No problem, it just seemed odd, for no apparent reason.

Alrighty then...

I thought this was going to be a fight about whether cloud ranges do, or do not, count as server farms.

Well Amazon has it's own thread. Google Cloud & Microsoft's Azure probably would also if enough bad behavior came from them. But AFAIK many static server farms have turned to dynamic cloud computing due to the recent drop in cost, the tech advancements of IP routing, fast connectivity and the evolving market for a VPS business model. Even my 3 shared hosting companies now offer cloud computing on VPS accounts. There's a possibility cloud may take over as the method of choice, especially if mobile continues on its current upward trend.

magsnet.net
202.5.128.0/19
202.5.128.0 - 202.5.159.255

New DigitalOcean range for me,

188.166.64.0/18
inetnum: 188.166.0.0 - 188.166.255.255
netname: EU-DIGITALOCEAN-20090605
created: 2014-11-17

from 188.166.84.7 with UA: sky nutch crawler/Nutch-1.9

@blend27- That's actually a /16, but thanks I didn't have it.

DigitalOcean
188.166.0.0/16
188.166.0.0 - 188.166.255.255

@keyplr where did you get 188.166.0.0/16 from?
@blend27 posted a valid range.

Below is the full Digital Ocean IPv4 list:

5.101.104.0/22
5.101.109.0/24
5.101.110.0/24
5.101.111.0/24
5.101.96.0/21
37.139.0.0/19
45.55.128.0/18
45.55.192.0/18
46.101.0.0/18
46.101.128.0/18
80.240.128.0/20
82.196.0.0/20
95.85.0.0/18
103.253.144.0/22
104.131.0.0/18
104.131.128.0/20
104.131.144.0/20
104.131.160.0/20
104.131.176.0/20
104.131.192.0/19
104.131.224.0/19
104.131.64.0/18
104.236.0.0/18
104.236.128.0/18
104.236.192.0/18
104.236.64.0/18
107.170.0.0/17
107.170.128.0/19
107.170.160.0/19
107.170.192.0/18
146.185.128.0/19
146.185.160.0/20
146.185.176.0/21
146.185.184.0/21
146.185.184.0/22
146.185.188.0/22
162.243.0.0/17
162.243.128.0/19
162.243.160.0/20
162.243.176.0/21
162.243.188.0/23
162.243.191.0/24
162.243.192.0/18
185.14.184.0/22
188.166.0.0/18
188.166.64.0/18
188.226.128.0/17
192.241.128.0/19
192.241.160.0/19
192.241.192.0/19
192.241.224.0/20
192.241.240.0/20
192.34.56.0/21
192.81.208.0/21
192.81.216.0/22
192.81.220.0/22
198.199.112.0/21
198.199.120.0/22
198.199.124.0/22
198.199.64.0/20
198.199.80.0/21
198.199.88.0/22
198.199.92.0/22
198.199.96.0/20
198.211.112.0/22
198.211.116.0/23
198.211.118.0/23
198.211.120.0/21
198.211.96.0/20
208.68.36.0/22

@keyplr where did you get 188.166.0.0/16?

I don't know what you're looking at, but digitalocean.com is /16

DigitalOcean
188.166.0.0/16
188.166.0.0 - 188.166.255.255

Use your tool to look-up 188.166.0.0

188.166.0.0/16 is in fact a valid range for Digital Ocean.

My source needs to update their database from RIPE more frequently!

5.101.104.0/22
5.101.109.0/24
5.101.110.0/24
5.101.111.0/24
5.101.96.0/21

Where's 5.101.108?

Quick detour to free lookup confirms that it's the expected 5.101.104.0/21, for a grand total of 5.101.96.0/20. Half is nominally Netherlands, the other half nominally US, but honestly who gives a ### ;)

I usually pad IPs with leading zero before sorting. Helps get things into the right order.

More mistakes in that mrtonyg DigitalOcean list... a few examples:

45.55.128.0/18 & 45.55.192.0/18 are actually:
45.55.0.0/16
45.55.0.0 - 45.55.255.255

And 46.101.0.0/18 & 46.101.128.0/18 are actually:
46.101.0.0/16
46.101.0.0 - 46.101.255.255

And 104.131.0.0/18 & 104.131.128.0/20 & 104.131.144.0/20 & 104.131.160.0/20 & 104.131.176.0/20 & 104.131.192.0/19 & 104.131.224.0/19 & 104.131.64.0/18 are actually:
104.131.0.0/16
104.131.0.0 - 104.131.255.255

And 107.170.0.0/17 & 107.170.128.0/19 & 107.170.160.0/19 & 107.170.192.0/18 are actually:
107.170.0.0/16
107.170.0.0 - 107.170.255.255

And 146.185.128.0/19 & 146.185.160.0/20 & 146.185.176.0/21 & 146.185.184.0/21 & 146.185.184.0/22 & 146.185.188.0/22 are actually:
146.185.128.0/18
146.185.128.0 - 146.185.191.255

And 162.243.0.0/17 & 162.243.128.0/19 & 162.243.160.0/20 & 162.243.176.0/21 & 162.243.188.0/23 & 162.243.191.0/24 & 162.243.192.0/18 are actually:
162.243.0.0/16
162.243.0.0 - 162.243.255.255

And a few more, but I'm on a mobile phone & posting is a PITA. Maybe someone else could finish this :)

Allowable time to edit post has past.

