Whitelist your DDoS Protected IP on your Server Print

  • 58

Its important to whitelist your remote DDoS protection IP on your server so that it does not block traffic and cause all your users to disconnect. Below are some steps on how to do this.



  1. ssh into your server
  2. ipables -A INPUT -s DDoSProtectedIP -j ACCEPT
  3. Make sure its configured before the deny rules in /etc/sysconfig/iptables


  1. ssh into your server
  2. Add your IP to /etc/apf/allow_hosts.rules and save.
  3. Restart APF firewall using service apf restart


  1. ssh into your server
  2. edit csf.allow and then enable the option IGNORE_ALLOW in csf.conf
  3. restart lfd using service lfd restart

Windows Server

  1. Login to RDP (Remote desktop).
  2. Go to start.
  3. Administrative tools.
  4. Click on Windows Firewall With Advanced Security.
  5. Click on Inbound Rules on the left hand side.
  6. In the middle look for and click on WHITELIST.
  7. At the top in the tabs click SCOPE.
  8. At the bottom you will see remote IP address. Click add and add your IP.

Windows Server 2008

  1. Log into your server via Remote Desktop Connection.
  2. Start -> administrative tools > windows firewall with advanced security.
  3. On the left side of the firewall window click on the inbound rules option.
  4. On the right side of the screen click on New Rule.
  5. Click on the custom radio button and then click next.
  6. Make sure the All programs radio is selected then click next.
  7. On the protocol and ports options leave everything at its defaults and click next.
  8. On the scope screen you will see two boxes the top one is for local IP addresses and the bottom is for remote IP addresses. In this scenario we are trying to allow an outside (remote) IP from accessing anything on the server so we will need to add the IP address to this section only as it will not be a local IP address.
  9. Click on the radio that says “these IP addresses ” in the remote section as shown below:
  10. Click on the Add button.
  11. In the next window we will be adding a single IP address to the rule, you can also add an entire range at this point if you wish.
  12. Click ok, click next.
  13. Make sure you select the "Allow the connection" radio on the next screen and then click next.
  14. Leave all of the options on the next screen checked this will be sure to allow the IP no matter the connection they are trying to use. Click next.
  15. Name the rule on the next screen something you can remember in case you wish to remove or edit it in the future. Click finish and that's it.


Was this answer helpful?

« Back