how to whitelist IPs on google compute engine?

396 views
Skip to first unread message

Yadvendar Champawat

unread,
Jul 9, 2016, 3:49:27 AM7/9/16
to gce-discussion

We have an audience of more than 560k users but some of the ISPs are complaining that their users are unable to access our website hosted on google compute engine, how to whitelist their IP blocks? I dont see any IP blocked in iptables of individual linux machines running behind the load balancer. The firewall rule which allows incoming traffic from any source(Allow from any source (0.0.0.0/0) - tcp 80) is already added to these gce machines.

Rupesh kumar

unread,
Jul 10, 2016, 1:38:29 PM7/10/16
to gce-discussion
Is their any services like fail2ban mod_evasive apache module installed ?

Yadvendar Champawat

unread,
Jul 11, 2016, 1:31:37 AM7/11/16
to gce-discussion
Thanks Rupesh for taking time out and reply to my post.

Yes, fail2ban is installed and is running. Its in its default configuration and according to that it should ban a client for 10 minutes, but our users are not able to connect to the machine anytime. Any help or pointers will be appreciated. 

Thanks.

Yadvendar Champawat

unread,
Jul 11, 2016, 5:18:09 AM7/11/16
to gce-discussion
More analysis has resulted in the following observations:
We took the client on remote call and found that:
  1. http://mywebsite.com is not loading while https://mywebsite.com is loading.
  2. "ping mywebsite.com" is successful on the client machine.
  3. "tracert mywebsite.com" results in reaching google's ISP without any packet loss, this is followed by a few request timeouts before it hits the IP of mywebsite.
Traceroute example from the client's system is as follows:

  1    <1 ms    <1 ms    <1 ms  192.168.0.1
  2     1 ms     1 ms     1 ms  192.168.10.1
  3    34 ms     9 ms    13 ms  103.194.232.3.rev.jetspotnetworks.in [103.194.232.3]
  4   102 ms    10 ms    13 ms  103.194.232.1.rev.jetspotnetworks.in [103.194.232.1]
  5    11 ms     9 ms    13 ms  115.42.32.65.rev.jetspotnetworks.in [115.42.32.65]
  6    86 ms    87 ms    87 ms  72.14.218.21 -----------> Google ISP
  7    89 ms    85 ms    85 ms  209.85.142.228 -----------> Google ISP
  8   121 ms   122 ms   121 ms  66.249.94.39
  9   145 ms   149 ms   144 ms  216.239.63.213
 10   207 ms   208 ms   212 ms  216.239.62.201
 11   200 ms   197 ms   197 ms  66.249.94.131
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20   243 ms   191 ms   191 ms  IP of mywebsite.com

Rupesh kumar

unread,
Jul 11, 2016, 8:27:37 AM7/11/16
to gce-discussion
Hi,

What is actual server configuration? have u added load balancer ? open ports 80,443 ? u should add http to https redirection in lb if u have.
check using telnet from client side i.e
telnet mywebsite.com 80
telnet mywebsite.com 443
Reply all
Reply to author
Forward
0 new messages