Should I whitelist DigitalOcean ASN

Hi, everyone. I created a firewall rule: managed change for every visitor to my site. DigitalOcean is my host. Its ASN is getting challenged. According to their customer support agent, AS14061 is their real ASN number, not a fake one. Should I whitelist AS14061 so that it won’t get challenged? Thanks!

I don’t really recommend doing this as the entire ASN 14061 is shared by all DigitalOcean customers, some of them might be attackers hosting a server/instance in Droplets. If your objective is just to whitelist your own instance traffic and you have a fixed IP, just whitelist your own IP address.

By the way, based on your rule expression, you are actually challenging good bots too, including Google, Bing, Yandex and so on. Be sure to add another criteria to exclude “Known Bots” from getting challenged if you care about website SEO.

3 Likes

Thanks a lot. Yes, I just want to whitelist my own instance traffic. Can you tell me if this is correct?

Thanks again. I was actually having this problem.

2 Likes

If your current rule action is “Managed Challenge”, you just need to check if IP source address does not equal to your public IP. You can remove the ASN check.

1 Like

Thanks again. Is this correct? (I have a firewall in digital ocean to allow traffic from only Cloudflare’s IP addresses)

Can you also tell me if the rule below is correct or not? After spam bots are gone, I want to remove managed challenge. So I want to know if this rule below is correct or not.

1 Like

Put another criteria to match Known Bots - Off.

Most probably you don’t need this rule since your server traffic should be allowed by default, unless it’s blocked by something else.

Thanks again.
Instead of “managed change”, can I block IP source addresses that do not equal my public IP?

Then you are going to block pretty much everyone - no one can see your website except you and good bots.

Sorry, I want to ask what is the difference between challenging my hostname and challenging my public IP address.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.