Individual IP Block - bypassed?

I am hoping to have selected the right category for this question. Apologies if I haven’t.

I understand the basics on CF and have multiple countries blocked. Amazing feature, and I am eternally grateful for that option.

Although for IP Access Rules in Tools, I’ve run into an issue.
There are multiple individual IP’s I’ve set to block from accessing my domain. One of which is unfortunately an active stalker. I didn’t realize I couldn’t block through my domains Cpanel until a couple of days ago. So I added the blocked list into IP Access Rules.

Now the issue is, most are working just fine as they should be. With the exception of one non-static IP.

Example: (not the ip in question, example numbers only)
26.2.2.0/24 - Action: Block, All Websites in Account.

In my site logs, it says 26.2.2.21 had absolutely no issue surfing through my domain, forum and gallery early this morning. I was under the understanding that 0/24 would block the range 0-255 for the end number of an IP?

I’ve been searching for answers and learning more about IP Range and how to implement blocking for non-static. Although now I am at a complete loss where I went wrong?
Do I have to implement the block for each individual IP, like 26.2.2.0, 26.2.2.1, 26.2.2.3…etc etc through to 26.2.2.255 to block their access?

I apologize if this is a stupid question. lol

/24 should do it. However, unless your server has been configured to block traffic not through Cloudflare (cloudflare.com/ips), then any determined person can go direct.

1 Like

This is where my knowledge runs out. lol
I have another that is blocked through CF, and it shows up being blocked from accessing things hosted on the domain. I wouldn’t know where to begin listing those IP’s through my domains server to ensure blocks listed through CF are actually blocked from accessing. Cause it definitely isn’t working from the Cpanel IP Block option as well as through CF.

for another ip, it shows it was blocked “Access rules: IP range”.

added: I have since manually added in the ip 255 times to the Ip Range. Consider this solved, cause if that doesnt work nothing will.

I believe it actually uses or modifies - or at least was a situation - where I actually have added IPs with “deny” to my .htaccess file and they appeared right at the cPanel → IP Block.

Meaning, the user is having DHCP, also the IPs are assigned by 24hour time-frame (mostly), meaning the option to you would be left to block the AS number (which could be find out by the IP address), possibly block the whole ISP (is that a good way, or not - could be questioned depending on the situation, considering other users having the same ISP, etc.)?

For a bit of help, as suggestion, you could use a CIDR calculator like CIDR to IPv4 Address Range Utility Tool | IPAddressGuide - where you enter the IP like 1.1.1.1/24 and got the results as needed (first IP, last IP, etc.)

I believe this is correct and good if you see this from now on.

1 Like

Unfortunately it’s not blocking it even through the .htaccess. I have added in: (example ip provided)

  • 26.2.2.0/24
    and manually added in deny 26.2.2.0 -to- 26.2.2.255.
    Neither stopped this individual from accessing my sites forum, gallery, or webpages.

I tried doing it through the Cpanel, didn’t work. I tried adding in 26.2.2.* into the ban’s for the main forum itself, didn’t work. I tried imputting the full 26.2.2.0 -to-26.2.2.255 manually into the forum, didnt work.

My host reminded me to use CF for this, because i’m using it to protect my domain. So I went to the IP Range in CF and added in 26.2.2.0/24, and the individual still got through to everything 24hours after I’d implemented the block through CF. Every other block I have in place, is working. The country deny through CF is working really well, along with CF preventing bad bots etc. Works for every block except for that one particular individuals IP. Unfortunately the ‘hostname’ is the ip. etc etc.

I posted here as a last resort. I have on and off run my own personal domain for many years and have never had any issues blocking IP’s before.

Thank you fritexvz, so much. Your response was very thorough and I greatly appreciate the information you provided. =)

But, may I ask do you actually see the true IP address of the visitor in your access.log file?

Reminds and make sme think a bit, could you please check for and also look into the below article just in case if so?

If .htaccess deny IP not working, neither as Cloudflare (while having the proxied :orange: cloud hostname for which the IP Access Rules / Firewall Rules and etc. stuff should apply and work), that’s kind of a strange - but, not sure if below article can help in this particular case:

AS8003 Global Resource Systems, LLC - DoD Network Information Center
Interesting read about it - https://www.washingtonpost.com/business/2021/04/26/questions-answers-pentagon-internet-protocol-addresses/.

Reminds me a bit on my home country main ccTLD DNS maintainer/provider from which each ccTLD registered domain, everyday is multiple times is being “accessed” and obviously “scanned” for the HTTP response (which I determined and figured out using Firewall Rule “empty user-agent string” requests from my country and by the AS number).

1 Like

I’m pretty sure their 26. example was just a place holder.

2 Likes

yes, the IP I listed in my message was just a place holder as I did not want to post the individuals IP.

I have labelled and logged this individual’s ip much longer than I’ve been utilizing CF for extra website protection. I know the IP range, their location, screen resolution, ISP and cellphone host. They have stalked me through other IP’s over the years. I’m at my wits end, because I cannot make this block stick.

I am now hoping that putting in 0-255 manually into the IP Range here in CF will actually work in stopping them from accessing my domain, finally.

Thank you both for the assistance. For the moment all I can do is wait until tomorrow to see if they’re able to access the domain again. Its every day, or every other day on average that they stalk my webpages/forum/etc.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.