After connecting and paying for the service, there are a few steps left to complete the configuration.
We have allocated a secured IP address for you. You now need to change the A-record of your domain in DNS to this secured IP address.
For the protection system to work correctly, you need to add our outgoing addresses to your trusted list: remove all restrictions in the Firewall and at the Web server level. Here are our outgoing network ranges:
- 103.134.155.0/24
- 160.25.253.0/24
- 185.121.240.0/22
- 193.84.78.0/24
- 193.104.120.0/24
- 188.0.150.0/24
You can use the following commands:
iptables -I INPUT -s 103.134.155.0/24 -j ACCEPT
iptables -I INPUT -s 160.25.253.0/24 -j ACCEPT
iptables -I INPUT -s 185.121.240.0/22 -j ACCEPT
iptables -I INPUT -s 193.84.78.0/24 -j ACCEPT
iptables -I INPUT -s 193.104.120.0/24 -j ACCEPT
iptables -I INPUT -s 188.0.150.0/24 -j ACCEPT
If attackers know the direct IP of your web server, we recommend blocking connections to ports 80 and 443 for all networks except for local connections and connections from our networks:
iptables -I INPUT -p tcp -m multiport –dports 80,443 -j DROP
iptables -I INPUT -i lo -j ACCEPT
iptables -I INPUT -s 103.134.155.0/24 -j ACCEPT
iptables -I INPUT -s 160.25.253.0/24 -j ACCEPT
iptables -I INPUT -s 185.121.240.0/22 -j ACCEPT
iptables -I INPUT -s 193.84.78.0/24 -j ACCEPT
iptables -I INPUT -s 193.104.120.0/24 -j ACCEPT
iptables -I INPUT -s 188.0.150.0/24 -j ACCEPT
iptables -I INPUT -s 127.0.0.1 -j ACCEPT
iptables -I INPUT -s IP.Вашего.Веб.Сервера -j ACCEPT
iptables -I INPUT -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT
After this, you need to restart your web server process. Information about real IP addresses of users when protection is enabled is passed in the HTTP headers X-Real-IP and X-Forwarded-For. To display real IP addresses, you need to configure mod_rpaf for Apache web servers, mod_remoteip for Apache > 2.3, or http_real_ip for Nginx, so that your web server can correctly process these headers.
Nginx Configuration
In the configuration file /etc/nginx/nginx.conf, under the http or server section, add:
set_real_ip_from 103.134.155.0/24;
set_real_ip_from 160.25.253.0/24;
set_real_ip_from 185.121.240.0/22;
set_real_ip_from 193.84.78.0/24;
set_real_ip_from 193.104.120.0/24;
set_real_ip_from 188.0.150.0/24;
real_ip_header X-Forwarded-For.
Save the configuration file and restart Nginx with:
service nginx restart
Apache Configuration (mod_rpaf)
In the module’s configuration file, enter the following settings.
In the module configuration file, add:
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.0 103.134.155.0/24 160.25.253.0/24 185.121.240.0/22 193.84.78.0/24 193.104.120.0/24 188.0.150.0/24
RPAFheader X-Forwarded-For
Apache Configuration (mod_remoteip)
In the module’s configuration file, enter the following settings:
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1 185.121.240 185.121.241 185.121.242 185.121.243 103.134.155 160.25.253 193.84.78 193.104.120 188.0.150
Save the configuration file and restart Apache with:
service apache2 restart
For IIS configuration, follow the steps in this guide: https://techcommunity.microsoft.com/t5/iis-support-blog/how-to-use-x-forwarded-for-header-to-log-actual-client-ip/ba-p/873115.
If you need assistance with these settings, please let us know. Also, be aware of the following:
- If SSL (HTTPS) is used on your site, you can configure it in detail in your account.
- If you use WebSockets, inform us which ports need to be opened on our side.
- You may also use our DNS servers; please inform us in advance through a ticket.
- When using site protection, do not disclose the direct IP address of the server. Mail sending should be done through an external relay. For protecting other applications, use our service protection service.
DNS Servers
If needed, you may also use our DNS servers.
The addresses of our DNS servers are:
– dns1.storm-pro.net
– dns2.storm-pro.net
– dns3.storm-pro.net
– dns4.storm-pro.net
For any setup difficulties, please contact us via chat on the website or through the inquiry form in your account.
