Easy way to whitelist Cloudflare IP’s in Plesk Firewall

Today we had a client who wanted us to whitelist Cloudflare IP’s on thirteen of his Plesk-Onyx servers. If you have installed and enabled the Plesk Firewall extension. Then you can whitelist those IP ranges from Plesk >> Tools & Settings >> Firewall (Under Security) >> Modify Plesk Firewall Rules >> Add Custom Rule >> Name the rule to “Cloudflare IPs”, add port 80 and 443, add the entire list of Cloudflare IP’s and save and apply it. But this method will be very time consuming and inefficient if you have do it on thirteen Plesk servers. As a system administrator you will have have to find faster and efficient way to get these things done. Fortunately Plesk also provides a command line tool to manage the firewall

/usr/local/psa/bin/modules/firewall/settings --help

We can use this tool to whitelist the IP’s fast. First of all SSH to the server as root and add the cloudflare IP ranges https://www.cloudflare.com/ips/

[root@srv ~]#/usr/local/psa/bin/modules/firewall/settings -s -name 'Cloudflare IPs' -direction input -action allow -ports '80/tcp,443/tcp' -remote-addresses "173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"

Firewall rule was successfully created; rule id: '583'.

After that apply the rules

[root@srv ~]# /usr/local/psa/bin/modules/firewall/settings -a
Firewall rules were successfully activated, use --confirm command within 60 second(s) to confirm activation, otherwise all changes will be rolled back.

Now you will have to run the confirm command within 60 seconds else it will be rolled back. But the confirm command has to be run in a new shell. Running the command in same shell gives error. So make a new SSH connection to the server and run the confirm command.

[root@srv ~]# /usr/local/psa/bin/modules/firewall/settings -c
Firewall rules were successfully confirmed.

Voila! you are done.

About 

Sreejit is the founder of Server Management Plus. He has created a lots of automation scripts for the company using which we are able to resolve issue at an extremely fast rate and save lots of time. He has a very keen interest in new technologies and spend most of his free time online researching about it apart from listening music and watching movies.

Special Offer : cPanel Server Management Just for $9.99 per monthView Details