Re: AWS WAF list

[joel () joelesler net]

There are other WAF lists available on AWS besides their native one.  Ones that have support.

> On Feb 20, 2024, at 16:18, George Herbert <george.herbert () gmail com> wrote:
>
> This is terrible advice, but you might need another netblock for the eyeballs.  Possibly a small one with enterprise 
> NAT, but something outside the AWS list ranges...
>
>
> -George
>
> On Mon, Feb 19, 2024 at 7:35 PM Justin H. <justindh.ml () gmail com <mailto:justindh.ml () gmail com>> wrote:
> > That matches my experience with these types of problems in the past.  
> > Especially when the end-users don't have a process for white-listing.  
> > We actually got a response from one WAF user to "connect to another 
> > network to log in, then you should be able to use the site, because it's 
> > just the login page that's protected".
> >
> > I am working with someone off-list, so I have hope this can be resolved 
> > without account gymnastics. :)
> >
> > Justin H.
> >
> > Owen DeLong wrote:
> > > The whole situation with these WAF as a service setups is a nightmare for the affected (afflicted) parties.
> > >
> > > I saw this problem from both sides when I was at Akamai. It’s not great from the service provider side, but it’s 
> > > an absolute shit show for anyone on the wrong side of a block. There’s no accountability or process for redress of 
> > > errors whatsoever. The impacted party isn’t a customer of the WAF publisher, so they cant get any traction there. 
> > > The WAF subscriber blindly applies the WAF and it’s virtually impossible to track down anyone there who even knows 
> > > that they subscribe to such a thing, let alone get them to take useful action.
> > >
> > > Best of luck.  The only thing I saw that worked while I was at Akamai was a few entities subscribed to the WAF 
> > > service and then complained about getting blocked from their own web sites. Since they were then Akamai WAF 
> > > customers, they could get Akamai to take action.
> > >
> > > Crazy.
> > >
> > > Owen
> > >
> > >
> > > > On Feb 16, 2024, at 09:19, Justin H. <justindh.ml () gmail com <mailto:justindh.ml () gmail com>> wrote:
> > > >
> > > > Justin H. wrote:
> > > > > Hello,
> > > > >
> > > > > We found out recently that we are on the HostingProviderIPList (found here 
> > > > > https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html) at AWS and it's 
> > > > > affecting our customers' access to various websites.  We are a datacenter, and a hosting provider, but we have 
> > > > > plenty of enterprise customers with eyeballs.
> > > > >
> > > > > We're finding it difficult to find a technical contact that we can reach since we're not an AWS customer.  Does 
> > > > > anyone have a contact or advice on a solution?
> > > > Sadly we're not getting any traction from standard AWS support, and end users of the WAF list like Reddit and 
> > > > Eventbrite are refusing to whitelist anyone.  Does anyone have any AWS contacts that might be able to assist?  
> > > > Our enterprise customers are becoming more and more impacted.
> > > >
> > > > Justin H.
>
>
> --
> -george william herbert
> george.herbert () gmail com <mailto:george.herbert () gmail com>