Cool! 😎 So I can now block ASN(s) 🤣 (And I bet no-one noticed anything)

@bender@twtxt.net AS Number:

An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, that presents a common and clearly defined routing policy to the Internet.[1] Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing. Autonomous System Numbers are assigned to Local Internet Registries (LIRs) and end-user organizations by their respective Regional Internet Registries (RIRs), which in turn receive blocks of ASNs for reassignment from the Internet Assigned Numbers Authority (IANA). The IANA also maintains a registry of ASNs which are reserved for private use (and should therefore not be announced to the global Internet).

@bender@twtxt.net Yes they are rather large 🤣 Here you go:

proxy-1:~# cat /etc/caddy/waf/bad_asns.txt
# CHINANET-BACKBONE No.31,Jin-rong Street, CN
# Why: DDoS
4134

# CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
# Why: DDoS
4837

# CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN
# Why: DDoS
9808

# FACEBOOK, US
# Why: Bad Bots
32934
proxy-1:~#

Ahh fuck! Sorry I was fixing a rule 🤣 This is much better!

proxy-1:~# grep -c 'Bad ASN' /var/log/caddy/caddy.log
2441

This is how I build my caddy:

proxy-1:~# cat build.caddy.sh
#!/bin/sh

xcaddy build \
	--with github.com/caddy-dns/cloudflare \
	--with github.com/caddyserver/cache-handler \
	--with git.mills.io/prologic/caddy-ratelimit \
	--with git.mills.io/prologic/caddy-waf
proxy-1:~#

I’ll try to add a README for caddy-waf soon™ (going back to bed now) at least document the customizations I’ve made to this WAF (which I forked from caddy-coraza)

Notably the custom operator @lookupASN

Note for reference I was trying to write and fix this rule (fixed version below):

# Ignore Content-Type restrictions for Git
SecRule REQUEST_HEADERS:Host "@streq git.mills.io" "id:101,phase:1,t:none,nolog,ctl:ruleRemoveById=920420"

@prologic@twtxt.net i would be very interested in this as a caddy user who needs a WAF probably lol