If you have a firewall or other traffic throttling system on your origin server, please whitelist our edge server IP’s. Please visit this page to obtain IP's of the CDN edge servers you are provisioned on.
The majority of Linux/Unix servers use software firewalls, such as IPTables and PF. Firewalls can be set up to throttle traffic coming to the web server. This could potentially block one or more of the CDN network subnets (edge servers), subsequently preventing the CDN from pulling your content from the origin and caching it. The error we most often see when an origin server is blocking our CDN, is a 502 Bad Gateway Error.
Whitelisting IPs in IPTables
If you are not very comfortable with the Linux and IPTables command line, please contact your hosting company and/or your server administrator. You need to be very careful when working with IPTables because mistakes can affect the ability of your server to correctly operate online and could even lock you out of the server! It is always recommended to do IPTable configuration when directly logged in to your server via KVM/IP or IPMI (meaning a physical-based connection versus over the Internet).
In order to whitelist the MaxCDN Subnets in your IPTables firewall, please log in to your server as root. If you are a superuser, please append sudo to the commands shown below.
CentOS/RHEL
- When logged in as root, or the superuser (as mentioned above), type the following command in your console window:
iptables -I INPUT -s SUBNET_HERE -p tcp -m multiport --dports 80,443 -j ACCEPT
- Repeat this line for each of the Subnets found on IP Blocks page when done, run:
/etc/init.d/iptables save
Using CSF Firewall
- Open or create this file: /etc/csf/csfpost.sh
- Insert this line for each subnet provided by the MaxCDN Support Staff:
iptables -I INPUT -s SUBNET_HERE -p tcp -m multiport --dports 80,443 -j ACCEPT
- When you are done, save and close the file, then run:
csf -r
Debian/Ubuntu
- When logged in as root, or the superuser (as mentioned above), type the following command in your console window:
iptables -I INPUT -s SUBNET_HERE -p tcp -m multiport --dports 80,443 -j ACCEPT
- Repeat this line for each of the subnets provided by MaxCDN Support Staff and then when done, run:
You can choose any name and destination you like, however, something easily identifiable like /etc/firewall.conf is recommended.iptables-save > /etc/firewall.conf
- Finally, run each of these commands to set up your server to restore the IPTables configuration after reboot:
echo "#!/bin/sh" > /etc/network/if-up.d/iptables echo "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptables chmod +x /etc/network/if-up.d/iptables
You need to replace SUBNET_HERE with the actual subnet found on IP Blocks page. The subnets will look like this:
10.0.0.1/20
192.168.2.50/8
172.164.2.8/16
etc...
If you have any questions or experience any issues, please reach out to the Support Team, live chat and ticket support are available 24/7.