Answers common questions about ESA rules, including how to identify traffic from private CIDR blocks.
Identifying private CIDR blocks
Some ISPs in specific regions may assign private IP addresses to clients, causing ESA PoPs to receive requests from private IPs. Rules that use parameters such as country/region, province, or carrier cannot accurately identify these requests. To handle this, create an IP address list and a matching rule.
Step 1: Create an IP address list
-
Navigate to Global Settings > Lists. Click Create List, and add the following three private IP Address/CIDR Blocks:
-
Class A private IP addresses: 10.0.0.0/8
-
Class B private IP addresses: 172.16.0.0/12
-
Class C private IP addresses: 192.168.0.0/16
-
-
Verify your list matches the following figure, then click OK.
Step 2: Add a private CIDR rule
-
Create a custom rule. Go to WAF Custom Rules and click Create Rule. Configure the rule as shown below.
-
Click OK.
After you add this rule, requests from the specified private CIDR blocks are accurately identified.