This article presents how to block IP addresses based on Proxy using an Enhanced Dynamic Zone. Enhanced Dynamic Zones are used to define the IP service categories, locations, and Autonomous System Numbers (ASNs) that are blocked or allowed in a zone. IP service categories include proxies, VPNs, and anonymizers.

• Dynamic zones
• Enhanced Dynamic Zone

Create Enhanced Dynamic Zone:

1. In the Admin Console, go to Security > Networks.
2. Select Add zone > Enhanced Dynamic Zone.  

3. Enter a Zone name.

4. Select Block access from IPs matching conditions to block the IP service category, locations, and ASNs in the zone.

5. Select Include the following IP service categories and enter ALL_PROXIES_VPNS to block all Proxies and VPNs.

Alternatively, select All IP service categories except and enter WARP_VPN to only allow access from WARP_VPN and block access from all other connections, for example.

6. Select a Location option:

   • Include locations: The locations selected in the next step are included in the zone.

   • All locations except: The locations selected in the next step are excluded from the zone. All other locations are included.

7. In the Location field, enter the country, state, or region, if applicable.

8. Click Add Another to add more locations.   

9. In the ISP autonomous system numbers (ASNs) field, enter the ASNs that must be included in the zone.

NOTE: For mobile carriers, using ASN is more reliable than IP-based geolocation. 

10. Click Save.

11. Set the network zone to Active.

Related References

• Enhanced dynamic zones
• Supported IP service categories
• Block IP Addresses Based on IP Type Using a Dynamic Network Zone
• iCloud Private Relay Authentication is Blocked by Dynamic Network Zone