Seems like they need a mechanism for stuff like this and not just pushing it off to their clients whose first line support systems aren't geared towards dealing with this kind of stuff.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Michel 'ic' Luczak" <li...@benappy.com> To: "Justin Wilson" <li...@mtin.net> Cc: "NANOG" <nanog@nanog.org> Sent: Friday, May 18, 2018 9:43:26 AM Subject: Re: Akamai WAF Hi, > On 18 May 2018, at 16:22, Justin Wilson <li...@mtin.net> wrote: > > I have a client with a /24 that has somehow been blocked by folks using the > Akamai WAF. This is the response we received back from Akamai when we > contacted them. > >> On checking the machine logs for ups.com <http://ups.com/>, we found that >> there is WAF (web application firewall) configured by ups.com >> <http://ups.com/>, this has to be fixed from the site owners end. > > This is happening with multiple sites, southwest.com is another. I find it > odd multiple sites are doing this at the same time. If just one I would > believe it was a manual configuration. It seems like something has triggered > it. Can someone shed some light on how the WAF works? As far as I know they have some kind of scoring in place for end users IPs so if there is a malicious IP inside the /24 (from Akamai’s WAF point of view) then the scoring can affect other WAFed services as well. BR, ic
