Hi,
On 18 May 2018, at 16:22, Justin Wilson <lists@mtin.net> wrote:
I have a client with a /24 that has somehow been blocked by folks using the Akamai WAF. This is the response we received back from Akamai when we contacted them.
On checking the machine logs for ups.com <http://ups.com/>, we found that there is WAF (web application firewall) configured by ups.com <http://ups.com/>, this has to be fixed from the site owners end.
This is happening with multiple sites, southwest.com is another. I find it odd multiple sites are doing this at the same time. If just one I would believe it was a manual configuration. It seems like something has triggered it. Can someone shed some light on how the WAF works?
As far as I know they have some kind of scoring in place for end users IPs so if there is a malicious IP inside the /24 (from Akamai’s WAF point of view) then the scoring can affect other WAFed services as well. BR, ic