Surely multiple Cloudflare customers aren’t blocking whole ASNs, right? Or can an entire ASN end up on a RBL because of a few bad actors?
Yes, and yes. Plenty of CF customers will block entire ASNs because of a small volume of bot traffic. In fact, "just block the ASN" is a common piece of advice given to people in CF's community forums. This of course is rarely the CORRECT answer for their problem, and they often don't understand the ramifications of what they're doing, but yes this happens all the time. On Mon, Aug 11, 2025 at 3:52 PM Miller, Jon via NANOG <nanog@lists.nanog.org> wrote:
We are seeing Cloudflare “you have been blocked” messages from three different IP ranges but all on the Cogent ASN. Surely multiple Cloudflare customers aren’t blocking whole ASNs, right? Or can an entire ASN end up on a RBL because of a few bad actors?
Jon Miller | Chief Information Officer Bose McKinney & Evans LLP
From: David Hubbard <dhubbard@dino.hostasaurus.com> Sent: Monday, August 11, 2025 2:49 PM To: North American Network Operators Group <nanog@lists.nanog.org> Cc: Miller, Jon <JMiller@boselaw.com> Subject: Re: Cloudflare blocking Cogent again
Are you sure it’s not the Cloudflare customers choosing to block the Cogent ASN? i.e. are you seeing a CF blocking message rather than just a transit failure?
Reason I ask is because we see a reasonable number of bot attacks sourced from AS174 end customers, so I could see sites like the ones you mentioned choosing to block rather than challenge. Cloudflare’s challenges seem to be getting bypassed by bots more and more lately, and their support doesn’t seem to care, so some users may resort to blocking.
From: Miller, Jon via NANOG <nanog@lists.nanog.org> Date: Monday, August 11, 2025 at 2:01 PM To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: Miller, Jon <JMiller@boselaw.com> Subject: Cloudflare blocking Cogent again We are seeing multiple Cloudflare sites blocked on our Cogent circuits. Three Cogent circuits from two clients in two states are blocked. I opened a ticket with Cogent, but the last time this happened, they just shrugged and said "not our fault." Are any other Cogent customers seeing this? Any advice on how to resolve? Here are the sites we see blocked by Cloudflare.
https://www.americanbar.org/<https://www.americanbar.org/> https://www.ballys.com/<https://www.ballys.com/> https://investor.fanatics.com/investor-relations/default.aspx<; https://investor.fanatics.com/investor-relations/default.aspx>
Jon Miller Bose McKinney & Evans LLP
This message and any attachments may contain legally privileged or confidential information, and are intended only for the individual or entity identified above as the addressee.
If you are not the addressee, or if this message has been addressed to you in error, you are not authorized to read, copy, or distribute this message and any attachments, and we ask that you please delete this message and attachments (including all copies) and notify the sender. Delivery of this message and any attachments to any person other than the intended recipient(s) is not intended in any way to waive confidentiality or a privilege.
All personal messages express views only of the individual sender, and may not be copied or distributed without this statement.
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRG... < https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/X5VL4CRG...
_______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/FURY3KOZ...