Seems like they need a mechanism for stuff like this and not just pushing it off to their clients whose first line support systems aren't geared towards dealing with this kind of stuff. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Michel 'ic' Luczak" <lists@benappy.com> To: "Justin Wilson" <lists@mtin.net> Cc: "NANOG" <nanog@nanog.org> Sent: Friday, May 18, 2018 9:43:26 AM Subject: Re: Akamai WAF Hi,
On 18 May 2018, at 16:22, Justin Wilson <lists@mtin.net> wrote:
I have a client with a /24 that has somehow been blocked by folks using the Akamai WAF. This is the response we received back from Akamai when we contacted them.
On checking the machine logs for ups.com <http://ups.com/>, we found that there is WAF (web application firewall) configured by ups.com <http://ups.com/>, this has to be fixed from the site owners end.
This is happening with multiple sites, southwest.com is another. I find it odd multiple sites are doing this at the same time. If just one I would believe it was a manual configuration. It seems like something has triggered it. Can someone shed some light on how the WAF works?
As far as I know they have some kind of scoring in place for end users IPs so if there is a malicious IP inside the /24 (from Akamai’s WAF point of view) then the scoring can affect other WAFed services as well. BR, ic