On Fri, 2021-06-04 at 18:08 -0500, Scott Mutter via mailop wrote: > On Fri, Jun 4, 2021 at 1:24 PM Michael Peddemors via mailop > <mailop@mailop.org> wrote: > > With apache, you can use modsecurity quite easily, and you can block all > > azure (and other cloud providers ranges) from certain services like > > wordpress, or contact forms etc.. (you can even do dns based checks or > > rbldnsd) .. > > > > > > > Are there any links for this? AFAIK mod_security is just a module - to > actually do anything it requires a ruleset. Further from that, how does it > determine what is Azure and what is not? Is it just blocking IP addresses? > Seems you'd need a list of all of the Azure IP address space. And from what > I have seen the offending IPs are all over the place: > > 157.55.39.138 > 207.46.13.5 > 20.83.33.136 > 20.94.247.9 > 40.124.141.27 > 40.124.141.27 > 40.124.193.244 > 40.76.220.206 > > Are just a few. > > But if there's a way to block Azure and other cloud based services, I'd be > interested in that. But I'd suspect you'd need a list of all of their IP > address spaces - is that information available some where?
These should give everything routed to AS8075 (Microsoft) as of yesterday. It's a good start. V4URL=`curl -s https://publicdata.caida.org/datasets/routing/routeviews-prefix2as/pfx2as-creation.log -o - | tail --lines=1 | awk '{print "https://publicdata.caida.org/datasets/routing/routeviews-prefix2as/"$3}'` ; curl -s "${V4URL}" -o - | zegrep "\s8075$" | awk '{print $1"/"$2}' V6URL=`curl -s https://publicdata.caida.org/datasets/routing/routeviews6-prefix2as/pfx2as-creation.log -o - | tail --lines=1 | awk '{print "https://publicdata.caida.org/datasets/routing/routeviews6-prefix2as/"$3}'` ; curl -s "${V6URL}" -o - | zegrep "\s8075$" | awk '{print $1"/"$2}'
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
