English 
Deutsch 
Hi all, Lucas here.
Have you asked yourself “How can I block all network-traffic by servers”? If you run a big site that often gets attacked, you may want to block server hosters.
Why doing that? Well… Botnets are often hosted on Server Hosting Networks (like OvH, Hetzner, Amazon) etc…
So, let’s get started:
About ASNs
ASNs are the Network ID numbers… They are just numbers by the networks.
For example: Google LLC (Google servers) use AS15169 – source: https://ipinfo.io/AS15169
How to block Server Hoster ASNs
Go to Cloudflare, WAF:
Then create a new rule:
Name the rule however you want. It doesn’t matter, it’s just for you.
Now click “Edit expression”:
And now enter this (from my ruleset):
(ip.geoip.asnum in {20473 174 263369 9304 14061 141909 4837 30873 63949 328471 140096 60729 45102 23688 8048 1167 53667 813 36352 39572 37963 58453 17964 45090 45899 50113 59151 54643 398101 12975 203301 7713 139330 50928 31898 208677 6057 37605 9009 398704 41378 35913 55990 16637 58890 30844 41754 30873 132203 17995 62904 25820 140475 4134 136907 26496 55286 3462 133752 24282 60781 210015 50835 43624 40021 206092 8767 24961 7040 577 54825 30823 24651 55286 210558 216419 8560 7203 398779 14576 26548 35830 51765 16509 13238 24940 396982 8075})
And set the rule to Block. This will block many networks that are used for DDoS attacks.
Make sure to “Deploy” the rule and turn it on.
I also have more ASN Block rules (you need to add them to another rule, as they get too long and Cloudflare will not allow it), enjoy:
(ip.geoip.asnum eq 197540) or (ip.geoip.asnum eq 133752) or (ip.geoip.asnum eq 51167) or (ip.geoip.asnum eq 14061) or (ip.geoip.asnum eq 25198) or (ip.geoip.asnum eq 9351) or (ip.geoip.asnum eq 6939) or (ip.geoip.asnum eq 46573) or (ip.geoip.asnum eq 8452) or (ip.geoip.asnum eq 138844)
(ip.geoip.asnum eq 141995) or (ip.geoip.asnum eq 61317) or (ip.geoip.asnum eq 202769) or (ip.geoip.asnum eq 262287) or (ip.geoip.asnum eq 61317) or (ip.geoip.asnum eq 40021) or (ip.geoip.asnum eq 24940) or (ip.geoip.asnum eq 22773) or (ip.geoip.asnum eq 16276) or (ip.geoip.asnum eq 45102)
(ip.geoip.asnum eq 7713) or (ip.geoip.asnum eq 29066) or (ip.geoip.asnum eq 21353) or (ip.geoip.asnum eq 23969) or (ip.geoip.asnum eq 6696) or (ip.geoip.asnum eq 26548) or (ip.geoip.asnum eq 52000) or (ip.geoip.asnum eq 14576) or (ip.geoip.asnum eq 43624) or (ip.geoip.asnum eq 35830)
(ip.geoip.asnum eq 48254) or (ip.geoip.asnum eq 198537) or (ip.geoip.asnum eq 41897) or (ip.geoip.asnum eq 210558) or (ip.geoip.asnum eq 42201) or (ip.geoip.asnum eq 200185) or (ip.geoip.asnum eq 60781) or (ip.geoip.asnum eq 12876) or (ip.geoip.asnum eq 9186) or (ip.geoip.asnum eq 396982) or (ip.geoip.asnum eq 206092)
What this does
It blocks networks like Ovh, Google, Amazon etc to enter your site. And don’t worry: Crawlers (e.g. Google) can still access your site.
Have fun with my rules!
