You are viewing the legacy StackPath SecureCDN Help Center. Please use support.stackpath.com if you signed up after July 1, 2018 or log in through control.stackpath.com

StackPath Support

Whitelisting Edge Cluster IP Addresses

Avatar
Ivan Dabic |

If you have a firewall or other traffic throttling system on your origin server, you need to whitelist our edge server IP’s. Visit this page to obtain IP’s of the StackPath CDN edge servers you're provisioned on.

Overview

The majority of Linux/Unix servers use software firewalls such as IPTables and PF. Firewalls can be configured to throttle traffic to the web server. This can block one or more of the StackPath CDN subnets (edge servers), preventing us from pulling content from your origin and caching it.

502 Bad Gateway Error is the status code that's often thrown if an origin server is blocking StackPath CDN.

IPTables

If you're not comfortable with the Linux and IPTables command line, contact your web hosting company or server administrator. A mistake can affect server operation or lock you out of the server.

To whitelist StackPath CDN subnets in your IPTables firewall, log in to your server as root. If you're a superuser, append sudo to the commands below.

In the commands, replace SUBNET_HERE with the actual subnet found on the IP Blocks page.

CentOS/RHEL

  1. Run this command:

    iptables -I INPUT -s SUBNET_HERE -p tcp -m multiport --dports 80,443 -j ACCEPT

  2. Repeat this command for each of the subnets found on the IP Blocks page.

  3. Run this command when you're finished:

    /etc/init.d/iptables save

CentOS/RHEL using CSF Firewall

  1. Open or create this file: /etc/csf/csfpost.sh

  2. Insert this line for each subnet:

    iptables -I INPUT -s SUBNET_HERE -p tcp -m multiport --dports 80,443 -j ACCEPT

  3. Run this command when you're finished:

    csf -r

Debian/Ubuntu

  1. Run this command:

    iptables -I INPUT -s SUBNET_HERE -p tcp -m multiport --dports 80,443 -j ACCEPT

  2. Repeat this command for each of the subnets found on the IP Blocks page.

  3. Run this command when you're finished:

    iptables-save > /etc/firewall.conf

    You can choose any name and destination you like, but something easily identifiable like /etc/firewall.conf is recommended.

  4. Finally, run each of these commands to set up your server to restore the IPTables configuration after reboot:  
    echo "#!/bin/sh" > /etc/network/if-up.d/iptables 
echo "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptables 
chmod +x /etc/network/if-up.d/iptables
 
Was this article helpful?
1 out of 3 found this helpful
Return to top