How do I block a host by ASN? Example - AS16276
Solution 1
You can use https://www.enjen.net/asn-blocklist/
An example i.e. colocrossing: https://www.enjen.net/asn-blocklist/index.php?asn=AS36352&type=htaccess
If you need to download it to a server and don't want html then add &api=1 to the end of the link.
Solution 2
Check out mod_asn:
mod_asn is an Apache module that uses BGP routing data to look up the autonomous system (AS) and the network prefix (subnet) which contains a given (clients) IP address.
mod_asn is usable as standalone module, and the lookup result can be used by scripts or other Apache modules. For instance, a download redirector could base its decisions on the lookup result provided by mod_asn.
I don't have any direct experience with this, but it sounds promising.
Someone with direct experience with this module should feel free to edit this answer to add relevant specific details.
Additionally, you can talk with your network administrator to have these ASNs blocked or ignored at the router, then you don't have to make this an application configuration problem. A (major?) drawback to the mod_asn approach is that it doesn't stop naughty IP addresses from trying to attack other services on your host or network, it will only drop HTTP/HTTPS requests to the configured apache servers.
Related videos on Youtube
05 : 19
02 : 49
04 : 06
02 : 55
02 : 01
dhaupin
Updated on September 18, 2022Comments
-
dhaupin over 1 year
There are a handful of especially toxic hosts out there. There is no reason we need to allow any of their IP's access to our servers. Is there a way we can block them using their ASN or other global identifier? I would prefer to do this in HTACCESS for app/server portability, but APF is fine too.
An example would be blocking the following hosts. Over 50% of their IP's are on blacklists already, or they operate proxy exit points for companies like PacketFlip:
- AS4134 - ChinaNet
- AS9808 - Guangdong Mobile Com
- AS16276 - OVH SAS
- AS15003 - Nobis Tech Group
- AS36352 - ColoCrossing
- AS29761 - QuadraNet
- AS15895 - Kyivstar PJSC
- AS50915 - S.C. Everhost S.R.L.
- AS53889 - Micfo
- AS57858 - Fiber Grid OU
-
dhaupin over 9 yearsWould they ignore them at router by IP or something else? And thanks ive never heard of that one, it looks pretty cool. I'll hold off marking answered for now just in case others have thoughts too. Any mod_asn users got tips?
-
webmarc over 9 yearsBy ASN, the routers speak BGP and know how to filter by ASN -
LDC3 over 9 yearsWelcome to SuperUser.SE. In your response, it would be better if you could provide some information about the web sites in case that change their address.
-
Mun over 9 yearsWhat do you mean?
-
LDC3 over 9 yearsSometimes the websites change their address so the links you post will not work. If you describe what the links go to, then when a link gets broken, some people may be able to find it by doing a web search.
-
Mun over 9 yearspretty simple search asn-blocklist on google. It shouldn't change address though.
-
DavidPostill over 7 yearsThis is really a comment and not an answer to the original question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post. Please read Why do I need 50 reputation to comment? What can I do instead? -
Ramhound over 2 yearsDownvoting an answer to a question that is 8 years old, with a contribution that looks like it was ripped out of an article written by somebody else, isn't that unusual. Let's not forget the original revision has some major formatting issues.. This is the bing search I used to find the blog article from 2020.
-
Ramhound over 2 yearsI downvoted the original revision of this answer, not the current version, so I am just walking away, be sure you check for formatting issues before you submit answers in the future.
