:

  • London: eu-west-2

Future regions may include Frankfurt (eu-central-1), Virginia (us-east-1), Oregon (us-west-2), and Singapore (ap-southeast-1). Only allow the region you actually use.

AWS IP ranges

AWS publishes current IP ranges at:

https://ip-ranges.amazonaws.com/ip-ranges.json

Do not copy a static list from a support ticket or old documentation. AWS ranges change over time. If you use IP allowlisting, automate updates from the AWS JSON file or review it regularly.

For London scans, filter for:

  • region: eu-west-2
  • likely services to consider first: AMAZON and EC2

Some providers let you allow a whole AWS region or cloud provider directly. Others require CIDR ranges. Your CDN/WAF documentation should tell you which format it expects.

Safer allowlisting options

Prefer the narrowest rule that lets the scan run:

  • Allow AWS eu-west-2 only, not all AWS regions.
  • Allow only the hostname or path you are scanning, if your provider supports path- or host-based rules.
  • For authenticated scans, allow only the test-account routes you configured in the auth profile.
  • Keep destructive, billing, admin, logout, and customer-data routes blocked unless they are intentionally part of a safe test flow.

Bot protection

If your provider challenges headless browsers, configure a bypass for PageLens scan traffic in the selected AWS region. Common places to check:

  • Cloudflare WAF, Bot Fight Mode, Super Bot Fight Mode, and rate limiting
  • AWS WAF rules attached to CloudFront or an ALB
  • Vercel Firewall or bot protection
  • Fastly, Akamai, Imperva, or similar edge security products
  • app-level middleware that blocks data-center ASNs or unknown user agents

If you cannot safely allow production traffic, run the scan against a staging URL configured for automation.

What to send support

If a scan still fails, open a support ticket and include:

  • scan ID or report link
  • target URL
  • selected scan region
  • CDN/WAF provider
  • status code or error shown by your edge logs
  • whether your rules block AWS, data-center IPs, headless browsers, or unknown user agents

This helps us tell the difference between a PageLens worker issue and a target-site access rule.

Still need help?

Open a support ticket and attach the scan if the question is about a specific report.

Contact support
Allow AWS scan traffic | PageLens AI