What Is ISP/ASN Blocking?
Every IP address belongs to an Autonomous System (AS), identified by an ASN (Autonomous System Number). This identifies the network operator - the ISP, hosting company, or organization that owns those IPs.
Blocking by ISP/ASN lets you block all traffic from:
- Specific hosting providers
- Data center operators
- Cloud services
- Internet service providers
- Mobile carriers
Why Block by ISP?
Hosting Provider Traffic
Most legitimate shoppers use residential ISPs. Traffic from hosting providers often indicates:
- Bot activity
- Scraping operations
- Automated attacks
- VPN/proxy services
Known Problem Networks
Some networks have reputations for:
- Hosting fraudulent operations
- Lax abuse policies
- High bot traffic
- Scraping infrastructure
Data Center Traffic
Unless you have B2B customers, data center traffic is often suspicious. Real shoppers don’t browse from AWS or Google Cloud.
Common ISPs to Consider Blocking
Hosting Providers
- DigitalOcean
- Linode
- OVH
- Hetzner
- Vultr
Cloud Providers
- Amazon Web Services (AWS)
- Google Cloud Platform
- Microsoft Azure
- Oracle Cloud
VPN Infrastructure Hosts
- Various smaller hosting companies that primarily serve VPN providers
Note: Blocking major cloud providers may impact legitimate services. Review carefully before blocking.
Setting Up ISP Blocking
Finding ASN Information
When you identify a problematic IP:
- Look up the ASN for that IP
- Research the organization
- Decide if the entire network should be blocked
Adding ISP Blocks
In SecurEcommerce:
- Navigate to blocking settings
- Add the ISP/ASN to your blocklist
- Optionally specify a custom message
Considerations Before Blocking
Legitimate Business Users
Some B2B customers access from:
- Corporate data centers
- Cloud-hosted offices
- Managed service providers
Blocking cloud providers might block real customers.
Third-Party Services
Services you use might access your store:
- Inventory sync tools
- Analytics services
- SEO monitoring
- Payment verification
Blocking their hosting provider breaks these integrations.
Overly Broad Impact
Major ISPs serve millions of users. Blocking Comcast or AT&T would block huge portions of your US customer base.
Recommended Approach
Safe to Block
- Small hosting providers primarily serving VPNs/proxies
- Data centers with no legitimate reason to access your store
- Networks you’ve confirmed are sources of attacks
Block with Caution
- Major cloud providers (may impact services)
- Large hosting companies (some legitimate users)
Generally Don’t Block
- Major residential ISPs (your customers)
- Mobile carriers (mobile shoppers)
- Business ISPs (B2B customers)
Combining ISP Blocking with Other Methods
ISP blocking is most effective when layered:
- VPN/Proxy detection catches anonymized traffic
- ISP blocking catches data center traffic VPN detection might miss
- Country blocking restricts geographic access
- IP blocking targets specific known bad actors
Monitoring ISP Blocks
After enabling ISP blocking:
- Review blocked traffic patterns
- Check for customer complaints
- Verify integrations still work
- Adjust blocks based on results
When ISP Blocking Makes Sense
Good fit:
- You’ve traced attacks to specific hosting providers
- You have no B2B customers in data centers
- You want to block all non-residential traffic
- You’ve confirmed VPN infrastructure on specific networks
Poor fit:
- You serve business customers
- You rely on cloud-based third-party services
- You haven’t identified specific problematic networks
- You’re blocking speculatively
Data Center vs Residential Traffic
A key metric: What percentage of your traffic comes from data centers vs residential IPs?
- High data center traffic with low conversion = likely bots, consider blocking
- High data center traffic with normal conversion = likely legitimate (review why)
- Low data center traffic = ISP blocking will have minimal impact either way