What is the ITIL-Sidekick-Monitor probe?
You found this page because you saw ITIL-Sidekick-Monitor/1.0 in your server
logs or your WAF flagged it. Here's the short version:
ITIL Sidekick is a service-availability monitoring tool. Someone — almost certainly a customer of yours, a colleague, or your own team — has configured it to probe a URL on your site to check whether the service is responding. We hit the URL roughly every minute from Cloudflare's edge network.
What our probe does
- Sends one HTTP
GETrequest per check, every 60 seconds. - Follows up to 5 HTTP redirects.
- Reads at most the first 512 bytes of the response body.
- Records the HTTP status code, response time, redirect chain, headers, and TLS metadata.
- Does not log in, post forms, scrape content, or execute JavaScript.
- Honours
Retry-Afterheaders — if you respond with 429 + Retry-After, we back off for that duration.
How to recognise our probe
| Header | Value |
|---|---|
User-Agent | ITIL-Sidekick-Monitor/1.0 (+https://itilsidekick.com/about/probe) |
X-ITIL-Probe-Auth | A per-monitor key shared with your team for WAF allowlisting (optional). |
| Origin IPs | Cloudflare PoP IP ranges — see cloudflare.com/ips. |
How to allow our probe through your WAF
The most robust approach is the probe-auth header. Whoever set up the monitor can generate a unique key in the ITIL Sidekick dashboard. Add one WAF rule that allows requests carrying that exact header value — done. The key doesn't change unless rotated, and nothing breaks when our edge IPs do.
Cloudflare
Security → WAF → Custom Rules → Create rule Field: HTTP request headers Header: x-itil-probe-auth Operator: equals Value: <the probe-auth key from your ITIL Sidekick monitor> Action: Skip → All remaining custom rules + Bot Fight Mode
AWS WAF
Web ACL → Add rule → Match → Inspect: Single header → "x-itil-probe-auth" Match type: Exactly matches string Value: <the probe-auth key> Action: Allow (set priority above your bot rules)
Akamai / Imperva / Sucuri / DataDome / PerimeterX
Same pattern in your vendor's console: header match → allow. Each vendor has a "skip bot rules" action, usually under "Custom Rules" or "Whitelist."
How to block our probe
If you're seeing our probe and you don't want it, your options:
- Ask your team. Someone has set this up — they can disable the monitor in the ITIL Sidekick dashboard.
- Block by User-Agent. Block requests where
User-AgentcontainsITIL-Sidekick-Monitor. We'll respect it — our probe Worker classifies a sustained 403 as "blocked" and auto-pauses to once per hour. - Email us. [email protected] — include the URL being probed and we'll trace it to the customer.
About ITIL Sidekick
ITIL Sidekick is a small, independent SaaS based in Ontario, Canada, hosted entirely on Cloudflare. See itilsidekick.com for the product page, Terms of Use, Privacy Policy, and Pricing.