--- title: "Security and target restrictions" description: "UptimeMonitoring is designed for public uptime checks, not network scanning." doc_version: "1" last_updated: "2026-06-02" --- ## Private/reserved IP blocking Targets that resolve to private, reserved, or loopback IP ranges are blocked: - `10.0.0.0/8` - `172.16.0.0/12` - `192.168.0.0/16` - `127.0.0.0/8` - `169.254.0.0/16` (link-local) - `::1`, `fc00::/7`, `fe80::/10` ```json { "error": "url rejected: ip 10.0.0.5 is in a blocked range" } ``` The full error envelope is documented in [Errors](/docs/errors/). DNS resolution is cached and re-validated — SSRF via DNS rebinding is blocked. ## Disallowed target classes - Private and reserved IPs (see above) - Targets on non-standard ports for TCP monitors (restricted to common service ports) - Targets that actively opt out (see below) ## Port restrictions for TCP monitors TCP monitors are restricted to a small allowlist of common HTTP-style service ports to prevent the platform being repurposed as a port scanner. The full allowlist is: `80`, `443`, `8080`, `8443`, `3000`, `5000`, `8000`, `8888` Any other port returns `400` with an error message naming the allowed set. Database ports (`3306`, `5432`, `6379`, `27017`), message-queue ports (`5672`, `9092`), and admin-style ports (`22`, `25`, `53`, `110`, `143`, `993`, `995`) are intentionally **not** on the list. ## URL validation All monitor URLs are validated as UTF-8 strings with no null bytes (`U+0000`) and no ASCII control characters (`U+0000`–`U+001F` and `U+007F`). Violations return `400` before the SSRF guard runs. ## Rate limiting and abuse controls - 200 API requests per minute per account - Up to 50 monitors per account (up to 100 during extended free tier) - 10 API keys per account - Exponential backoff on sustained-down monitors - Flap detection collapses noisy state transitions ## Target owner opt-out Target owners can request opt-out by contacting [hello@uptimemonitoring.com](mailto:hello@uptimemonitoring.com). Opted-out domains are blocked from being monitored.