Re: AWS WAF list

Mon, 19 Feb 2024 09:28:52 -0800

That matches my experience with these types of problems in the past.  Especially when the end-users don't have a process for white-listing.  We actually got a response from one WAF user to "connect to another network to log in, then you should be able to use the site, because it's just the login page that's protected".
I am working with someone off-list, so I have hope this can be resolved without account gymnastics. :) 

Justin H.

Owen DeLong wrote:

The whole situation with these WAF as a service setups is a nightmare for the 
affected (afflicted) parties.

I saw this problem from both sides when I was at Akamai. It’s not great from 
the service provider side, but it’s an absolute shit show for anyone on the 
wrong side of a block. There’s no accountability or process for redress of 
errors whatsoever. The impacted party isn’t a customer of the WAF publisher, so 
they cant get any traction there. The WAF subscriber blindly applies the WAF 
and it’s virtually impossible to track down anyone there who even knows that 
they subscribe to such a thing, let alone get them to take useful action.

Best of luck.  The only thing I saw that worked while I was at Akamai was a few 
entities subscribed to the WAF service and then complained about getting 
blocked from their own web sites. Since they were then Akamai WAF customers, 
they could get Akamai to take action.

Crazy.

Owen



On Feb 16, 2024, at 09:19, Justin H. <justindh...@gmail.com> wrote:

Justin H. wrote:

Hello,

We found out recently that we are on the HostingProviderIPList (found here 
https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html)
 at AWS and it's affecting our customers' access to various websites.  We are a 
datacenter, and a hosting provider, but we have plenty of enterprise customers 
with eyeballs.

We're finding it difficult to find a technical contact that we can reach since 
we're not an AWS customer.  Does anyone have a contact or advice on a solution?

Sadly we're not getting any traction from standard AWS support, and end users 
of the WAF list like Reddit and Eventbrite are refusing to whitelist anyone.  
Does anyone have any AWS contacts that might be able to assist?  Our enterprise 
customers are becoming more and more impacted.

Justin H.
























					Reply via email to