What is CIDR Blocking?
CIDR (Classless Inter-Domain Routing) lets you block ranges of IP addresses with a single rule:
- Single IP: 192.168.1.100
- Small range: 192.168.1.0/24 (256 IPs)
- Large range: 192.168.0.0/16 (65,536 IPs)
Instead of adding thousands of individual IPs, one CIDR rule handles them all.
Understanding CIDR Notation
Format
IP_ADDRESS/PREFIX_LENGTH
Common Prefix Lengths
| Prefix | IPs Covered | Use Case |
|---|---|---|
| /32 | 1 IP | Single address |
| /24 | 256 IPs | Small network |
| /16 | 65,536 IPs | Large network |
| /8 | 16.7M IPs | Huge range |
Examples
45.33.32.0/24- Blocks 45.33.32.0 through 45.33.32.255103.21.244.0/22- Blocks 1,024 IPs192.168.0.0/16- Blocks entire 192.168.x.x range
Implementation
Add CIDR Block
- Open SecurEcommerce
- Navigate to Blocking > IP Blocking
- Click “Add IP”
- Enter CIDR notation (e.g., 192.168.1.0/24)
- Add descriptive note
- Save
Finding Ranges to Block
From Attack Logs
- Identify attacking IPs
- Look up their network range
- Block the entire range
Using WHOIS
- Look up suspicious IP
- Find assigned netblock
- Convert to CIDR
From Threat Intelligence
- Security feeds provide ranges
- Known malicious networks
- Add as CIDR blocks
When to Use Range Blocking
Good Use Cases
- Entire networks attacking - Multiple IPs from same source
- Known bad ASNs - Hosting providers, data centers
- Corporate blocks - Entire company if abusing
- Geographic ranges - Supplement country blocking
Use Caution
- Large ranges may include innocent IPs
- ISPs serve many customers
- Verify range ownership first
Finding Network Information
WHOIS Lookup
Search for IP ownership:
- whois.domaintools.com
- who.is
- bgp.he.net
ASN to CIDR
Convert ASN to IP ranges:
- bgp.he.net/ASXXXXX
- Lists all prefixes announced
IP Range Calculator
Tools to calculate CIDR:
- ipaddressguide.com/cidr
- Calculate subnet masks
Best Practices
Document Everything
For each CIDR block, record:
- Why it was blocked
- When it was added
- Source of intelligence
- Review date
Start Narrow
- Begin with /24 ranges
- Expand only if needed
- Avoid overly broad blocks
Regular Review
- Monthly audit of CIDR blocks
- Remove outdated entries
- Verify still necessary
Examples of CIDR Blocking
Blocking an Attacker’s Network
Attack from 185.220.101.35:
- WHOIS lookup
- Find netblock: 185.220.101.0/24
- Add CIDR block
- Blocks future attacks from that network
Blocking a Hosting Provider Subnet
Bot traffic from DigitalOcean range:
- Identify specific subnet
- Add 104.236.0.0/16
- Blocks that DO range
Blocking a Country’s ISP
Fraud from specific ISP:
- Find ISP’s IP ranges
- Add multiple CIDR blocks
- More precise than country blocking
Combining with Other Rules
CIDR blocking works with:
- Individual IP blocks
- Country blocking
- ISP blocking
- VPN/Proxy blocking
Rules are evaluated together for comprehensive protection.