ip-index
ip-index copied to clipboard
Apple Private Relay third party ASNs are in asns_dcs.csv
A word of caution when using asns_dcs.csv to check if an IP's ASN seen from an Apple device is in the list and so it should be blocked or handled specifically as datacenter originated traffic.
The Apple users who enabled the Icloud+ Private Relay feature will have, from your listening web server POV, an IP in some Cloudflare, Akamai, Fastfly ranges. E.g. you can see that often the ASN of an Iphone with Private Relay enabled is 13335, i.e. Cloudflare, which is (13335), as it should be, here in asns_dcs.csv.
So, the correct way to handle that is, in case of Apple UA, to always check for the "asOrganization" (or equivalent, I'm talking here Cloudflare workers cf object jargon, with ip2location the key/name is, if IPV4, "Provider") of this specific IP: if the remote client is an Apple Private Relay enabled device/software you will get, as asOrganization/Provider/whatever, "iCloud Private Relay", and this means that the hit is from a real user, not from a datacenter / hosting server.
I still dont know what would happen (and if this is possible) if an Apple user has both the Private Relay feature enabled and a VPN or similar set in browser/device, but I think and hope that this would be a corner case.