Latest Announcemnent
New thread
Status
Not open for further replies.
W

wedge1001

Active Member
411
2012
91
0
Hi,
has anyone configured a Volxility Firewall to work with cloudflare?

if i activate cloudflare with CDN on top of a voxility-server, ill get the following error:

Code: 
502 - BAD GATEWAY
Anti-DDoS Filter cannot connect to protected host.
Most likely the firewall (CSF?) on protected host blocks filter IP addresses due to a large number of requests.
If you are the administrator, please disable the firewall or whitelist the filter IP's.
Faithfully yours, Voxility NOC.
and cloudflare will always give me an error.

i've already asked the provider to set the cloudflare-ips to the whitelist.
he answered that he had insertet this in the iptables
(oh it's a VPS btw)

Code: 
iptables -A INPUT -s 204.93.240.0/24 -j ACCEPT
iptables -A INPUT -s 204.93.177.0/24 -j ACCEPT
iptables -A INPUT -s 199.27.128.0/21 -j ACCEPT
iptables -A INPUT -s 173.245.48.0/20 -j ACCEPT
iptables -A INPUT -s 103.21.244.0/22 -j ACCEPT
iptables -A INPUT -s 103.22.200.0/22 -j ACCEPT
iptables -A INPUT -s 141.101.64.0/18 -j ACCEPT
iptables -A INPUT -s 108.162.192.0/18 -j ACCEPT
iptables -A INPUT -s 190.93.240.0/20 -j ACCEPT
iptables -A INPUT -s 188.114.96.0/20 -j ACCEPT
iptables -A INPUT -s 141.101.64.0/18 -j ACCEPT
iptables -A INPUT -s 197.234.240.0/22 -j ACCEPT
iptables -A INPUT -s 198.41.128.0/17 -j ACCEPT
iptables -A INPUT -s 93.115.83.64/26 -j ACCEPT

unfortionately it still won't work.
curl gives the above error. Cloudflare will mail me, that he got a connection refused and the site won't work.

so i'm asking if anyone here has got this working.

i want to use cloudflare, since the CDN will take a lot of load from my small System.
it's not about the DDoS-Protection.

Thanks

update
if i set it manually via hosts-file i'll get the same error as above.
 
Last edited:
7 comments
Voxility has a hardware firewall which multiple servers use and it has had problems blocking the IP's.

You most likely are being hit by the block and cloudflare is sending you directly to your site via a cname.
 
There is nothing you can do. Voxility has to remove the firewall or whitelist CF ranges properly. Your only bet is removing CF, but I don't think this would be acceptable option to you.
 
unfortionately no.

i can just ask my provider to ask at voxility if they set the CF-range on the whitelist of the firewall.

Thanks for your answers
 
Qarizma said:
You can.

Also what happens if you disable iptables?
Click to expand...

on my VPS IpTalbes are completely disabled.

it looks like the voxility DDoS-Prevention takes cloudflare as attacking services, since all requests will come from a few IPs.

of course i can - if i get more money i can buy s.th. better and stronger and then don't use cloudflare anymore.
 
Status
Not open for further replies.
Back
Top