Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
litespeed_wiki:config:cloudflare-ips-or-subnets [2015/07/29 20:31] Michael Alegre [Anti-DDOS Blocking CloudFlare IP/Subnet Connections] |
litespeed_wiki:config:cloudflare-ips-or-subnets [2016/06/29 13:41] (current) Rob Holda |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Anti-DDOS Blocking CloudFlare IP/Subnet Connections ====== | ====== Anti-DDOS Blocking CloudFlare IP/Subnet Connections ====== | ||
- | If you have CloudFlare enabled and are receiving 522 connection errors, than it is possible that LiteSpeed Web Server's (LSWS) anti-ddos settings are causing these connections to be blocked. | + | If you have CloudFlare enabled and are receiving 522 connection errors, then it is possible that LiteSpeed Web Server's (LSWS) anti-ddos settings are causing these connections to be blocked. To get around this, you can whitelist these IPs/subnets by adding them to LSWS's "Allowed List". |
+ | |||
+ | For your reference, CloudFlare IP Ranges are listed [[https://www.cloudflare.com/ips|here]] | ||
- | [[https://www.cloudflare.com/ips|CloudFlare IP Ranges]] | ||
- | To get around this you can whitelist these IPs/subnets by adding them to LSWS's "Allowed List". | ||
===== Adding IPs/Subnets To LSWS's "Allowed List" ===== | ===== Adding IPs/Subnets To LSWS's "Allowed List" ===== | ||
From the WebAdmin Console, navigate to Configuration > Server and click on the "Security" tab. | From the WebAdmin Console, navigate to Configuration > Server and click on the "Security" tab. | ||
- | |||
- | {{ :litespeed_wiki:config:lsws-security.png?nolink,850px |}} | ||
Scroll to the bottom of the page. You will see the "Access Control" section which contains the "Allowed List" and "Denied list. Click "Edit" at the top right of this section. | Scroll to the bottom of the page. You will see the "Access Control" section which contains the "Allowed List" and "Denied list. Click "Edit" at the top right of this section. | ||
- | {{ :litespeed_wiki:config:access-control.png?nolink,850px |}} | + | By default, the "Allowed List" will contain "ALL". In most cases, this allows all IPs/subnets to connect to the server. Since the CloudFlare enabled IPs/subnets are being blocked by LSWS's anti-ddos settings, adding them to this (comma separated) list as trusted IPs/subnets will bypass this blocking. |
- | + | ||
- | By default, the "Allowed List" will contain "ALL". This allows all IPs/subnets to connect to the server for most cases. Since the CloudFlare enabled IPs/subnets are being blocked by LSWS's anti-ddos settings, adding them to this (comma separated) list as a trusted IP/subnet will bypass this blocking. | + | |
- | {{ :litespeed_wiki:config:access-control-edit.png?nolink,850px |}} | + | {{ :litespeed_wiki:config:cloudflare-unblock.png?nolink,850px |}} |
To do this, simply append a trailing "T" to the IP, subnet, or subnet/netmask and click "Save" at the top right of the "Access Control" section. For example: | To do this, simply append a trailing "T" to the IP, subnet, or subnet/netmask and click "Save" at the top right of the "Access Control" section. For example: | ||
- | {{ :litespeed_wiki:config:allowed-list-example1.png?nolink,850px |}} | + | <code>ALL,103.21.244.0/22T,103.22.200.0/22T,103.31.4.0/22T,104.16.0.0/12T,108.162.192.0/18T,131.0.72.0/22T,141.101.64.0/18T,162.158.0.0/15T,172.64.0.0/13T,173.245.48.0/20T,188.114.96.0/20T,190.93.240.0/20T,197.234.240.0/22T,198.41.128.0/17T,199.27.128.0/21T</code> |
- | Lastly, you must now perform a graceful restart to update your server. Do this by clicking "Graceful Restart" under the "Actions" menu at the top. | ||
- | {{ :litespeed_wiki:config:graceful-restart.png?nolink,850px |}} | + | Lastly, you must now perform a graceful restart to update your server. Do this by clicking "Graceful Restart" under the "Actions" menu at the top in the LSWS Web Admin Console. |