Help me to configurate ASN filter WAF RULES

Someone help me to configure the ASNs because sometimes I have a lot of requests for certain ASNs and I would like them to help me to parameterize an ASN without having to totally block an ASN, since it can be a good or bad visit. Please and thank you

What does “parameterise an ASN” mean?

You either have an ASN in your expression or you don’t. What exactly do you want to achieve?

Hi @sandro

Let me explain to you every day I get a lot of visits from a specific ASN. For example: AS8075 MICROSOFT-CORP-MSN-AS-BLOCK.

How can I add a rule to filter if that user is good or bad. If you have an example to put it in my waf I would appreciate it.

There is no such thing, you can use cf.bot_management.score if you have a Business plan - Fields reference · Cloudflare Ruleset Engine docs - but that’s not related to ASNs.

1 Like

You can also add Known Bots to the rule. Known bots should be “good”.

@sandro In case If have free plan?? I am asking if you can give some examples to add a robbust rule in my website.

There is no single “robust” rule but it all depends on your use case and your visitors.

You can start with https://community.cloudflare.com/search?q=[FirewallTip]%20in%3Atitle%20%23tutorials%20%40sandro but overall this really needs to be manually customised and there is no such thing as one rule, there ain’t no Sauron here :wink:

1 Like

@sdayman how i can set up that rules? Could you please give the rules expression to add to my website. Please

I would like to block all the bots of an asn but that the user, if he is human, can enter to see my page and if he looks for another url that is not the page, then block it. I ask because I don’t know much about parameters.

Humans should never browse your site from 8075. That’s purely hosting servers.

@sdayman So in this case is better to block ASN 8075?

You set up the rules at https://dash.cloudflare.com/?to=/:account/:zone/security/waf/firewall-rules but again, the rules depend on your use case and need to be configured by your administrator. Nobody here can tell you what rules you need and that would be also way beyond the scope of forum advice.

So again, please check out Fields reference · Cloudflare Ruleset Engine docs and the related documentation.

And no, if you block that ASN, you may also block VPNs and Microsoft employees, so I would not block it.

Good point. I have my firewall rule set to Managed Challenge.

1 Like

@sdayman could you please share that rule managed challenge to add to m website.

I have something like this.

You mean like this?
image

Please check out the documentation.

1 Like

Yes, these expressions will challenge the indicated ASNs, though you can also use is in.

But again, blocking ASNs is not necessarily the best way to implement. It really depends on your use case and that’s something you need to discuss with your network administrator.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.