Blocking the provider's AS number, while bypassing owned IP address, which belongs to the same provider AS number?

I am hesitating regarding a better approach for a situation where I have and use services like servers from the provider for which I also see some Firewall events like crawlers, etc., and would like to block requests comming from the provider by its AS number while still bypassing the given IP addresses or IP range which I use from the same.

a) Should I create a Firewall rule like if the request is coming from AS number 12345 and IP address, not my IP address (or IP range)?

(ip.geoip.asnum eq 12345 and not ip.src in {123.012.34.56 168.178.65.31})

b) Should I add AS number 12345 to IP Access Rules with “block” as an action, but also add my IP address(es) or IP range with “bypass”?

c) Should I add AS number 12345 to IP Access Rules and then create a Firewall rule to “bypass” my IP address(es) or IP range? I assume IP Access Rules will be executed before Firewall Rules, or I may be wrong about it?

I am interested, for example in b) case, what priority is here?
Will my IP address(es) or IP range be “bypassed” regarding the whole AS number being “blocked” (as the IP address belongs to that AS number) or not?

May I ask for a suggestion from practice, which approach should a Cloudflare user consider a good one and go with it?

Hi @fritexvz,

Personally, I think this is what I would choose to do.

From:
https://developers.cloudflare.com/firewall/cf-firewall-rules/order-priority

IP Access Rules are the first priority, so I would put the Allow there, rather than anywhere else if you went for that approach.

I have not actually had this situation, so someone else may have a better idea, but just sharing my thoughts here.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.