mardi 28 janvier 2020

Why doesn't my firewall accept CloudFlare IP addresses?

Recently I decided to open my website, and recently I have been facing DDOS attacks. To solve the problem I decided to register with Cloudflare so that the connections are not established directly with me.

I configured the server correctly the DNS servers. My domain name points to the Cloudflare server and the Cloudflare server is trying to connect to my original server. I don't really understand network, so that's why i ask your help.

My problem is about my Firewall. As stated in the documentation, you must whitelist with Cloudflare IP addresses. I did it: whitelist of cloudflare ips

But i still have this error : Error 522 Ray ID: 55c8e10c6ef8f959 • 2020-01-29 05:41:47 UTC Connection timed out

Official Documentation of this error :

Background

A 522 error happens when a TCP connection to the web server could not be established. This typically happens when Cloudflare requests to the origin (your webserver) get blocked. When this happens, you’ll see “ERR_CONNECTION_TIMED_OUT”.

Quick Fix Ideas

Make sure that you’re not blocking Cloudflare IPs in .htaccess, iptables, or your firewall.

Make sure your hosting provider isn’t rate limiting or blocking IP requests from the Cloudflare IPs and ask them to whitelist the IP addresses here: https://www.cloudflare.com/ips 535. If the IPs that fail are consistent each time, that indicates some of the IPs in Cloudflare’s IP ranges are either being rate-limited or blocked by a network device at your hosting provider. Because Cloudflare operates as a reverse proxy the IP address your server will see is one of a limited number of Cloudflare IPs. In that sense, many actual visitors may all come from the same IP address, which can cause firewalls or security software that is not appropriately whitelisting the Cloudflare IP ranges to block this traffic as it may see it as excessive or malicious

If you are seeing 522 errors in certain locations only, it means you likely forgot to whitelist one of our ranges that corresponds to these locations, so double check to ensure all our IPs are whitelisted appropriately.

Please reach out to your hosting provider or site administrator to confirm if there are any load problems on your infrastructure.

It may be there was a temporary problem on the path or at your origin preventing connections from completing. If they are no longer happening, here are two actions to take: a) Check with your hosting provider to see if they had any issues with packet loss or if your server was under load at the time the errors happened and b) Have your hosting provider or server administrator confirm that all Cloudflare IP ranges are fully whitelisted from any rate limits.

If your firewall is configured to DROP packets rather than refuse connections, it will cause a 521; meaning an incorrectly configured firewall can actually masquerade as a connection timeout 522 error.


I do not know if that can help, but when I completely disable the firewall, the error disappears to make way for an error 521.

Thank you in advance for your help.




Aucun commentaire:

Enregistrer un commentaire