How to configure to only accept x ips on 80/443 ports

wonder_wonder

Well-Known Member
Jan 16, 2019
100
35
28
Spain
cPanel Access Level
Root Administrator
Hi.
The truth is that this question, I do not know if it goes in this section of the forum ...
The point is, perhaps, you should divide it in two; I tell you my problem and with what you advise me, I do:
For almost a month, a ddos attack started on my server, initially, I could mitigate it, but as I was adding rules, the attack was also reconfigured, to the point that it affects other machines where I have my VPS and my server, although they have informed me that they try to mitigate it, they can no longer, so, I have had to suspend the intermittent moto account.
I'm behind Cloudflare, but it hasn't been enough, I think the attack is direct to the IP of my VPS.
Between my server and I we have considered that the best option is to move my current VPS to another, to have a new IP, in the new one leave only the web service, and in the old one, the mail service.
Through cloudflare, they won't know the new ip of the web service, and that's the idea.
However, and seeing the scale of the attack (in 15 years I had not suffered anything like this), I want to prevent. I do not know if it is "crazy" or simply, it lacks value, but there comes a point that despair begins (I have been offline for 20 hours).
Would it be possible to configure the webserver so that it only accepts cloudflare ip's on ports 80/443? all others denied.
I use a firewall, which I know is third-party and there is no support for it here.
Or any other idea you can think of ...
Funny because, since yesterday, the load on my server was normal, but if I did a netstat there were hundreds of IP's connected, the load on the server did not go up, but where I host the server, they told me that it affected other machines. Of course, browsing the web was impossible.

Thanks in advance!
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,067
282
213
cPanel Access Level
Root Administrator
Hey there! Host Access Control in WHM doesn't have an Apache/httpd option, and with the amount of traffic you're describing it might be best to not try and handle it on the server anyway. Does your hosting provider offer any external firewall services? If so, that is where I would recommend configurating this type of setup to restrict the access, as that way your server doesn't even handle the traffic at all.

This forums post shows how you can make the adjustment using CSF:


although that would mean your server still will get all the requests and have to process them, which will still use resources. An external firewall would be the ideal solution for this issue.
 
  • Like
Reactions: wonder_wonder

wonder_wonder

Well-Known Member
Jan 16, 2019
100
35
28
Spain
cPanel Access Level
Root Administrator
Thanks @cPRex for your reply.
Yes, the best way is a firewall in my provider, they have one, but the last 2 days, the attack was than bigger that, the provider can't stop (or the firewall in provider is small, I don't know)...

I go to read the post that you indicate for configure the best way possible my csf firewall.

Thanks and regards!