AWS Web Application Firewall blocks ISP ranges?

[Jonathan Kalbfeld via NANOG <nanog () nanog org>]

Hi All,

I just became aware that AWS has a list of hosting IP providers and that list is blocked by their WAF? (!?!?).  None of 
my VM or colo customers can reach anything in AWS, such as Docker, Twilio, etc.  I confirmed through source routing 
that when I access it using one of my peering partners as a source IP it is reachable, but using one of my net blocks, 
it is not reachable and times out.  Checked all of my routing tables and those AWS blocks are definitely visible.  Also 
confirmed from looking glass that my IP ranges are showing up.

Has anyone else encountered that? If so, is there a way to get removed from that list? I have a very curated list of 
clients and I know all of them personally and none of them have been abusing AWS, so I was wondering if it was some 
kind of blanket ban?

If you're internal to AWS, my ASN is 54380, IP ranges affected are 199.33.244.0/24, 199.79.202.0/24, 199.188.96.0/22, 
45.59.144.0/22 and 206.197.110.0/24

Feel free to reach out off-list.

Thanks,

Jonathan Kalbfeld

Jonathan Kalbfeld

office: +1 310 317 7933 <tel:%28310%29%20317-7933>
fax:    +1 310 317 7901 <tel:%28310%29%20317-7901>
home:   +1 310 317 7909 <tel:%28310%29%20317-7909>
mobile: +1 310 227 1662 <tel:%28310%29%20227-1662>

ThoughtWave Technologies, Inc.
Studio City, CA 91604
https://thoughtwave.com <https://thoughtwave.com/>

View our network at 
https://bgp.he.net/AS54380 <https://bgp.he.net/AS54380>

+1 844 42-LINUX