When managing a website’s security on Cloudflare, administrators are often faced with the decision of whether or not to block certain Autonomous System Numbers (ASNs). These ASNs represent groups of IP addresses and networks assigned to organizations, data centers, and cloud service providers. However, blocking certain ASNs can unintentionally disrupt legitimate traffic, including connections from trusted entities. Identifying the ASNs to avoid blocking is critical for maintaining smooth, uninterrupted services while protecting against malicious actors. In this blog, we will explore which ASNs you should never block on Cloudflare, helping you secure your website without compromising accessibility.
Understanding Autonomous System Numbers (ASNs)
An Autonomous System Number (ASN) is a unique identifier assigned to a collection of IP addresses managed by a single organization. ASNs are crucial for routing traffic across the internet, and they help define which networks are allowed to interact with each other. When managing web traffic and security, administrators sometimes block specific ASNs to prevent access from known malicious networks. However, blocking the wrong ASN can disrupt connections from legitimate users, including customers, search engines, and service providers. Understanding how ASNs work and recognizing which ones are essential for your website’s operations is key to striking the right balance between security and accessibility.
7 Reasons to Avoid Blocking Certain ASNs
- To ensure your website remains accessible to search engines
- To maintain uninterrupted access from trusted cloud providers
- To avoid mistakenly blocking legitimate users
- To prevent issues with third-party services (e.g., APIs)
- To maintain optimal performance for your website
- To preserve access for business partners and affiliates
- To avoid unnecessary restrictions on internet traffic
Key Cloud Providers’ ASNs
Cloud service providers like Amazon Web Services (AWS), Google Cloud, and Microsoft Azure play a significant role in hosting and running web applications. Blocking their ASNs can lead to interruptions in service, including downtime, broken links, and degraded user experience. These providers host a massive portion of global internet traffic, and many legitimate services run on their networks. Hence, blocking their ASNs can inadvertently block legitimate users or services that depend on these platforms. Always ensure that you whitelist their ASNs to guarantee smooth traffic flow.
| Cloud Provider | ASN | Region |
|---|---|---|
| Amazon Web Services (AWS) | AS16509 | Global |
| Google Cloud Platform (GCP) | AS15169 | Global |
| Microsoft Azure | AS8075 | Global |
Why Search Engine ASNs Should Be Whitelisted
Search engines like Google, Bing, and others crawl websites to index them, improving your website’s visibility in search results. Blocking these search engine bots can severely impact your website’s SEO performance. When you block an ASN related to search engine crawlers, you run the risk of preventing search engines from indexing your pages, which could lower your rankings. It is essential to whitelist the ASNs used by search engines to ensure your website is being discovered and ranked properly. Keeping these ASNs open is a crucial part of your website’s digital marketing strategy.
7 Key Search Engine ASNs to Keep Unblocked
- Googlebot – AS15169 (Google)
- Bingbot – AS8075 (Microsoft)
- Baiduspider – AS9457 (Baidu)
- Yandexbot – AS13238 (Yandex)
- DuckDuckBot – AS13238 (DuckDuckGo)
- Sogou Spider – AS4134 (Sogou)
- Exabot – AS198500 (Exalead)
Whitelisting Content Delivery Networks (CDNs)
Content Delivery Networks (CDNs) like Cloudflare, Akamai, and Fastly are used to speed up website performance by distributing content across a global network of servers. Blocking the ASNs of CDNs can degrade your website’s load times and performance. Since CDNs improve the user experience by caching and serving content closer to users, blocking them can lead to slow page load times, negatively affecting both user satisfaction and SEO rankings. Whitelisting these ASNs ensures that your website benefits from faster, more reliable content delivery.
7 Reasons to Whitelist CDNs’ ASNs
- To ensure fast loading times for global users
- To improve overall website performance
- To ensure uninterrupted content delivery
- To avoid caching issues and slower page rendering
- To maintain SEO rankings with improved page speed
- To prevent blocking of content delivery services
- To enhance user experience and engagement
The Importance of Keeping Payment Gateway ASNs Open
Many websites rely on payment gateways like Stripe, PayPal, and Square to process transactions. These payment processors require uninterrupted access to your website’s payment forms and systems. Blocking their ASNs can disrupt payment processing, causing significant issues for customers trying to complete transactions. To avoid service interruptions and ensure secure, reliable payments, it’s essential to whitelist the ASNs associated with payment gateways. Ensuring these networks can communicate freely with your website keeps the checkout process smooth and secure for customers.
Avoiding Over-blocking with Security Solutions
Web security services like firewalls and DDoS protection often include predefined lists of malicious ASNs to block. While blocking known malicious ASNs is essential, over-blocking can create significant problems. Blocking too many ASNs or essential ASNs could affect your website’s accessibility, traffic, and overall performance. It’s crucial to regularly update your security solutions and only block ASNs that have been thoroughly vetted as malicious. An intelligent, well-configured security setup ensures your website stays protected without compromising user experience.
7 Tips to Avoid Over-blocking ASNs
- Regularly review and update security rules
- Use a tiered security approach to isolate threats
- Monitor traffic patterns to detect anomalies
- Keep whitelisted ASNs regularly updated
- Rely on threat intelligence services for accurate ASN data
- Test changes to security settings before applying them
- Use Cloudflare’s advanced security features like challenge pages
The Role of Whitelisting in Network Security
Whitelisting specific ASNs is a proactive approach to web security that ensures trusted services have uninterrupted access to your site. By allowing known, trusted ASNs, such as those of cloud providers, payment systems, and CDNs, you can improve your website’s functionality while blocking malicious sources. Whitelisting also allows you to establish more granular control over what traffic enters your site, which is essential for preventing unauthorized access. However, as much as whitelisting is a security tool, it requires careful management to avoid inadvertently blocking legitimate traffic. Regular audits of your whitelist ensure that only essential ASNs are allowed access.
Best Practices for Managing ASN Blocks
To ensure your web traffic remains smooth while maintaining security, it’s essential to adopt best practices for managing ASN blocks. Firstly, understand which ASNs are integral to your website’s operations and never block them. Secondly, use Cloudflare’s detailed analytics and logs to monitor traffic and adjust blocking rules as needed. Thirdly, maintain a dynamic whitelist of trusted ASNs to keep your website accessible to legitimate users. Finally, test your configuration regularly to ensure that blocked ASNs are malicious and not essential to your web infrastructure.
“Managing ASNs effectively is not only crucial for security but also for ensuring that your website remains available, functional, and fast.”
To maintain your website’s performance and security, it’s essential to carefully consider which ASNs to block and which to whitelist. Blocking the wrong ASNs can cause disruptions, hinder user experience, and hurt SEO rankings. By understanding the importance of trusted ASNs such as those used by cloud services, search engines, CDNs, and payment gateways, you can ensure your website stays accessible and protected. Take time to review your ASN management practices, whitelist essential networks, and regularly monitor traffic patterns. Share this article with your colleagues and ensure your website’s traffic is managed optimally to balance security and accessibility.