Blocking a bot in WAF by IP range, ASN and Rules is not restricting it

Hi there,

I am trying to limit a bot from accessing the domain of a website I am managing.
It uses different IPs from 2 ranges and a single ASN.
For example 54.36.148.127 or 54.36.149.87
So far in WAF Tools, I have blocked the following IP ranges:

  • 54.36.149.0/24
  • 54.36.148.0/24
  • 54.36.0.0/16

And also blocked the ASN: AS16276

In the Firewall Events Activity log, for the traffic from these ranges the “Action taken”, instead of “Block” continued to show “JS Challenge” and the Service “Bot fight mode”.

So I also created a rule in Firewall rules:

  • When incoming requests match > IP Source Address > is in > 54.36.149.0/24 ; 54.36.148.0/24 ; 54.36.0.0/16 > then > Block.

But in the Firewall Events Activity log it was still the same.

I have tried finding information about a solution, but it is about what I’ve already done.

Can someone please help? Am I missing something?

Bot Fight Mode doesn’t pay attention to Firewall Rules.

Best to enter those CIDRs and ASN to IP Access Rules:

2 Likes

Thanks sdayman, but that is what I did in the first place :slight_smile:

Well…that’s a new twist. IP Access rules usually works when one wants to Allow a specific IP address through Bot Fight Mode.

Is that bot traffic actually making it to your server?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.