Configuring Your Enterprise Firewall for use With Shopfront
{note}This is an advanced article, typically only used in enterprise environments where there are hard requirements on an allowed list of network assets. If you're not running in an enterprise environment this article likely doesn't apply to you.{/note}
Shopfront maintains the following list of domains that we load resources from either directly or through partner applications. We do not support whitelisting based on IP addresses due to the dynamic nature of Shopfront's scaling capabilities.
{note}This list is updated from time-to-time, if you'd like to be kept up-to-date on changes, get in touch with us.{/note}
- *.onshopfront.com
- Where Shopfront is served from
- *.shopfront.com.au
- Additional Shopfront resources
- *.cloudpos.com.au
- Legacy domain, if your store was created after 2019 you can safely ignore this, if not, get in touch with us to confirm
- shopfront.zendesk.com
- Our support help desk, we'll also need the following optionally allowed for us to assist easier:
- *.zdassets.com
- v2.zopim.com
- widget-mediator.zopim.com
- Zendesk also maintains an article for configuring firewalls.
- Our support help desk, we'll also need the following optionally allowed for us to assist easier:
- fonts.googleapis.com
- Some of our fonts are loaded from here
- fonts.gstatic.com
- Additional fonts are loaded from here
- *.amazonaws.com
- Wildcard is for future proofing additional buckets, if you're unwilling to add this, these are the current buckets in use:
- shopfront-cdn.s3-ap-southeast-2.amazonaws.com
- sasonline-cloudpos.s3-ap-southeast-2.amazonaws.com
- shopfront-integrations.s3-ap-southeast-2.amazonaws.com
- shopfront-integrations-resources.s3-ap-southeast-2.amazonaws.com
- shopfront-temp.s3-ap-southeast-2.amazonaws.com
- Wildcard is for future proofing additional buckets, if you're unwilling to add this, these are the current buckets in use:
- js-agent.newrelic.com
- Used for providing performance telemetry data back to Shopfront
- www.clarity.ms
- Used for providing UX telemetry data back to Shopfront
- *.teamviewer.com
- This is for our support team to provide TeamViewer support.
- TeamViewer also maintains an article for configuring firewalls.
{note}Some of the above routes use wildcards, if your environment doesn't allow for wildcards, any Shopfront domain will need to use your Shopfront subdomain, the root domain and a subdomain named cdn.{/note}
For all of these we need to use port 80 and 443 (and for onshopfront.com we need port 25683).
You may also need some additional domains / ports to be allowed for use depending on your setup. Certain integrations may require additional domains (you'll need to contact the developer of the integration used to find out how to configure your firewall for use) and other applications like Linkly or Tyro may also need additional configuration.