Blocking M247 IP Ranges

email669 · June 26, 2020, 2:02am

Hi,

I have been trying to block many ip ranges, specifically the m247.net ip address range.

I have tried blocking AS9009 M247 Ltd and it does not block hardly any of the ip ranges. Maybe 1 out of 20?

So I then created a firewall rule with all of the ip ranges of m247, yet the ip address’s are still able to get through without any problem and access the website.

Here is the rule I have applied

{ truncated }

(ip.src in {38.132.96.0/19 89.238.128.0/18 82.102.16.0/21 37.120.128.0/21 86.107.55.0/24 45.133.180.0/22})

=

JS Challenge

Yet, still ips like [38.132.97.163] get through without any problem and are not receiving the javascript challenge. There is no cf_clearance cookie.

It appears these ip ranges are impossible to block / javascript challenge?

I have made sure they are not bypassing the Cloudflare system through logs, and they are not and I check for the HTTP_CF_CONNECTING_IP header ONLY for Cloudflare ip ranges.

My issue seems similar to this one: CF firewall does not obey ASN block rule?

Can anybody help?

step · June 26, 2020, 4:23am

@email669
step 1: make sure other firewall rules/page rules does not conflict with each other. in my case i had a conflicting rule.
step 2: such incident can happen when ip ranges are announced by 2 networks( 2 asns).
see https://bgpview.io/ip/38.132.97.163
try to block both asn and see if it still come through.
hope it helps.

email669 · June 26, 2020, 2:48pm

Hi,

I have noticed there are some ips with multiple ASNumbers.

#1: There are no rules to whitelist these ips. There is no firewall events for the specific ip at all.

#2: For this specific range, I do not want to block cognetco. There are too many good networks on this range…

That’s why I did the ip rules, rather than the ASN rules for the m247 ranges, but these are not working - which should work.

It has never worked or picked up 1 ip address.

What if I was to block through the ASNumber and leave holes for these m247 ranges. Would that work?

I have seen similar activity with other ASNumbers and have been successful by adding the ip ranges. For the m247 it does not work.

email669 · June 27, 2020, 10:38pm

I am also having trouble with AS204644 and when trying to manually add ips into firewall rules. This is www.code200.global and I have the rule 193.32.172.0/22 but ips like 193.32.174.33 are still getting through without being served a Javascript Challenge.

system · July 26, 2020, 2:01am

This topic was automatically closed after 30 days. New replies are no longer allowed.