How do I block a host by ASN? Example - AS16276
There are a handful of especially toxic hosts out there. There is no reason we need to allow any of their IP's access to our servers. Is there a way we can block them using their ASN or other global identifier? I would prefer to do this in HTACCESS for app/server portability, but APF is fine too.
An example would be blocking the following hosts. Over 50% of their IP's are on blacklists already, or they operate proxy exit points for companies like PacketFlip:
- AS4134 - ChinaNet
- AS9808 - Guangdong Mobile Com
- AS16276 - OVH SAS
- AS15003 - Nobis Tech Group
- AS36352 - ColoCrossing
- AS29761 - QuadraNet
- AS15895 - Kyivstar PJSC
- AS50915 - S.C. Everhost S.R.L.
- AS53889 - Micfo
- AS57858 - Fiber Grid OU
Solution 1:
You can use https://www.enjen.net/asn-blocklist/
An example i.e. colocrossing: https://www.enjen.net/asn-blocklist/index.php?asn=AS36352&type=htaccess
If you need to download it to a server and don't want html then add &api=1 to the end of the link.
Solution 2:
Check out mod_asn:
mod_asn is an Apache module that uses BGP routing data to look up the autonomous system (AS) and the network prefix (subnet) which contains a given (clients) IP address.
mod_asn is usable as standalone module, and the lookup result can be used by scripts or other Apache modules. For instance, a download redirector could base its decisions on the lookup result provided by mod_asn.
I don't have any direct experience with this, but it sounds promising.
Someone with direct experience with this module should feel free to edit this answer to add relevant specific details.
Additionally, you can talk with your network administrator to have these ASNs blocked or ignored at the router, then you don't have to make this an application configuration problem. A (major?) drawback to the mod_asn approach is that it doesn't stop naughty IP addresses from trying to attack other services on your host or network, it will only drop HTTP/HTTPS requests to the configured apache servers.