+ Start a Discussion
Bohdan DovhanBohdan Dovhan 

Strange new bug\feature in Salesforce: new undocumented IP addresses are used each time callout is made: how to cope with this?

I have implemented some logic to reconnect sandboxes through s2s connection after sandbox refresh and use self callouts for that, but apparently something has been changed in Salesforce recently which breaks my functionality.

Looks like now each time when I do callout from Salesforce, it changes IP address each time when callout is made. I believe before it was working fine.
I mean there was one IP address for several transaction and several callouts which made me possible to write some "Browser" class. I was able to identify salesforce IP Address in the list of Login History of my user and it was exposed, and I was able to add it to the Network Access whitelist.
Now it just says "Salesforce.com IP" but doesn't expose that IP.
When I try external tools to detect Salesforce IP it appears to be different at each HTTPCallout (not only each transaction) and these IP addresses

 90.66.44.51,
 47.88.200.216,
 88.136.180.127,
 166.37.94.227,
 102.27.105.71,
 194.38.160.218,
 28.223.203.168,
 104.100.211.38,
 130.97.39.91,
 185.44.248.223,
 253.132.217.3,
 86.55.62.241,
 35.22.219.18,
 90.66.44.51,
 168.89.106.144,
 238.169.209.111 etc

 are out of range of Salesforce IP Addresses documented  here:
https://help.salesforce.com/apex/HTViewSolution?id=000003652


> IPv4 Networks IPv4 IP Address Ranges Date Added       ARIN
>  
> 96.43.144.0/20
> 96.43.144.0 - 96.43.159.254
>  
> 136.146.0.0/15
> 136.146.0.0 - 136.147.255.254
>  
> 204.14.232.0/21
> 204.14.232.0 - 204.14.239.254
>         RIPE
>  
> 85.222.128.0/19
> 85.222.128.0 - 85.222.159.254 April 14, 2015
> 185.79.140.0/22
> 185.79.140.0 - 185.79.143.254
>         APNIC
>  
> 182.50.76.0/22
> 182.50.76.0 - 182.50.79.254
>  
> 202.129.242.0/23
> 202.129.242.0 - 202.129.243.254

Does anyone knows what kind of new feature this is and if is it possible to turn this off or to get the complete list of Salesforce IP addresses to make it able to add to Network Access range?

I tried to add 0.0.0.0-255.255.255.255 but it says IP range too large

=====================================

Update: let me explain what is the problem.
So, when I try to make HTTPCallout from Salesforce to itself to login, it says:

1/4/2016 12:51:05 PM EET    Salesforce.com IP    Application    Failed: Computer activation required    Browser    test.salesforce.com     

and sends me activation code to the email, but even if I use that code and sends another HTTPCallout it would be invalid, since another callout will be made from another IP Address and previous code would be invalid.
Andy BoettcherAndy Boettcher
I would log a case with Support to see what's exactly going on - I've never had any connection come from outside of the help article you listed, but I haven't done this via S2S either...
JohnnyHJohnnyH
Hi Bohdan, did you get a resolution to this issue?