Unfortunately, the victim doesn’t chose the WAF list, the web site that is causing the victim grief chooses the WAF list.
Owen > On Feb 20, 2024, at 14:15, j...@joelesler.net wrote: > > There are other WAF lists available on AWS besides their native one. Ones > that have support. > >> On Feb 20, 2024, at 16:18, George Herbert <george.herb...@gmail.com> wrote: >> >> This is terrible advice, but you might need another netblock for the >> eyeballs. Possibly a small one with enterprise NAT, but something outside >> the AWS list ranges... >> >> >> -George >> >> On Mon, Feb 19, 2024 at 7:35 PM Justin H. <justindh...@gmail.com >> <mailto:justindh...@gmail.com>> wrote: >>> That matches my experience with these types of problems in the past. >>> Especially when the end-users don't have a process for white-listing. >>> We actually got a response from one WAF user to "connect to another >>> network to log in, then you should be able to use the site, because it's >>> just the login page that's protected". >>> >>> I am working with someone off-list, so I have hope this can be resolved >>> without account gymnastics. :) >>> >>> Justin H. >>> >>> Owen DeLong wrote: >>> > The whole situation with these WAF as a service setups is a nightmare for >>> > the affected (afflicted) parties. >>> > >>> > I saw this problem from both sides when I was at Akamai. It’s not great >>> > from the service provider side, but it’s an absolute shit show for anyone >>> > on the wrong side of a block. There’s no accountability or process for >>> > redress of errors whatsoever. The impacted party isn’t a customer of the >>> > WAF publisher, so they cant get any traction there. The WAF subscriber >>> > blindly applies the WAF and it’s virtually impossible to track down >>> > anyone there who even knows that they subscribe to such a thing, let >>> > alone get them to take useful action. >>> > >>> > Best of luck. The only thing I saw that worked while I was at Akamai was >>> > a few entities subscribed to the WAF service and then complained about >>> > getting blocked from their own web sites. Since they were then Akamai WAF >>> > customers, they could get Akamai to take action. >>> > >>> > Crazy. >>> > >>> > Owen >>> > >>> > >>> >> On Feb 16, 2024, at 09:19, Justin H. <justindh...@gmail.com >>> >> <mailto:justindh...@gmail.com>> wrote: >>> >> >>> >> Justin H. wrote: >>> >>> Hello, >>> >>> >>> >>> We found out recently that we are on the HostingProviderIPList (found >>> >>> here >>> >>> https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html) >>> >>> at AWS and it's affecting our customers' access to various websites. >>> >>> We are a datacenter, and a hosting provider, but we have plenty of >>> >>> enterprise customers with eyeballs. >>> >>> >>> >>> We're finding it difficult to find a technical contact that we can >>> >>> reach since we're not an AWS customer. Does anyone have a contact or >>> >>> advice on a solution? >>> >> Sadly we're not getting any traction from standard AWS support, and end >>> >> users of the WAF list like Reddit and Eventbrite are refusing to >>> >> whitelist anyone. Does anyone have any AWS contacts that might be able >>> >> to assist? Our enterprise customers are becoming more and more impacted. >>> >> >>> >> Justin H. >>> >> >> >> -- >> -george william herbert >> george.herb...@gmail.com <mailto:george.herb...@gmail.com>
