CF firewall does not obey ASN block rule?

firewall
#1

i added firewall rule to block AS9009 (m247.com) they crawling my site unnecessarily causing huge load on the server. but in my log CF_CONNECTING_IP still shows ip belong to AS9009 how ? first i tried javascript challenge they still coming then tried challenge then also coming then enabled block but still coming to my site how?

#2

#3

Considering you wrote CF_CONNECTING_IP I assume you already ruled out the possibility of a direct connection, bypassing Cloudflare, correct?

Your access rule looks all right so either the IP is for some reason not recognised as belonging to this AS or there is some other glitch. Have you check your firewall events? Also, can you post a log excerpt from such a request?

#4

i also verified REMOTE_ADDR server variable in php which all belongs to CF network. so the requests are legit, not header spoofing.

i have custom log so i can only share some ips which appears to belong to AS9009
they are coming from multiple country while having same ASN
see these
https://ipinfo.io/193.160.68.65 RU
https://ipinfo.io/185.236.93.168 FI
https://ipinfo.io/91.132.39.196 DK
https://ipinfo.io/84.252.87.235 FR
https://ipinfo.io/83.150.222.111 PH
etc

#5

Half a year ago I had a similar issue at "AS" block not effective for some reason

I’d open a support ticket, the conclusion back then was that Cloudflare’s IP to ASN mapping is not always necessarily completely accurate.

closed #6

This topic was automatically closed after 30 days. New replies are no longer allowed.