WAF misclassifying traffic

Yogurt_Flakes · January 6, 2025, 1:04am

What is the name of the domain?

N/A

What is the error number?

N/A

What is the error message?

N/A

What is the issue you’re encountering

WAF is classifying traffic for AS206216 as “AS0 -Reserved AS-”

What steps have you taken to resolve the issue?

If a firewall rule configured to handle traffic based on ASN were to encounter traffic from the following source, it might not get processed in the desired way (bypass rule).

IP: 2602:fb54:af4::
ASN (Cloudflare identified “as”): AS0 -Reserved AS-
User agent: python-requests/2.27.1
HTTP/1.1
Path: /ss.php
Actual ASN: AS206216 (Advin Services LLC)

The traffic is obviously abusive. The the reason it got caught was due to another WAF rule being triggered. Cloudflare seems to identified the source as AS0 instead of AS206216.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Strict (SSL-Only Origin Pull)

What are the steps to reproduce the issue?

N/A

sdayman · January 6, 2025, 1:10am

https://community.cloudflare.com/search?q=AS0

paul32 · January 6, 2025, 10:43am

As well as the info posted as the solution its worth adding a WAF rule to block AS0

system · January 8, 2025, 10:44am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AS0 can bypass WAF rules? General	9	439	June 3, 2024
Is this the proper way to block ASN`s? Security	8	4442	October 15, 2022
Firewall and Traffic Flow Sequence (block ASN but allow specific user agents) Security Center	14	69	January 14, 2025
Urgent assistance required: My server is receiving attack traffic that should have Security	8	956	July 27, 2024
Block all traffic from Huawei Cloud Security	4	2805	May 13, 2022