help-header

How to Whitelist AvanCloud IP Addresses in iptables

Your origin server may block the traffic from ArvanCloud IP addresses as it detects it as an attack. In this case, the origin server will not respond to ArvanCloud's edge servers' requests, preventing visitor traffics from reaching your website.
Whitelisting ArvanCloud's IP addresses in your origin server's firewall can solve this problem by preventing blocking of connections through ArvanCloud's edge servers.
In this user guide from ArvanCloud, we will discuss two ways to whitelist IP addresses by adding them to the whitelist.

1. Whitelisting IP Ranges Separately

With the below command inserted in ArvanCloud's IP Addresses section, you can whitelist a range of IP addresses separately. Replace the "ip" with an IP address from ArvanCloud.

iptables -I INPUT -p tcp -m multiport --dports http,https -s "$ip" -j ACCEPT

2. 'ipset' Utility

Using ipset utility, you can include a list of IP addresses in your whitelist instead of whitelisting them individually.
To do so, use the following command lines:


ipset create example hash:net

for x in $(curl https://www.arvancloud.com/fa/ips.txt); do ipset add example $x; done

Using these commands the list will be created and stored, but it will be removed when the system is rebooted. To prevent this, save the command and rerun it after the system reboot.
After creating the IP addresses list, you can use it in ipatable command:

iptables -A INPUT -m set --match-set example src -p tcp -m multiport --dports http,https -j ACCEPT

As the last step, you need to save the iptables rules defined above. To do so, use the following commands:

Debian

iptables-save > /etc/iptables/rules.v4

CentOS

iptables-save > /etc/sysconfig/iptables

In case ipset utility is not installed on your origin server, you can install it using the following commands:
Ubuntu

sudo apt-get install ipset

CentOS

yum install ipset