Banned by Akamai (or some websites hosted with Akamai)
Hi, I got some complaints from customers and found out that all IP addresses announced in one of our ASN are banned by Akamai or some websites hosted with Akamai. I've tried to contact one of the website owners but didn't get any response. Could someone from Akamai contact me off-list? Regards, Siyuan Miao
Akamai will _NOT_ be helpful in this situation. They will tell you that it is their customers who set the policy for their “Web Application Firewall”. In reality, Akamai’s customers set certain things on “autopilot” where Akamai maintains a reputation database for various IP addresses and triggers actions set by their customers without their customers direct knowledge or intervention. Akamai’s process for dealing with this (or rather their refusal to create a process for dealing with it) is a horrible disservice to the internet and to their customers. I tried to push for changes to this process while I was there and had no significant success. I’ve also been the victim of these practices after I was laid off by Akamai (along with about 7% of their employees last year). Because of a variety of issues I’m not at liberty to elaborate, it isn’t an easy problem for Akamai to solve, but as a company that prides itself on tackling and solving difficult problems, they’ve certainly fallen short here. Owen
On Mar 27, 2019, at 08:46 , Siyuan Miao <aveline@misaka.io> wrote:
Hi,
I got some complaints from customers and found out that all IP addresses announced in one of our ASN are banned by Akamai or some websites hosted with Akamai.
I've tried to contact one of the website owners but didn't get any response.
Could someone from Akamai contact me off-list?
Regards, Siyuan Miao
All companies have unique challenges in trying to mitigate abuse and serve customers well. Miao I’ll collect details from you in private to see if there is something that can be done. Sent from my iCar
On Mar 27, 2019, at 4:56 PM, Owen DeLong <owen@delong.com> wrote:
Akamai will _NOT_ be helpful in this situation.
They will tell you that it is their customers who set the policy for their “Web Application Firewall”.
In reality, Akamai’s customers set certain things on “autopilot” where Akamai maintains a reputation database for various IP addresses and triggers actions set by their customers without their customers direct knowledge or intervention.
Akamai’s process for dealing with this (or rather their refusal to create a process for dealing with it) is a horrible disservice to the internet and to their customers.
I tried to push for changes to this process while I was there and had no significant success.
I’ve also been the victim of these practices after I was laid off by Akamai (along with about 7% of their employees last year).
Because of a variety of issues I’m not at liberty to elaborate, it isn’t an easy problem for Akamai to solve, but as a company that prides itself on tackling and solving difficult problems, they’ve certainly fallen short here.
Owen
On Mar 27, 2019, at 08:46 , Siyuan Miao <aveline@misaka.io> wrote:
Hi,
I got some complaints from customers and found out that all IP addresses announced in one of our ASN are banned by Akamai or some websites hosted with Akamai.
I've tried to contact one of the website owners but didn't get any response.
Could someone from Akamai contact me off-list?
Regards, Siyuan Miao
Hopefully Jared can fix it. Owen's description matches up very well with my experiences in trying to fix similar problems at Akamai. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Jared Mauch" <jared@puck.nether.net> To: "Owen DeLong" <owen@delong.com> Cc: nanog@nanog.org Sent: Wednesday, March 27, 2019 12:25:32 PM Subject: Re: Banned by Akamai (or some websites hosted with Akamai) All companies have unique challenges in trying to mitigate abuse and serve customers well. Miao I’ll collect details from you in private to see if there is something that can be done. Sent from my iCar
On Mar 27, 2019, at 4:56 PM, Owen DeLong <owen@delong.com> wrote:
Akamai will _NOT_ be helpful in this situation.
They will tell you that it is their customers who set the policy for their “Web Application Firewall”.
In reality, Akamai’s customers set certain things on “autopilot” where Akamai maintains a reputation database for various IP addresses and triggers actions set by their customers without their customers direct knowledge or intervention.
Akamai’s process for dealing with this (or rather their refusal to create a process for dealing with it) is a horrible disservice to the internet and to their customers.
I tried to push for changes to this process while I was there and had no significant success.
I’ve also been the victim of these practices after I was laid off by Akamai (along with about 7% of their employees last year).
Because of a variety of issues I’m not at liberty to elaborate, it isn’t an easy problem for Akamai to solve, but as a company that prides itself on tackling and solving difficult problems, they’ve certainly fallen short here.
