Block ASN but not certain IP addresses or User Agents

I am blocking ASNs that have a lot of VPN/Proxies, but there are some IPs or some traffic from those ASNs based on user agent that I would like to allow. Is there a way to do this?

How are you blocking these ASNs?

In the firewall rules. Here is an example: ip.geoip.asnum eq 33387. That is one that I block.

In the same rule you can also define your exceptions.

1 Like

Yes, but I am not sure of the logic/syntax. my psuedo code would look something like: IF ASN = 12345 BUT NOT IP 1.2.3.4

What have you tried so far? You’d just need to combine the expressions properly.

https://developers.cloudflare.com/firewall/cf-firewall-language/operators has all on that.

Ah! Thank you. That doc should have just what I need.

Something like this should do what you want for ASN and IP addresses:

If you want to include UA then you will need to switch to the [Edit Expression] mode and use something like

ip.geoip.asnum eq 33387 and not (ip.src in {1.2.3.1 1.2.3.10} or http.user_agent contains "UserAgentToAllow")

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.