Logo

What are you looking for?

Switching a site

DNS switch preparation

Get ready for the switchover with confidence

Last updated on 24 Mar, 2026

Trust Ogo exit IPs

If you have a security appliance/software (especially from your hosting company), since your traffic will now exit through Ogo's exit IPs, it will probably be necessary to put our outgoing IPs as trusted IPs.

You can find theses trusted IPs here. 

 

AWS

It will be necessary to create a security group rule in your VPC with Ogo's exit IPs, for HTTP (80) and HTTPS (443) protocols.

 

OVH

It is recommended to deactivate the Firewall option:
OVH Web Cloud > Hosting > mydomain.com > Multisite tab > Firewall > Disabled

 

CAA record

If your domain has a CAA record, be sure to allow letsencrypt.org in the field value.

 

Keep visibility on the true remote IP

OGO provides to your server the true IP of a client via the X-Forwarded-For request header.

To use the true remote IP in your server's rules, logs and applications, you can configure it in order to use the X-Forwarded-For when, and only when, the connection is coming from OGO.

You will find here the List of OGO trusted IPs.

Example configuration for Apache :

Apache documentation RemoteIP Module

markupRemoteIPTrustedProxy 2001:41d0:203:da00::/56
RemoteIPTrustedProxy 2001:41d0:203:9faf::/64
RemoteIPTrustedProxy 2001:41d0:303:f29c::/64
RemoteIPTrustedProxy 2001:41d0:700:4d60::/64
RemoteIPTrustedProxy 109.232.234.201/32
RemoteIPTrustedProxy 148.253.98.208/32
RemoteIPTrustedProxy 135.125.163.96/32
RemoteIPTrustedProxy 163.172.74.84/32
RemoteIPTrustedProxy 37.59.251.192/29
RemoteIPTrustedProxy 148.253.119.44/32
RemoteIPTrustedProxy 148.253.103.161/32
RemoteIPTrustedProxy 152.228.196.160/28
RemoteIPTrustedProxy 163.172.105.73/32
RemoteIPTrustedProxy 152.228.221.175/32
RemoteIPTrustedProxy 152.228.223.156/32
RemoteIPTrustedProxy 54.36.104.130/32
RemoteIPHeader X-Forwarded-For

Note: The list of RemoteIPTrustedProxy above is not up to date. Please refer to: List of OGO trusted IPs

Example configuration for Nginx :

Nginx documentation RealIP Module

markupset_real_ip_from 2001:41d0:203:da00::/56;
set_real_ip_from 2001:41d0:203:9faf::/64;
set_real_ip_from 2001:41d0:303:f29c::/64;
set_real_ip_from 2001:41d0:700:4d60::/64;
set_real_ip_from 109.232.234.201/32;
set_real_ip_from 148.253.98.208/32;
set_real_ip_from 135.125.163.96/32;
set_real_ip_from 163.172.74.84/32;
set_real_ip_from 37.59.251.192/29;
set_real_ip_from 148.253.119.44/32;
set_real_ip_from 148.253.103.161/32;
set_real_ip_from 152.228.196.160/28;
set_real_ip_from 163.172.105.73/32;
set_real_ip_from 152.228.221.175/32;
set_real_ip_from 152.228.223.156/32;
set_real_ip_from 54.36.104.130/32;
real_ip_header    X-Forwarded-For;

Note: The list of set_real_ip_from above is not up to date. Please refer to: List of OGO trusted IPs

TTL

Consider setting the TTL of the records to be switched to 1800 seconds to ensure that the DNS propagation is not too long.

 

 

 

Related Articles

DNS Switch

This article accompanies you for your DNS switch.

Did you find this article helpful?
Previous

DNS Switch

Next