WARP access being blocked by WAF as ASN no longer showing as AS13335

Ok, so a bit of background… I’ve got CF WARP configured via Access to allow me to access my self-hosted apps via my custom domain, only if I’m connected via WARP. In my CF WAF, I also block all but my home IP address (without WARP), which is updated dynamically using the API. As the IP address for WARP differs to my home IP, I have a rule in my WAF that basically allows my home IP and anything from AS13335, because if I didn’t, then WAF would block access due to the IP address not being on my home list.

All has been working fine, but recently it has stopped. Looking at my event logs in WAF, it shows that the WARP connections as being blocked because they are now coming from an ASN of “AS0 -Reserved AS-”, but I cannot add this as an exception to the firewall as CF complains it’s not valid…

I’ve tried looking at https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/firewall/ but the IP address ranges mentioned here do not match the IP addresses used on WARP any more (it seems).

Has something changed recently? And any ideas on how to overcome this?

1 Like