← Back to dashboard

How to let LinkSweep scan your AWS WAF-protected site

Your site is behind AWS WAF, which is blocking our scanner. We just need to tell AWS WAF that LinkSweep is safe by adding an Allow rule. This takes about 5 minutes.

Don't manage your AWS account yourself?

Scroll to the bottom — there's a ready-to-send message you can forward to whoever runs your AWS / hosting setup.

What to tell AWS WAF

LinkSweep's IP address
185.31.243.206/32
LinkSweep's identifier
Mozilla/5.0 (compatible; LinkSweep/1.0; +https://linksweep.eu/bot)

Step-by-step in the AWS console

  1. Open AWS WAF & Shield in the AWS console. Make sure you're in the right region if your WebACL is regional (e.g. for an ALB); for CloudFront use Global.
  2. Create an IP set:
    1. Left sidebar → IP setsCreate IP set.
    2. Name: linksweep-allow.
    3. IP version: IPv4.
    4. Addresses: 185.31.243.206/32.
    5. Create.
  3. Add an Allow rule to your WebACL:
    1. Left sidebar → Web ACLs → open the WebACL attached to your ALB / CloudFront.
    2. Tab RulesAdd rulesAdd my own rules and rule groups.
    3. Rule type: IP set. Name: AllowLinkSweep. IP set: linksweep-allow. Action: Allow.
    4. Save.
  4. Move the Allow rule to the top of the rule list. WAF evaluates rules in order, so an Allow must come before any Managed Rule group that might otherwise block us.

After you've allowlisted us

  1. AWS WAF changes are live within seconds — no waiting period.
  2. In LinkSweep, open the site and click Scan Now.
  3. If it still fails, double-check the Allow rule is at priority 0 above any Managed Rules, and that its action is Allow (not Count). Still stuck? Contact support.

Message to forward to your web team

Copy and paste this into an email.

Hi, We're using LinkSweep (https://linksweep.eu) to monitor our website's health. Their crawler is being blocked by AWS WAF. Please add an Allow rule in our WebACL: - IP: 185.31.243.206/32 - User-Agent: Mozilla/5.0 (compatible; LinkSweep/1.0; +https://linksweep.eu/bot) Steps (5 min): 1. AWS WAF → IP sets → create "linksweep-allow" with 185.31.243.206/32 2. Open the WebACL attached to the ALB / CloudFront → Rules → Add my own rule 3. Rule type: IP set, Action: Allow. Place it at priority 0 (above managed rules). Expected traffic: up to a few hundred requests per scheduled scan. They respect robots.txt. Full guide: https://linksweep.eu/docs/allowlist/aws-waf Please let me know once done. Thanks!
Stuck? Contact support.