Owen
On Mar 27, 2019, at 08:46 , Siyuan Miao <aveline@misaka.io> wrote:
Hi,
I got some complaints from customers and found out that all IP addresses announced in one of our ASN are banned by Akamai or some websites hosted with Akamai.
I've tried to contact one of the website owners but didn't get any response.
Could someone from Akamai contact me off-list?
Regards, Siyuan Miao
On Thu, Mar 28, 2019 at 06:17:25AM -0500, Mike Hammett wrote:
Hopefully Jared can fix it. Owen's description matches up very well with my experiences in trying to fix similar problems at Akamai.
Don't worry, I can't access my car owners insurance website from the country i'm in as well due to a similar WAF config on another CDN. I've replied to both people that posted to the list with some further details. Don't hesitate to reach out if you're not getting a response or have questions about your experiences with akamai. We are here and will do our best to fix things, but also similar to my car insurance folks who don't want me to have access from this country, keep in mind our customers may also have configured policy to block certain clients or behaviors. I can reach out to the account teams to have them confirm with customer the config is right if it seems odd. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
I think it's a general problem with a lot of these application firewall companies these days. There's been a long time I couldn't access both staples.com and officedepot.com, and officedepot.com is still broken for me to this day. (Ironically, they're both using the same CDN — so much for the competition and differentiation.) I'm obviously a valid user, just as many others who get access denied, but I'm pretty sure that all of these access attempts by customers who are misclassified as bots and denied access are subsequently aggregated by these CDNs back to their clients as bad bots, which — luckily! — have been blocked to prevent $badThings from happening, $giveUsMoreMoneyToProtectYouFromYourOwnCustomers. Talking with these vendors at their booths at trade shows reveals that the incentives and selling points in the application firewall business are just wrong — they each boast about blocking more "bots" than their competition, completely dismissing the fact that many of these "bots" are actual paying customers that get denied access. Cheers, Constantine. P.S. Below is the page I currently get when visiting officedepot.com — so much for taking care of business!
OfficeDepot.com - Taking Care Of Business. Office Supplies, Furniture,
Technology & More!
We're Sorry. We are unable to process your last request.
Rest assured we are working diligently to resolve this issue. If you would like to place an order by phone or speak with one of our Customer Service representatives please contact us:
Call 1-800-GO-DEPOT Reference Number: 18.34b51002.1553708764.397327
Copyright © 2012 by Office Depot, Inc. All rights reserved.
On Wed, 27 Mar 2019 at 10:57, Owen DeLong <owen@delong.com> wrote:
Akamai will _NOT_ be helpful in this situation.
They will tell you that it is their customers who set the policy for their “Web Application Firewall”.
In reality, Akamai’s customers set certain things on “autopilot” where Akamai maintains a reputation database for various IP addresses and triggers actions set by their customers without their customers direct knowledge or intervention.
Akamai’s process for dealing with this (or rather their refusal to create a process for dealing with it) is a horrible disservice to the internet and to their customers.
I tried to push for changes to this process while I was there and had no significant success.
I’ve also been the victim of these practices after I was laid off by Akamai (along with about 7% of their employees last year).
Because of a variety of issues I’m not at liberty to elaborate, it isn’t an easy problem for Akamai to solve, but as a company that prides itself on tackling and solving difficult problems, they’ve certainly fallen short here.
Owen
On Mar 27, 2019, at 08:46 , Siyuan Miao <aveline@misaka.io> wrote:
Hi,
I got some complaints from customers and found out that all IP addresses announced in one of our ASN are banned by Akamai or some websites hosted with Akamai.
I've tried to contact one of the website owners but didn't get any response.
Could someone from Akamai contact me off-list?
Regards, Siyuan Miao
On Wed, Mar 27, 2019 at 11:46:21PM +0800, Siyuan Miao wrote:
Hi,
I got some complaints from customers and found out that all IP addresses announced in one of our ASN are banned by Akamai or some websites hosted with Akamai.
I've tried to contact one of the website owners but didn't get any response.
FYI: you can look things up here if you think something is blocking you: https://www.akamai.com/us/en/clientrep-lookup/?language=en_US - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
https://www.akamai.com/us/en/clientrep-lookup/?language=en_US
Well, isn't that just jammed up with malicious third-party javascript ... --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
participants (6)
-
Constantine A. Murenin
-
Jared Mauch
-
Keith Medcalf
-
Mike Hammett
-
Owen DeLong
-
Siyuan Miao