Hello,
I would like to block IP addresses that are resolved through a domain via the firewall. The IP addresses are dynamic, so I would like to use a DNS name.
The idea is that I usually only specify the domain and the firewall then blocks the resolved IPs. Is this possible with the firewall?
Thanks a lot
I am afraid it is not. However considering that such addresses usually are part of the same AS, you can simply block that AS altogether.
If that is not the case you’ll either have to block individual IP ranges or all applicable ASNs or find another common match of these requests.
Can you post a couple of address samples of what you want to block?
2 Likes
Sure:
- 164.90.231.250
- 142.93.119.55
- 142.93.119.52
- 138.68.93.235
- 138.68.71.130
It’s behind a digital ocean ASN
Yes, they are all part of AS 14061, so you could just block that AS and would cover them. You’d certainly block other Digital Ocean addresses as well, but you most likely want to do that anyhow.
thanks, i will think about it 
If you use firewall rules you could adjust your expression to exclude known crawlers from the block.
1 Like
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.