I want to block certain ASN’s and I’m not sure if this is the right way. Any advise?
That certainly looks all right, apart from the fact that you are not blocking but challenging.
Assuming, of course, you have no prior whitelisting in the firewall or IP access rules.
Yes, you are right. Just challenging for now. I have seen screenshots where the operator was “equal” instead of “is in” so I was a bit confused.
equal refers to one single ASN,
is in to a list of ASNs.
I find it easier to just add the ASNs individually to the Security/WAF/Tools list rather than a rule, particularly as you will probably add a very long list of bad ASNs over time
Beside the easier part, is it better? Is it more efficient as solution?
I think so
You either add dozens and dozens of ASNs to a Rule, and run out of space when the rule gets too big, or add each bad ASN individually without the risk of running out of space
By the time you block the major bad ASNs, e.g. microsoft, amazon, hetzner, ovh, digitalocean, vpn’s, tor endpoints, etc., etc., your rule will be massive
Plus you have the advantage of the option of setting the “Applies to” to “All websites in account” so only have to enter the ASN’s once instead of copying the rule to every website you have
For your use case it won’t matter and you best stick with firewall rules.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.