Block Microsoft ASN

These ips continuously scan my site and send these request. is that will be good idea if the block the ASN of Microsoft via Cloudflare ?


If you block ASNs AS8068 through AS8075 you can block M’soft - Security, WAF, Tools, Add ASNs
May need to add a rule to allow Bing if you want or need Bing
We found that blocking all M’soft traffic reduced bad traffic and attacks by about 80% and we now just get thousands of attack attempts from these ASNs blocked each day by Cloudflare

1 Like

Can you please provide me these Microsoft ASN list?

Also how do i allow bing after blocking these asn?

You probably want a rule that blocks ASN but allows verified bot. ASNs are hard to pin down for companies because they have many, but you can get them from AS8075 Microsoft Corporation details - IPinfo.io.

Example rule would look like

2 Likes

As above: “AS Num” “is in” 8068, 8069, 8070, 8071, 8072, 8073, 8074, 8075
and
Known Bots set to off

1 Like

(ip.geoip.asnum in {8068 8069 8070 8071 8072 8073 8074 8075} and not cf.client.bot)

This one is ok?

Thank you

That should work.

like 30% of bad bots comes from Microsoft network

and about 80% of the bad traffic we see - standard mass wordpress attack attempts rotating through Msoft IPs - all perm blocked

1 Like

yep Microsoft give free trial for her vps / rdp
that’s what explain this

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.