AWS WAF list

• Previous message (by thread): AWS WAF list
• Next message (by thread): AWS WAF list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is terrible advice, but you might need another netblock for the
eyeballs.  Possibly a small one with enterprise NAT, but something outside
the AWS list ranges...


-George

On Mon, Feb 19, 2024 at 7:35 PM Justin H. <justindh.ml at gmail.com> wrote:

> That matches my experience with these types of problems in the past.
> Especially when the end-users don't have a process for white-listing.
> We actually got a response from one WAF user to "connect to another
> network to log in, then you should be able to use the site, because it's
> just the login page that's protected".
>
> I am working with someone off-list, so I have hope this can be resolved
> without account gymnastics. :)
>
> Justin H.
>
> Owen DeLong wrote:
> > The whole situation with these WAF as a service setups is a nightmare
> for the affected (afflicted) parties.
> >
> > I saw this problem from both sides when I was at Akamai. It’s not great
> from the service provider side, but it’s an absolute shit show for anyone
> on the wrong side of a block. There’s no accountability or process for
> redress of errors whatsoever. The impacted party isn’t a customer of the
> WAF publisher, so they cant get any traction there. The WAF subscriber
> blindly applies the WAF and it’s virtually impossible to track down anyone
> there who even knows that they subscribe to such a thing, let alone get
> them to take useful action.
> >
> > Best of luck.  The only thing I saw that worked while I was at Akamai
> was a few entities subscribed to the WAF service and then complained about
> getting blocked from their own web sites. Since they were then Akamai WAF
> customers, they could get Akamai to take action.
> >
> > Crazy.
> >
> > Owen
> >
> >
> >> On Feb 16, 2024, at 09:19, Justin H. <justindh.ml at gmail.com> wrote:
> >>
> >> Justin H. wrote:
> >>> Hello,
> >>>
> >>> We found out recently that we are on the HostingProviderIPList (found
> here
> https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html)
> at AWS and it's affecting our customers' access to various websites.  We
> are a datacenter, and a hosting provider, but we have plenty of enterprise
> customers with eyeballs.
> >>>
> >>> We're finding it difficult to find a technical contact that we can
> reach since we're not an AWS customer.  Does anyone have a contact or
> advice on a solution?
> >> Sadly we're not getting any traction from standard AWS support, and end
> users of the WAF list like Reddit and Eventbrite are refusing to whitelist
> anyone.  Does anyone have any AWS contacts that might be able to assist?
> Our enterprise customers are becoming more and more impacted.
> >>
> >> Justin H.
>
>

-- 
-george william herbert
george.herbert at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20240220/038bbcd0/attachment.html>

• Previous message (by thread): AWS WAF list
• Next message (by thread): AWS WAF list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]