Whitelisting Edge Server IPs
Publisher: Psychz Networks, August 10,2018Most of the servers today run on Linux/Unix environment that has software firewalls such as IPTables and Packet Filter. The basic purpose of the Firewall is to stop malicious traffic from unknown destination IPs. In case of a known destination server, you can make rules in your firewall to avoid any kind of action against traffic coming from certain IP addresses. This is called Whitelisting.
The majority of Linux/Unix servers use software firewalls such as IPTables and PF. Firewalls can be configured to throttle traffic to the web server.
A 502 Bad Gateway Error is the status code that's often thrown if an origin server is blocking CDN server to communicate with your origin server.
CentOS/RHEL
Run the following command for each subnet that is provided by your CDN support team
iptables -I INPUT -s SUBNET_HERE -p tcp -m multiport --dports 80,443 -j ACCEPTOnce done, run the following command
/etc/init.d/iptables save
CentOS/RHEL using CSF Firewall
Open or create this file:
/etc/csf/csfpost.shInsert the following line for each subnet provided
iptables -I INPUT -s SUBNET_HERE -p tcp -m multiport --dports 80,443 -j ACCEPTRun the following command when you're done
csf -r
Debian/Ubuntu
Run the following command and repeat for each of the subnets provided by the CDN support team
iptables -I INPUT -s SUBNET_HERE -p tcp -m multiport --dports 80,443 -j ACCEPTRun the following command when you're done
iptables-save > /etc/firewall.confNote: You can choose any name and destination you like. /etc/firewall.conf is easy to remember and hence recommended.
Finally, run each of these commands to set up your server to restore the IPTables configuration after reboot:
echo "#!/bin/sh" > /etc/network/if-up.d/iptablesecho "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptableschmod +x /etc/network/if-up.d/iptables