Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
litespeed_wiki:config:cloudflare-ips-or-subnets [2016/06/16 20:43] Jackson Zhang [Adding IPs/Subnets To LSWS's Allowed List] |
litespeed_wiki:config:cloudflare-ips-or-subnets [2016/06/29 13:31] Rob Holda [Adding IPs/Subnets To LSWS's Allowed List] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Anti-DDOS Blocking CloudFlare IP/Subnet Connections ====== | ====== Anti-DDOS Blocking CloudFlare IP/Subnet Connections ====== | ||
| - | If you have CloudFlare enabled and are receiving 522 connection errors, than it is possible that LiteSpeed Web Server's (LSWS) anti-ddos settings are causing these connections to be blocked. | + | If you have CloudFlare enabled and are receiving 522 connection errors, then it is possible that LiteSpeed Web Server's (LSWS) anti-ddos settings are causing these connections to be blocked. To get around this, you can whitelist these IPs/subnets by adding them to LSWS's "Allowed List". |
| + | |||
| + | For your reference, CloudFlare IP Ranges are listed [[https://www.cloudflare.com/ips|here]] | ||
| - | [[https://www.cloudflare.com/ips|CloudFlare IP Ranges]] | ||
| - | To get around this you can whitelist these IPs/subnets by adding them to LSWS's "Allowed List". | ||
| ===== Adding IPs/Subnets To LSWS's "Allowed List" ===== | ===== Adding IPs/Subnets To LSWS's "Allowed List" ===== | ||
| Line 13: | Line 13: | ||
| Scroll to the bottom of the page. You will see the "Access Control" section which contains the "Allowed List" and "Denied list. Click "Edit" at the top right of this section. | Scroll to the bottom of the page. You will see the "Access Control" section which contains the "Allowed List" and "Denied list. Click "Edit" at the top right of this section. | ||
| - | By default, the "Allowed List" will contain "ALL". This allows all IPs/subnets to connect to the server for most cases. Since the CloudFlare enabled IPs/subnets are being blocked by LSWS's anti-ddos settings, adding them to this (comma separated) list as a trusted IP/subnet will bypass this blocking. | + | By default, the "Allowed List" will contain "ALL". In most cases, this allows all IPs/subnets to connect to the server. Since the CloudFlare enabled IPs/subnets are being blocked by LSWS's anti-ddos settings, adding them to this (comma separated) list as trusted IPs/subnets will bypass this blocking. |
| + | |||
| + | {{ :litespeed_wiki:config:cloudflare-unblock.png?nolink,850px |}} | ||
| To do this, simply append a trailing "T" to the IP, subnet, or subnet/netmask and click "Save" at the top right of the "Access Control" section. For example: | To do this, simply append a trailing "T" to the IP, subnet, or subnet/netmask and click "Save" at the top right of the "Access Control" section. For example: | ||
| Line 19: | Line 21: | ||
| <code>ALL,103.21.244.0/22T,103.22.200.0/22T,103.31.4.0/22T,104.16.0.0/12T,108.162.192.0/18T,131.0.72.0/22T,141.101.64.0/18T,162.158.0.0/15T,172.64.0.0/13T,173.245.48.0/20T,188.114.96.0/20T,190.93.240.0/20T,197.234.240.0/22T,198.41.128.0/17T,199.27.128.0/21T</code> | <code>ALL,103.21.244.0/22T,103.22.200.0/22T,103.31.4.0/22T,104.16.0.0/12T,108.162.192.0/18T,131.0.72.0/22T,141.101.64.0/18T,162.158.0.0/15T,172.64.0.0/13T,173.245.48.0/20T,188.114.96.0/20T,190.93.240.0/20T,197.234.240.0/22T,198.41.128.0/17T,199.27.128.0/21T</code> | ||
| - | {{ :litespeed_wiki:config:cloudflare-unblock.png?nolink,850px |}} | ||
| - | Lastly, you must now perform a graceful restart to update your server. Do this by clicking "Graceful Restart" under the "Actions" menu at the top in LSWS web admin. | + | Lastly, you must now perform a graceful restart to update your server. Do this by clicking "Graceful Restart" under the "Actions" menu at the top in the LSWS web admin. |