We have a requirement to whitelist the range of IP addresses from WAF) below:
199.83.128.0/21
198.143.32.0/19
149.126.72.0/21
103.28.248.0/22
45.64.64.0/22
185.11.124.0/22
192.230.64.0/18
More detail:
And I'm using .net ipSecurity section. But haven't found any example of how to add the above ip addresess without having to add ALL ip addresses.
e.g.
<ipSecurity allowUnlisted="false">
<!-- this line blocks everybody, except those listed below -->
<clear/>
<add ipAddress="xx.xx.xx.xx" allowed="true"/>
</ipSecurity>
I'm newbie on subnet mask.
Is there an elegant way to implement this?
In 199.83.128.0/21, 21 is the CIDR format of the subnet mask. You can use a conversion table to convert the CIDR format to an IP address.
Then set your IPSecurity to deny all except the specified IP addresses. I.e.:
<security>
<ipSecurity allowUnlisted="false">
<add allowed="true" ipAddress="199.83.128.0" subnetMask="255.255.255.240"/>
[add additional ip addresses here]
</ipSecurity>
</security>