I'm trying to start a bash script later in PHP so I allowed it in visudo.
www-data ALL = (root) NOPASSWD: /sbin/iptables
www-data ALL = (root) NOPASSWD: /usr/bin/at
sudo iptables -t nat -D PREROUTING -s $1 -j ACCEPT;
sudo iptables -D FORWARD -s $1 -j ACCEPT;
$msg=exec("echo /var/www/scripts/removeuserIP $ipaddress | at now + 1 minutes");
echo /var/www/scripts/removeuserIP $ipaddress | at now + 1 minutes
sudo at now +1 minutes -f /var/www/scripts/removeuserIP 172.24.1.115
Solution: Finally, after checking /var/log/apache2/error.log, I saw that it doesn't have the permission to use at.
In fact you have to go /etc/at.deny and remove the line www-date with at. There is probably a security reason for why it's forbidden by default and a better way to do this, but at least it's working.