How to Whitelist AvanCloud IP Addresses in iptables
Your origin server may block the traffic from ArvanCloud IP addresses as it detects it as an attack. In this case, the origin server will not respond to ArvanCloud's edge servers' requests, preventing visitor traffics from reaching your website.
Whitelisting ArvanCloud's IP addresses in your origin server's firewall can solve this problem by preventing blocking of connections through ArvanCloud's edge servers.
In this user guide from ArvanCloud, we will discuss two ways to whitelist IP addresses by adding them to the whitelist.
1. Whitelisting IP Ranges Separately
With the below command inserted in ArvanCloud's IP Addresses section, you can whitelist a range of IP addresses separately. Replace the "ip" with an IP address from ArvanCloud.
iptables -I INPUT -p tcp -m multiport --dports http,https -s "$ip" -j ACCEPT
2. 'ipset' Utility
Using ipset utility, you can include a list of IP addresses in your whitelist instead of whitelisting them individually.
To do so, use the following command lines:
ipset create example hash:net
for x in $(curl https://www.arvancloud.com/fa/ips.txt); do ipset add example $x; done
Using these commands the list will be created and stored, but it will be removed when the system is rebooted. To prevent this, save the command and rerun it after the system reboot.
After creating the IP addresses list, you can use it in ipatable command:
iptables -A INPUT -m set --match-set example src -p tcp -m multiport --dports http,https -j ACCEPT
As the last step, you need to save the iptables rules defined above. To do so, use the following commands:
iptables-save > /etc/iptables/rules.v4
iptables-save > /etc/sysconfig/iptables
In case ipset utility is not installed on your origin server, you can install it using the following commands:
sudo apt-get install ipset
yum install ipset