Hi everyone,
What is the domain name?
I’d rather not say since I’ll be giving all my WAF rules publicly for this site right after. Plus, it doesn’t bring any useful information for my issue, at least this is what I think.
Have you searched for an answer?
I have searched on google and here with “(Cloudflare) WAF doesn’t block AS” and didn’t find anyone complaining for the issue I’m having.
Please share your search results url:
duckduckgo[.]com/?t=ffab&q=cloudflare+waf+doesn%27t+block+AS
When you tested your domain, what were the results?
Not relevant.
Describe the issue you are having:
When checking the logs of my website, I can see some IP addresses coming from AS I blocked in my AS dedicated WAF rule. The point is it does block some (most?) of them as I tried adding my own ISP AS or a friends one. So it seems to be an issue only with some of them.
Let’s take an example:
Here are some of my website logs:
Let’s take this IP: 103.101.203.114
This IP comes from AS36007 as per bgp[.]tools/prefix/103.101.203.0/24
Let’s check my WAF rules now:
#1 : I’m allowing some search engines bots, here Google and Duckduckgo (ip.geoip.asnum in {15169 396982 36040 19527 36385 395973 36384 36492 14618 16509} and not cf.client.bot) >> Block
#2 : (ip.geoip.asnum in {40355 140292 198953 39134 38283 24151 42926 36321 398722 55286 32875 211298 15480 398090 33387 6315 210558 22772 8972 211252 213035 209 3356 20228 6461 399486 212815 […] 398493 47583 42689 36007 396948 216419 7377 38 5089 11320 8796}) >> Block
The AS number is part of my rule. So it should be blocked.
As a test, I have added the AS of my mobile ISP to the rule and checked if I could have access to my website: it works I’m blocked.
So… is it a Cloudflare’s WAF issue, an issue from me, or is it just that Cloudflare doesn’t detect the same AS number as bgp.tools and therefore they have a different database?