Chownow.com blocking ASN 22462

Website, Application, Performance Security
1

Answer these questions to help the Community help you with Security questions.

What is the domain name?
chownow(dot)com

Have you searched for an answer?
Yes

Please share your search results url:
Unnecessary, they’re blocking our ASN via Cloudflare, it’s pretty obvious. I tried to open a ticket but since I don’t pay for business service, I’m not allowed to open a ticket. This is ridiculous.

When you tested your domain using the [Cloudflare Diagnostic Center](https://www.cloudflare.com/diagnostic-center/) (funny that I have to backtick the prefilled text!), what were the results?
It’s not my domain, it’s their domain, and they block ASNs at random, or perhaps block all and allow only major carriers, I don’t know.

Describe the issue you are having:
chownow(dot)com, using Cloudflare for ASN blocking, is blocking our ASN.

What error message or number are you receiving?
Screenshot below.

What steps have you taken to resolve the issue?

  1. Contacted chownow(dot)com support
  2. Tried to explain to Eddie F that while the account was successfully created (when I used another IP, my Zayo direct peer IP), I am still having the issue that customers using our IPs, 23.134.192.0/24 and 23.134.193.0/24, cannot access nor order via the chownow website.
  3. Had someone point out that the error message says Cloudflare is blocking us, even though we have had zero other complaints about Cloudflare apart from Chownow, leading me to believe Chownow frontline support can’t comprehend IP blocks

Was the site working with SSL prior to adding it to Cloudflare?
N/A

What are the steps to reproduce the error:

  1. Use our network (I would be happy to set up an anydesk/teamviewer session to a jumpbox)
  2. Try to access chownow(dot)com
  3. Fail

Have you tried from another browser and/or incognito mode?
Not only that, I tried from another computer entirely

Please attach a screenshot of the error:

Screenshot 2023-03-27 at 17-34-18 Access denied used Cloudflare to restrict access
Screenshot 2023-03-27 at 17-34-18 Access denied used Cloudflare to restrict access1024×562 4.17 KB

2

Unfortunately Cloudflare offers a toolset but doesn’t control how their customers implement it. If they have decided to block your ASN you will need them to modify, Cloudflare does not control and cannot override their security decisions.

5 Likes
3

It would ridiculous to open a ticket on Cloudflare, for something happening on a third party’s website.

Website owners can literally do what they want to do with their websites, that’s beyond the control of Cloudflare, even when the website owner choose to use Cloudflare.

As the error message also says, it is done by the website owner’s request.

Even more confirming that you need to poke Chownow, and not Cloudflare.

I’d suggest you poke that “Eddie F” again, to escalate the issue further up the chain, within Chownow’s Support.

2 Likes
4

I said this, but my customer insisted I open a ticket with cloudflare, and was dissatisfied with my attempt to contact chownow again. There’s an off chance that cloudflare can contact the right division of chownow whereas I cannot get past the gatekeeper, Eddie F.

5

I do actually know, and have heard very well about that kind of situation before.

I wouldn’t ever bet on that, and following that, would literally be more of a waste of time, than anything else.

Digging a little around, it does look like Chownow is blocking quite a lot of traffic out there.

From several (although primarily non-US locations), I’m seeing:

2023-03-28_01-49-05
2023-03-28_01-49-05874×144 10 KB

If you tried contacting their support through some live chat, a quick Google told me that you might want to try via email to [email protected].

That email was snatched from ChowNow - Crunchbase Company Profile & Funding

Or perhaps see if you can poke them (enough) on Twitter, or stuff like that.

6

I’m pretty sure this is their security through obscurity technique, they’ve created an allow list and block everything else. If they don’t know you’re a US ISP, you’re blocked. There’s a chance that this is a geofilter that cloudflare manages, and so if our ASN is not listed in cloudflare as a US ISP, and their filter is just “allow US ISPs”, then it is a cloudflare issue.

7

I tried to test this by setting up a Cloudflare account for a domain I own but don’t really use, and while I can “allow” by country, I cannot “block” by country unless I am on the enterprise plan, so I can’t test if it is seeing my ASN as being not in the US.

8

Scratch that, I figured out a way to test, redirects. I have it set to redirect all non US visitors to google for the cook islands, and it didn’t redirect. I then added our ASN to redirect to our homepage, and it did redirect. Odd that they’re actually doing it by ASN, and not by the filter. Maybe this is how they save money?

9

This one is very possible.

This one has my scepticism though.

I haven’t yet seen Cloudflare give country codes based on AS numbers, but solely based on IP addresses.

I doubt Cloudflare distinguish between the geolocation database that Free ↔ Enterprise users can use in their WAF, however, one test point that includes geolocation from Cloudflare would be these:

https://canhazip.com/more
https://ipv6.canhazip.com/more
https://ipv4.canhazip.com/more

https://dash.cloudflare.com/?to=/:account/:zone/security/waf/custom-rules

2023-03-28_03-38-52
2023-03-28_03-38-52945×629 15.7 KB

2023-03-28_03-39-41
2023-03-28_03-39-41938×616 14.5 KB

It is very common for certain website owners to choose to block AS numbers of cloud / hosting providers (dedicated servers, VPS, and so on), as it is very rarely that legitimate users would be connecting to a website that way.

Doing so can often limit a lot of bot traffic, or otherwise useless noise, that your site receives.

A lot of games can be played in that direction, so it probably wouldn’t be completely impossible.

10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.