Drat!

More mistakes in that mrtonyg DigitalOcean list...

"mistakes" was a poor choice of wording. The ranges are valid, just not succinct. When you have an htaccess well over 100kb, every byte is important.

@keyplyr Here is the aggregated Digital Ocean list:

Edit: I have to look into why my script is not combining the 162.243.XX range.

5.101.96.0/21
5.101.104.0/22
5.101.109.0/24
5.101.110.0/23
37.139.0.0/19
45.55.128.0/17
46.101.0.0/18
46.101.128.0/18
80.240.128.0/20
82.196.0.0/20
95.85.0.0/18
103.253.144.0/22
104.131.0.0/16
104.236.0.0/16
107.170.0.0/16
146.185.128.0/18
162.243.0.0/17
162.243.128.0/19
162.243.160.0/20
162.243.176.0/21
162.243.188.0/23
162.243.191.0/24
162.243.192.0/18
185.14.184.0/22
188.166.0.0/16
188.226.128.0/17
192.34.56.0/21
192.81.208.0/20
192.241.128.0/17
198.199.64.0/18
198.211.96.0/19
208.68.36.0/22

188.166.64.0/18
inetnum: 188.166.0.0 - 188.166.255.255

Sorry about that. I can see where we got confused.

188.166.64.0/18 is inside 188.166.0.0/16.

NL|188.166.0.0|188.166.255.255|3164995584|3165061119|188.166.0.0/16
NL|188.166.64.0|188.166.127.255|3165011968|3165028351|188.166.64.0/18

I got the original data from [bgp.he.net...] . Will proof check in a future before posting ;)

I am not actually using / notation in my scripts. It's a DB look-up between doubles.

The 162.243.XX range is properly combined above.
A single contiguous range sometimes needs several CIDRs to represent it if it's awkwardly aligned with power-of-two boundaries.

I have to look into why my script is not combining the 162.243.XX range.

It's because 162.243.184-187 and .190 are missing.

@lucy24 I meant the consecutive lower ranges like these:
162.243.0.0/17
162.243.128.0/19
162.243.160.0/20

@trintragula you are right about how the CIDR range were split.

I meant the consecutive lower ranges like these:
162.243.0.0/17
162.243.128.0/19
162.243.160.0/20

There's nothing to combine. It would be different if, say, you had
162.243.0.0/18
and
162.243.64.0/18
and the script refused to express them as
162.243.0.0/17

Well you guys can continue to block all this: 162.243.0.0/17 & 162.243.128.0/19 & 162.243.160.0/20 & 162.243.176.0/21 & 162.243.188.0/23 & 162.243.191.0/24 & 62.243.192.0/18... ad infinitum

I like 162.243.0.0/16 :)

@lucy24 yes, like @trintragula stated it was due to how they were split up.

I was directing my response to your prior comment about the missing range.

I like 162.243.0.0/16

Well, that's the way I've had them labeled all along. Or rather, 162.243 at a savings of
:: counting on fingers ::
seven bytes.

Yup, however I like using the CIDR since I know the full range just by looking at the htaccess, otherwise I would need to check my notes (on another file) to verify the scope of the range in some cases. I'm on the road a lot and can connect remotely to my local machine from my phablet, but the less I have to do that the better.

I know the full range just by looking at the htaccess

What's to know or not know? If there are two figures in htaccess, it's a /16. If there are three, it's a /24. If one, it's 8 (haha).

Four, and it's an infected browser.

Five, and it's a movement.

I'm sure you'll figure it out

Above sent from Phablet, now I have an actual keyboard, so...

Not to give away my entire defense schema, but when I see a CIDR in my htaccess, I know it's a fully blocked range. If I have anything other than a CIDR, I know part of it is being used in a rewrite, either to poke a hole or some other action. Easy for me to recognize this way, especially when not at my desk. This works well for my site.

On client's site I do just leave off the remainder of range instead of using CIDR, since I will likely never look at it again :)

Q/
162.243 at a savings of seven bytes.
/Q

Am I being profligate by using 162.243.

I'm on FreeBSD, and if I don't use the final dot it seems to wreck what is intended.

A 100kb htaccess is serious obesity possibly compulsive?

Mine is currently 23kb, and I consider that flabby. :)

A 100kb htaccess is serious obesity possibly compulsive?

Mine is currently 23kb, and I consider that flabby. happy!

But you block 37./8 and 46./8 right? If WW did that, I wouldn't be able to post here some days.
_{(Though some of you might consider that a good thing...)}

Mine is currently 23kb, and I consider that flabby.

Mine's fatter than that. I have a shared htaccess in my userspace for mod_authwhatever and mod_setenvif directives, including all Deny from... lines. That one is currently 28K. Then the individual sites have specialized htaccess, mainly involving mod_rewrite, which can be up to 20K.

Currently I have a separate "Deny from" line for each A range. Sometimes two if there's an unusual lot of them. That's my compromise between size and usability. If you have a separate "Deny from" line for each separate IP, that by itself can make your htaccess twice as fat. (Eleven* bytes for "Deny from " plus line break, as opposed to one byte for " " alone.)

:: detour to check something ::

I don't suppose there's a "typical" size for a config file. But the boilerplate one that comes with MAMP is already about 20K. That's without any site-specific content such as access-control rules (except the block on files in .ht) or redirects.


* Twelve if you edit your htaccess in CRLF mode.