If you find MaxCDN is not pulling images, CSS and Javascript from your server, and/or you’re getting 503 Bad Gateway error messages when attempting to access content on MaxCDN’s servers, using iptables to whitelist MaxCDN will fix your server’s firewall policy preventing MaxCDN’s servers from accessing your web site.
We encountered this issue on a client’s WordPress site, which used W3 Total Cache to configure MaxCDN to pull images, CSS and Javascript from our themes, plugins and uploads. The site in question had suffered from poor firewall configuration, meaning it was open to DDoS attack.
As seen below, the CDN Usage Overview report on MaxCDN showed a 500% increase in non-cache hits (images, CSS + Javascript that weren’t being served by the CDN):
Whilst the web host secured the firewall policy on the server, this meant that MaxCDN could no longer access any content.
To fix this, we issued the following commands via SSH (CentOS), using iptables to whitelist MaxCDN:
iptables -I INPUT -s 108.161.176.0/20 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 70.39.132.0/24 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 92.60.240.208/29 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 92.60.240.217/29 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 216.12.211.60 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.31.33.128/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.76.96/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.102.32/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.78.224/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.31.33.160/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.76.64/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 94.31.33.192/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.102.96/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.78.96/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.78.192/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I INPUT -s 64.125.102.64/27 -p tcp -m multiport --dports 80,443 -j ACCEPT
/etc/init.d/iptables/save
service iptables restart
This allowed MaxCDN to access our server. Reports showed a drop in non-cache hits and an increase in cache hits:
