FWIW, here is what MS Copilot AI came up with.
Absolutely — but a quick heads‑up: there isn’t one single, static, “complete Akamai IP range list” for the entire Akamai edge network that’s practical to maintain in a firewall, because Akamai operates thousands of prefixes that can change over time. [bgp.he.net], [bigdatacloud.com]
So the right answer depends on what you’re trying to do:
Below I’m giving you (A) the stable Origin IP ACL CIDRs + (B) common Akamai edge FQDN patterns + (C) where to get full dynamic prefix lists.
Akamai publishes a supported set of IP blocks specifically for Origin IP ACL (used to restrict who can reach your origin). [techdocs.akamai.com], [techdocs.akamai.com]
✅ Currently supported (Origin IP ACL)
IPv4
2.16.0.0/13
23.0.0.0/12
23.192.0.0/11
23.32.0.0/11
95.100.0.0/15
184.24.0.0/13
[techdocs.akamai.com], [ipinfo.io], [ipinfo.io], [ipinfo.io], [ipinfo.io], [ipinfo.io]
IPv6
2a02:26f0::/32
2600:1400::/24
2405:9600::/32
[techdocs.akamai.com], [ipinfo.io], [bgp.tools], [networksdb.io]
⚠️ Important note about “removed” CIDRs (timeline)
Akamai also lists older ACL CIDRs that were removed and notes that as of July 1, 2025 they would be reallocated to other Akamai services (so you should not rely on them for Origin IP ACL). [techdocs.akamai.com]
(If you want, I can paste that “removed list” too — it’s long, but it’s on that same Akamai page and includes items like 104.64.0.0/10, 172.224.0.0/12, etc.) [techdocs.akamai.com], [ipinfo.io], [ipinfo.io]
Where to keep it updated (best practice)
That Akamai Origin IP ACL page provides direct downloads (.txt/.csv) and says changes are announced via Akamai’s Firewall Rules Notification tool. [techdocs.akamai.com]
B) Common Akamai FQDNs / domains you will see (edge hostnames & services)
1) Akamai edge hostname suffixes (most common)
When traffic is onboarded to Akamai, your customer hostname usually CNAMEs to an Akamai “edge hostname” that ends in one of these domains: [techdocs.akamai.com], [registry.t…rraform.io]
Akamai explicitly documents these suffixes in Property Manager/hostnames guidance, and the Akamai Terraform provider docs repeat the same mapping. [techdocs.akamai.com], [registry.t…rraform.io]
Note: edgesuite.net is widely recognized as an Akamai CDN-associated domain and appears on many well-known hostnames. [netify.ai]
2) Reverse DNS / infrastructure-style hostnames (seen in logs)
You may also see Akamai-controlled reverse DNS like:
Example hostnames from Akamai IP space show this pattern. [lookip.net], [abuseipdb.com]
3) If you use Akamai SIA/ETP / Zero Trust (product-specific)
If your goal is firewall allowlisting for Akamai Secure Internet Access (SIA) / ETP / Zero Trust, Akamai provides a separate list of required domains such as:
*.akaetp.net*.dialin.go.akamai-access.com- and specific
clock-*.akamai.com hosts (NTP-related) [techdocs.akamai.com]
(These are not the same thing as CDN edge hostnames; they’re for Akamai security products.) [techdocs.akamai.com]
C) If you truly need “all Akamai IP ranges” (dynamic / large)
If your use case is broad classification or blocking/allowing “Akamai” at scale, the normal method is:
1) Track Akamai by ASN(s)
Two primary Akamai ASNs commonly used for edge delivery are:
AS16625 alone originates ~3,030 IPv4 prefixes (order of magnitude), so enumerating “all IPs” is not firewall-friendly. [bgp.he.net], [bigdatacloud.com]
2) Pull current prefixes from BGP sources
Good public sources for up-to-date prefix lists include:
(If you tell me your preferred format—CIDR text, JSON, etc.—I can point you to the best export source for your workflow.)
